This page has been robot translated, sorry for typos if any. Original content here.

Win32.Sector (WIN32.Sality)



Win32.Sector (WIN32.Sality) - Dateivirus, infiziert Exe-Kurznamen des Systemdienstes, Autorun und Programme, die der Benutzer häufig verwendet.


Symptome von Win32.Sector (WIN32.Sality)
1. Der Task Manager taskmgr.exe und der Registrierungseditor regedit
( Wenn Sie versuchen, es zu starten, wird im Fenster angezeigt, dass der Pier vom Sysadmin blockiert ist. )
2. der Virus generiert rasenden Datenverkehr ( Pakete werden ständig mit dem Netzwerk ausgetauscht )
3. ( ! ) Beim Versuch, die Netzwerkverbindung programmatisch zu deaktivieren, startet das System / bluscreen neu
4. ( ! ) Beim Versuch, im "abgesicherten Modus" zu starten - Bluscreen
5. Alle Software außer Antivirensoftware funktioniert einwandfrei.
6. ( ! ) Wenn Sie versuchen, ein Antivirenprogramm zu starten, werden diese sofort geschlossen
7. Der Zugriff auf Websites von Antivirenunternehmen ist gesperrt
8. Wenn dies der 28682-Sektor ist, dann fliegen beim Start des Systems alle Gerätetreiber ( im Device Dispatcher gegenüber der Hardware das gelbe Ausrufezeichen: "Der Treiber ist tot und kann nicht in den RAM geladen werden ..."; folglich auch nicht Netzwerk, kein USB, Auflösung 800x600, 8 Bit )


Win32.Sector-Behandlungswerkzeuge (WIN32.Sality)

- WinPE auf CD / USB ( alle Dateien müssen unter einem anderen System überprüft werden )
- Dr.Web CureIt immer mit aktuellen (gelesen: frischen ) Datenbanken
- Trojan Remover ( zuerst behandeln wir infizierte Arbeiter mit dem Web, dann beenden wir mit einem Remover )
- AVZ oder Reg-Dateien ( notwendig, um Blockierungsrichtlinien zu entfernen )
- Installationsdiskette mit Betriebssystemverteilung (Sie müssen die Systemdateien auf Integrität prüfen )


Win32.Sector-Behandlungsanweisungen (WIN32.Sality)
1. Das Netzkabel muss so bald wie möglich aus dem Computer gezogen werden
( Wenn Sie versuchen, das Netzwerk programmatisch über "Netzwerkverbindungen" zu trennen, wird das Betriebssystem vom Virus neu gestartet. )

2. Installieren Sie Unlocker und Process Explorer, starten Sie Process Explorer und geben Sie 5-7 Processors cmd ein

3. Erteilen Sie den aktuellen Benutzern Zugriff auf die Ordner SystemVolumeInformation, entsperren Sie sie mit Unlocker und speichern Sie sie

4. Benutzertempo säubern ( Start -> Ausführen ->% temp% [Enter] )

5. Bereinigen Sie den Ordner mit den temporären IE-Dateien ( C: \ Dokumente und Einstellungen \ rechnungsname \ Lokale Einstellungen \ Temporäre Internetdateien ).

6. neu starten, von WinPE liveSD booten und CureIT ausführen
(Die vollständige Überprüfung aller Dateien ist erforderlich. Die meisten davon sind Startdateien. Antivirenprogramme werden heilen.)

7. nach der Behandlung - wir laden im normalen Modus ( sicher bis jetzt durch die "linken" Schlüssel in der Registrierung blockiert ) und werden vom Trojan Remover überprüft

8. Wir überprüfen Windows-Dateien auf Integrität ( Start -> Ausführen -> Sfc / Scannow ).
* unvergesslich, CD-CD mit Verteiler zu füttern

9. Danach starten wir das System neu und säubern die Registrierung ( CCleaner / RegOrganizer / head + regedit ).

10. Verwenden Sie Registry-Anpassungen, um die "Nebenwirkungen" des Virus zu beseitigen:

restore_taskmgr.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 0


restore_regedit.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableRegistryTools" = Dword: 0


restore_hidden.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden]
"Text" = "@ shell32.dll, -30499"
"Typ" = "Gruppe"
"Bitmap" = Hex (2): 25.00.53.00.79.00.73.00.74.00.65.00.6d, 00.52.00.6f, 00.6f, 00.74 , \
00.25.00.5c, 00.73.00.79.00.73.00.74.00.65.00.6d, 00.33.00.32.00.5c, 00.53.00, \
48.00.45.00.4c, 00.4c, 00.33.00.32.00.2e, 00.64.00.6c, 00.6c, 00.2c, 00.34.00.00, \
00
"HelpID" = "shell.hlp # 51131"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ NOHIDDEN]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced"
"Text" = "@ shell32.dll, -30501"
"Typ" = "Radio"
"CheckedValue" = dword: 00000002
"ValueName" = "Versteckt"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51104"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced"
"Text" = "@ shell32.dll, -30500"
"Typ" = "Radio"
"CheckedValue" = dword: 00000001
"ValueName" = "Versteckt"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51105"


restore_safe_mod.reg
  Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Base]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot Bus Extender]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot-Dateisystem]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ DcomLaunch]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmboot.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmio.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmload.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Dateisystem]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Filter]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ HelpSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PCI Configuration]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PlugPlay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PNP-Filter]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Primary Disk]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SCSI-Klasse]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sermouse.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sr.sys]
@ = "FSFilter Systemwiederherstellung"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ System Bus Extender]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vga.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vgasave.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM-Laufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "DiskDrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard-Diskettencontroller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "HDC"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Tastatur"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Maus"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA-Adapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Diskettenlaufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AFD]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Base]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot Bus Extender]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot-Dateisystem]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Browser]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DcomLaunch]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Dhcp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmboot.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmio.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmload.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DnsCache]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Dateisystem]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Filter]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ HelpSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ip6fw.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ipnat.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanServer]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanWorkstation]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LmHosts]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Messenger]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS Wrapper]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Ndisuio]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOS]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOSGroup]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBT]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetDDEGroup]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetMan]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Network]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetworkProvider]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NtLmSsp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PCI-Konfiguration]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PlugPlay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP-Filter]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP_TDI]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Primary Disk]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpcdd.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpdd.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpwd.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdsessmgr]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SCSI-Klasse]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sermouse.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SharedAccess]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sr.sys]
@ = "FSFilter Systemwiederherstellung"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Streams-Treiber]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ System Bus Extender]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Tcpip]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ TDI]
@ = "Fahrergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdpipe.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdtcp.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ termservice]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vga.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vgasave.sys]
@ = "Treiber"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WZCSVC]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM-Laufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E967-E325-11CE-BFC1-08002BE10318}]]
@ = "DiskDrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard-Diskettencontroller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "HDC"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Tastatur"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Maus"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E972-E325-11CE-BFC1-08002BE10318}]
@ = "Net"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E973-E325-11CE-BFC1-08002BE10318}]
@ = "NetClient"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E974-E325-11CE-BFC1-08002BE10318}]
@ = "NetService"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E975-E325-11CE-BFC1-08002BE10318}]
@ = "NetTrans"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA-Adapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Diskettenlaufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa]
"Authentication Packages" = Hex (7): 6T, 00,73,00,76,00,31,00,5f, 00,30,00,00,00,00,00, \
00

11. wir heben eine normale Verteidigung auf (Antivirus mit aktuellen Datenbanken + Firewall + Antispyware)