Win32.Sector (WIN32.Sality)
Win32.Sector (WIN32.Sality) - файловий вірус, заражає exe-ники системних служб, автоазгрузку і проги, які користувач часто іпользуются)
Cімптоми Win32.Sector (WIN32.Sality)
1. блокуєте "Диспетчер завдань" taskmgr.exe і редактор реєстру regedit
(При спробі запустити - випадає віконце мовляв заблоковано адміністратором)
2. вірус генерує скажений трафік (постійно йде обмін пакетами з мережею)
3. (!) При спробі програмно відключити мережеве з'єднання - система перезагружаеться / блюскрін
4. (!) При спробі завантажитися в "безпечному режимі" - блюскрін
5. весь софт крім антивірусного ПО працює нормально,
6. (!) При спробі запустити будь-який антивірус - вони тут же закриваються
7. блокуєте доступ до сайтів антивірусних компаній
8. якщо це 28682-й сектор то при завантаженні системи злітають все драйвера пристроїв (в "Діспечтере пристроїв" навпроти залозок - жовті знаки оклику: "драйвер покоцал і не може бути довантажуючи в оперативку ..."; в результаті - не працює ні мережу, ні юСБ, дозвіл 800х600, 8 біт)
інструменти для лікування Win32.Sector (WIN32.Sality)
- WinPE на CD / USB (необхідно перевірити всі файли з-під іншої системи)
- Dr.Web CureIt обов'язково з актуальними (читай: свіжими) базами
- Trojan Remover (спочатку лікуємо зараження екзешнікі Інтернетом, потім добиваємо Ремувер)
- AVZ або рег-файли (необхідні для зняття блокуючих політик)
- Інсталяційний диск з дистриб ОС (знадобитися для перевірки сис. Файлів на цілісність)
інструкція по лікуванню Win32.Sector (WIN32.Sality)
1. необхідно якомога швидше висмикнути мережевий кабель з компа
(Тому що при спробі програмно відключити мережу через "Мережеві підключення" вірус буде перезавантажувати ОС ")
2. встановлюємо Unlocker і Process Explorer, запускаємо Process Explorer і Кіля 5-7 штук Просес cmd
3. даємо доступ поточному юзверя до папок SystemVolumeInformation, розблокуємо їх Unlocker`ом і Кіля
4. чистимо темпу юзера (Пуск -> Виконати ->% temp% [Enter])
5. чистимо папку тимчасових файлів IE (C: \ Documents and Settings \ імя_учеткі \ Local Settings \ Temporary Internet Files)
6. перезавантажуємося, вантажимося з Лайвсден WinPE і запускаємо CureIT
(Необхідна повна перевірка всіх файлів. Більшість з них - запускной файли прогам антивирь зцілить)
7. після лікування - вантажимося в звичайному режимі (безпечний досих пір заблокований "лівими" ключами в рееестре) і перевіряють Trojan Remover `ом
8. робимо перевірку файлів вінди на цілісність (Пуск -> Виконати -> sfc / scannow)
* Незабутній згодувати сидюк компакт з дистриб
9. після цього перезавантажуємо систему, чистимо рееср (CCleaner / RegOrganizer / голова + regedit)
10. застосовуємо твіки реєстру для усунення "побічних" ефектів вірусу:
restore_taskmgr.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 0
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 0
restore_regedit.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableRegistryTools" = dword: 0
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableRegistryTools" = dword: 0
restore_hidden.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden]
"Text" = "@ shell32.dll, -30499"
"Type" = "group"
"Bitmap" = hex (2): 25,00,53,00,79,00,73,00,74,00,65,00,6d, 00,52,00,6f, 00,6f, 00,74 , \
00,25,00,5c, 00,73,00,79,00,73,00,74,00,65,00,6d, 00,33,00,32,00,5c, 00,53,00, \
48,00,45,00,4c, 00,4c, 00,33,00,32,00,2e, 00,64,00,6c, 00,6c, 00,2c, 00,34,00,00, \
00
"HelpID" = "shell.hlp # 51131"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ NOHIDDEN]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced"
"Text" = "@ shell32.dll, -30501"
"Type" = "radio"
"CheckedValue" = dword: 00000002
"ValueName" = "Hidden"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51104"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced"
"Text" = "@ shell32.dll, -30500"
"Type" = "radio"
"CheckedValue" = dword: 00000001
"ValueName" = "Hidden"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51105"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden]
"Text" = "@ shell32.dll, -30499"
"Type" = "group"
"Bitmap" = hex (2): 25,00,53,00,79,00,73,00,74,00,65,00,6d, 00,52,00,6f, 00,6f, 00,74 , \
00,25,00,5c, 00,73,00,79,00,73,00,74,00,65,00,6d, 00,33,00,32,00,5c, 00,53,00, \
48,00,45,00,4c, 00,4c, 00,33,00,32,00,2e, 00,64,00,6c, 00,6c, 00,2c, 00,34,00,00, \
00
"HelpID" = "shell.hlp # 51131"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ NOHIDDEN]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced"
"Text" = "@ shell32.dll, -30501"
"Type" = "radio"
"CheckedValue" = dword: 00000002
"ValueName" = "Hidden"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51104"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced"
"Text" = "@ shell32.dll, -30500"
"Type" = "radio"
"CheckedValue" = dword: 00000001
"ValueName" = "Hidden"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51105"
restore_safe_mod.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal]
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ AppMgmt]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Base]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot Bus Extender]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot file system]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ CryptSvc]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ DcomLaunch]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmadmin]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmboot.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmio.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmload.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmserver]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ EventLog]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ File system]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Filter]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ HelpSvc]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Netlogon]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PCI Configuration]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PlugPlay]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PNP Filter]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Primary disk]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ RpcSs]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SCSI Class]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sermouse.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sr.sys]
@ = "FSFilter System Recovery"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SRService]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ System Bus Extender]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vga.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vgasave.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ WinMgmt]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM Drive"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "DiskDrive"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard floppy disk controller"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Keyboard"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Mouse"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA Adapters"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Floppy disk drive"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network]
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AFD]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AppMgmt]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Base]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot Bus Extender]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot file system]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Browser]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ CryptSvc]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DcomLaunch]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Dhcp]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmadmin]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmboot.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmio.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmload.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmserver]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DnsCache]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ EventLog]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ File system]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Filter]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ HelpSvc]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ip6fw.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ipnat.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanServer]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanWorkstation]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LmHosts]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Messenger]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS Wrapper]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Ndisuio]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOS]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOSGroup]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBT]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetDDEGroup]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Netlogon]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetMan]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Network]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetworkProvider]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NtLmSsp]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PCI Configuration]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PlugPlay]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP Filter]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP_TDI]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Primary disk]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpcdd.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpdd.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpwd.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdsessmgr]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ RpcSs]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SCSI Class]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sermouse.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SharedAccess]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sr.sys]
@ = "FSFilter System Recovery"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SRService]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Streams Drivers]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ System Bus Extender]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Tcpip]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ TDI]
@ = "Driver Group"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdpipe.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdtcp.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ termservice]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vga.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vgasave.sys]
@ = "Driver"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WinMgmt]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WZCSVC]
@ = "Service"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM Drive"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "DiskDrive"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard floppy disk controller"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Keyboard"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Mouse"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E972-E325-11CE-BFC1-08002BE10318}]
@ = "Net"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E973-E325-11CE-BFC1-08002BE10318}]
@ = "NetClient"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E974-E325-11CE-BFC1-08002BE10318}]
@ = "NetService"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E975-E325-11CE-BFC1-08002BE10318}]
@ = "NetTrans"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA Adapters"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Floppy disk drive"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa]
"Authentication Packages" = hex (7): 6d, 00,73,00,76,00,31,00,5f, 00,30,00,00,00,00, \
00
11. навішуємо нормальний захист (антивирь з актуальними базами + фаєрвол + антишпигун)
Коментарі
Коментуючи, пам'ятайте про те, що зміст і тон Вашого повідомлення можуть зачіпати почуття реальних людей, проявляйте повагу та толерантність до своїх співрозмовників навіть у тому випадку, якщо Ви не поділяєте їхню думку, Ваша поведінка за умов свободи висловлювань та анонімності, наданих інтернетом, змінює не тільки віртуальний, але й реальний світ. Всі коменти приховані з індексу, спам контролюється.