This page has been robot translated, sorry for typos if any. Original content here.

Win32.Sector (WIN32.Sality)



Win32.Sector (WIN32.Sality) - Datei - Virus infiziert EXE-nicks Systemdienste avtoazgruzku und biegt , dass der Benutzer sie häufig Versuchen)


Cimptomy Win32.Sector (WIN32.Sality)
1. Block der "Task - Manager" taskmgr.exe ist und Registrierungs - Editor regedit
(Wenn zu laufen versuchen - es fällt das Fenster angeblich blockiert Sysadmin out)
2. Der Virus erzeugt einen verrückten Verkehr (wird ständig das Netzwerk ping)
3. wenn Sie versuchen, programmatisch die Netzwerkverbindung zu deaktivieren (!) - System perezagruzhaetsya / blyuskrin
4. Wenn Sie versuchen , in den „abgesicherten Modus“ zu starten (!) - blyuskrin
5. die gesamte Software zusätzlich zu Anti-Virus - Software ordnungsgemäß funktioniert,
6. Wenn Sie versuchen , einen anti-Virus zu laufen (!) - sie sofort zakryvayutsya
7. blockiert den Zugriff auf die Webseiten von Antiviren-Unternehmen
8. Wenn es 28.682-ten Sektor ist beim Booten alle Gerätetreiber fliegt (in „Dispechtere Geräte“ vor Eisen - gelbes Ausrufezeichen: „pokotsali Treiber und nicht in den RAM geladen werden kann ...“ und als Ergebnis - funktioniert nicht Netzwerk oder yusb, eine Auflösung von 800x600, 8 bit)


Werkzeuge für die Behandlung Win32.Sector (WIN32.Sality)

- WinPE auf der CD / USB (Sie müssen überprüfen Sie alle Dateien aus anderen Systemen)
- Dr.Web CureIt unbedingt relevant (sprich: frisch) Datenbanken
- Trojan Remover (zuerst behandelt das infizierte EXE - Datei Web - Browsing, dann fertig machen remuverom)
- AVZ oder reg-Dateien (benötigt , um die Blockierung Richtlinie zu entfernen)
- Installations - CD distributive OS (müssen auf dem SIS zu überprüfen , um die Integrität der Dateien zu erhalten.)


Benutzer Win32.Sector Behandlung (WIN32.Sality)
1. Sie müssen sofort das Netzkabel aus dem Computer ziehen
(Weil , wenn Sie versuchen, programmatisch auf das Netzwerk über die „Netzwerkverbindungen“ deaktivieren Virus wird neu gestartet , das Betriebssystem „)

2. Unlocker und installieren Process Explorer, führen Process Explorer und Carina 5-7 Stücke prosesov cmd

3. Um den Zugriff auf die aktuellen juzverej SystemVolumeInformation Ordner zu geben, entriegeln sie Unlocker`om und Kiel

4. Nettobenutzerrate (Start -> Ausführen ->% temp% [Enter] )

5. Net Ordner IE temporäre Dateien (C: \ Dokumente und Einstellungen \ imya_uchetki \ Lokale Einstellungen \ Temporary Internet Files)

6. Neustart, Georgia mit layvSD WinPE und laufen CureIT
(Erfordert einen vollständigen Scan aller Dateien, die meisten von ihnen -. Zapusknoe Dateien prog Antivir heilen)

7. nach der Behandlung - Georgia im normalen Modus (der sichere dosih blockiert "links" Tasten in reeestre) und prüft Trojan Remover `th

8. tun Testdateien , die Integrität von Windows zu halten (Start -> Ausführen -> sfc / scannow)
* Unforgettable Feed sidyuk CD mit distributive

9. dann startet das System neu, sauber reesr (CCleaner / RegOrganizer / head + regedit)

10. gelten die Registrierungs zwickt die „Seite“ des Virus efekt zu beseitigen:

restore_taskmgr.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Policies \ System]
"DisableTaskMgr" = dword: 0


restore_regedit.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Policies \ System]
"DisableRegistryTools" = dword: 0


restore_hidden.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Advanced \ Folder \ Versteckte]
"Text" = "@ shell32.dll, -30499"
"Type" = "Gruppe"
"Bitmap" = hex (2): 25,00,53,00,79,00,73,00,74,00,65,00,6d, 00,52,00,6f, 00,6f, 00,74 \
00,25,00,5c, 00,73,00,79,00,73,00,74,00,65,00,6d, 00,33,00,32,00,5c, 00,53,00, \
48,00,45,00,4c, 00,4c, 00,33,00,32,00,2e, 00,64,00,6c, 00,6c, 00,2c, 00,34,00,00, \
00
"HelpID" = "shell.hlp # 51131"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Advanced \ Folder \ Versteckte \ NOHIDDEN]
"RegPath" = "Software \\ Microsoft \\ Windows-\\ Currentversion \\ Explorer \\ Erweitert"
"Text" = "@ shell32.dll, -30501"
"Type" = "radio"
"CheckedValue" = dword: 00000002
„Valuename“ = „Versteckt“
"Default" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51104"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Currentversion \ Explorer \ Advanced \ Folder \ Versteckte \ SHOWALL]
"RegPath" = "Software \\ Microsoft \\ Windows-\\ Currentversion \\ Explorer \\ Erweitert"
"Text" = "@ shell32.dll, -30500"
"Type" = "radio"
"CheckedValue" = dword: 00000001
„Valuename“ = „Versteckt“
"Default" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51105"


restore_safe_mod.reg
 Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot]
"AlternateShell" = "cmd.exe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Base]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Boot Bus Extender]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Boot-Dateisystem]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ DCOMLAUNCH]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ dmboot.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Dmio.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ dmload.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ File System]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Filter]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ helpsvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ PCI Configuration]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Plugplay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ PNP Filter]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Primary Disk]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ SCSI Klasse]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ Sermouse.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ sr.sys]
@ = "FSFilter System Recovery"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ System Bus Extender]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ vga.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ vgasave.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {36FC9E60-C465-11CF-8056-444.553.540.000}]
@ = "Universal Serial Bus Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM-Laufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "Diskdrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard Floppy-Disk-Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Keyboard"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Maus"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA-Adapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = „Diskettenlaufwerk“

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Minimal \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ AFD]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Base]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Boot Bus Extender]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Boot-Dateisystem]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Browser]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ DCOMLAUNCH]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Dhcp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ dmboot.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Dmio.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ dmload.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ DnsCache]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ File System]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Filter]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ helpsvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ ip6fw.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Ipnat.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ LanmanServer]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ LanmanWorkstation]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ LmHosts]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Messenger]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NDIS]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NDIS-Wrapper]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NDISUIO]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NetBIOS]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NetBIOSGroup]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NetBT]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NetDDEGroup]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NetMan]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Network]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Network]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot® \ Network \ nm]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ nm.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ NtLmSsp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ PCI Configuration]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Plugplay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ PNP Filter]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ PNP_TDI]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Primary Disk]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ rdpcdd.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ rdpdd.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Rdpwd.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ rdsessmgr]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ SCSI Klasse]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Sermouse.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Sharedaccess]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ sr.sys]
@ = "FSFilter System Recovery"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Streams Drivers]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ System Bus Extender]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Tcpip]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ TDI]
@ = "Driver Group"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ tdpipe.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ tdtcp.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ Termservice]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ vga.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ vgasave.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ WZCSVC]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {36FC9E60-C465-11CF-8056-444.553.540.000}]
@ = "Universal Serial Bus Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM-Laufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "Diskdrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard Floppy-Disk-Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Keyboard"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Maus"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E972-E325-11CE-BFC1-08002BE10318}]
@ = "Net"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E973-E325-11CE-BFC1-08002BE10318}]
@ = "NetClient"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E974-E325-11CE-BFC1-08002BE10318}]
@ = "NetService"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E975-E325-11CE-BFC1-08002BE10318}]
@ = "NetTrans"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA-Adapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = „Diskettenlaufwerk“

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Safeboot \ Network \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa]
"Authentication Packages" = hex (7): 6d, 00,73,00,76,00,31,00,5f, 00,30,00,00,00,00, \
00

11. legte den normalen Schutz (Antivir topische Basen mit Firewall + + Spyware)