Win32.Sector (WIN32.Sality)



Win32.Sector (WIN32.Sality) - virus de fichier infecte les services système exe des pseudos avtoazgruzku et pliez que l'utilisateur Essayer fréquemment Us)


Les symptômes Win32.Sector (WIN32.Sality)
1. verrouillage "Gestionnaire des tâches" taskmgr.exe est et régistre éditeur de regedit
(Lorsque vous essayez de courir - fenêtre tombe prétendument bloqué sysadmin)
2. Le virus génère un trafic fou (est constamment ping sur le réseau)
3. lorsque vous essayez de désactiver par programme la connexion réseau (!) - Système perezagruzhaetsya / blyuskrin
4. lorsque vous essayez de démarrer en "mode sans échec" (!) - Blyuskrin
5. tous les logiciels en plus du logiciel anti-virus fonctionne correctement,
6. lorsque vous essayez d'exécuter un anti-virus (!) - Ils zakryvayutsya immédiatement
7. bloquant l'accès aux sites Web des sociétés d'antivirus
8. Si elle est 28682 alors le premier secteur au démarrage vole tous les pilotes de périphériques (dans "dispositifs Dispechtere" devant les glandes - jaune exclamation: "pilote pokotsali et ne peuvent pas être chargés dans la RAM ..." et par conséquent - ne fonctionne pas réseau ou YUSB, résolution 800x600, 8 bits)


Outils pour le traitement Win32.Sector (WIN32.Sality)

- WinPE sur le CD / USB (vous devez vérifier tous les fichiers sur d' autres systèmes)
- (lire: frais) Dr.Web CureIt nécessairement pertinentes des bases de données
- Trojan Remover (traiter d' abord le infecté navigation sur le Web de fichier EXE, puis finir remuverom)
- AVZ ou reg fichiers (nécessaires pour supprimer la stratégie de blocage)
- Disque d'installation OS distributive (besoin de vérifier le SIS pour maintenir l'intégrité des fichiers.)


traitement Win32.Sector utilisateur (WIN32.Sality)
1. vous devez immédiatement tirer sur le cordon d'alimentation de l'ordinateur
(Parce que quand vous essayez de désactiver par programmation du réseau à travers les "Connexions réseau" virus va redémarrer le système d' exploitation ")

2. Unlocker et installer Process Explorer, exécutez Process Explorer et Carina 5-7 pièces prosesov cmd

3. Pour donner accès aux dossiers de juzverej SystemVolumeInformation actuels, déverrouiller et Unlocker`om quille

4. Net utilisateur tempo (Démarrer -> Exécuter ->% temp% [Entrée] )

5. nettoyer le dossier IE fichiers temporaires (C: \ Documents and Settings \ imya_uchetki \ Local Settings \ Temporary Internet Files)

6. redémarrage, la Géorgie avec layvSD WinPE et exécuter CureIt
(Nécessite une analyse complète de tous les fichiers dont la majorité d'entre eux -. Zapusknoe fichiers Prog Antivir guérir)

7. après le traitement - sera disponible en mode normal (dosih sécurisé verrouillé touches "gauche" dans reeestre) et vérifie Trojan Remover `e

8. faire des fichiers de test pour maintenir l'intégrité de Windows (Démarrer -> Exécuter -> sfc / scannow)
* Unforgettable CD fourrage sidyuk avec distributive

9. puis redémarrez le système, reesr propre (CCleaner / RegOrganizer / head + regedit)

10. appliquer des réglages de registre pour éliminer le «côté» de la efekt de virus:

restore_taskmgr.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 0


restore_regedit.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableRegistryTools" = dword: 0


restore_hidden.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Caché]
"Texte" = "@ shell32.dll, -30499"
= "Groupe" "Type"
"Bitmap" = hex (2): 25,00,53,00,79,00,73,00,74,00,65,00,6d, 00,52,00,6f, 00,6f, 00,74 \
00,25,00,5c, 00,73,00,79,00,73,00,74,00,65,00,6d, 00,33,00,32,00,5c, 00,53,00, \
48,00,45,00,4c, 00,4c, 00,33,00,32,00,2e, 00,64,00,6c, 00,6c, 00,2c, 00,34,00,00, \
00
"HelpID" = "shell.hlp # 51131"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ caché \ NOHIDDEN]
"RegPath" = "Software \\ Microsoft \\ windows \\ CurrentVersion \\ Explorateur \\ Avancé"
"Texte" = "@ shell32.dll, -30501"
"Type" = "radio"
"CheckedValue" = dword: 00000002
"ValueName" = "Caché"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51104"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ caché \ SHOWALL]
"RegPath" = "Software \\ Microsoft \\ windows \\ CurrentVersion \\ Explorateur \\ Avancé"
"Texte" = "@ shell32.dll, -30500"
"Type" = "radio"
"CheckedValue" = dword: 00000001
"ValueName" = "Caché"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51105"


restore_safe_mod.reg
  Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Base]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot Bus Extender]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ système de fichiers \ Boot Minimal]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ DcomLaunch]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmboot.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Dmio.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmload.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal system \ File]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Filter]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Helpsvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal Configuration PCI \]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PlugPlay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal Filtre PNP \]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal disque primaire \]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SCSI Classe]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sermouse.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sr.sys]
@ = "System Recovery FSFilter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ System Bus Extender]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vga.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vgasave.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "Diskdrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Contrôleur de disquette standard"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Clavier"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Souris"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "Adaptateurs PCMCIA"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "Système"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Lecteur de disquettes"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ \ Minimal {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AFD]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Base]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot Bus Extender]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ système de fichiers de démarrage]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Browser]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DcomLaunch]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Dhcp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmboot.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Dmio.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmload.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DnsCache]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ système de fichiers]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Filter]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Helpsvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ip6fw.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Ipnat.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanServer]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanWorkstation]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ réseau \ LmHosts]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Messenger]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS Wrapper]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDISUIO]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ réseau \ NetBIOS]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOSGroup]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBT]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetDDEGroup]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetMan]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Network]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetworkProvider]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NtLmSsp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Configuration PCI]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PlugPlay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP Filter]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP_TDI]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ disque primaire]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpcdd.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpdd.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Rdpwd.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdsessmgr]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SCSI Classe]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sermouse.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SharedAccess]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sr.sys]
@ = "System Recovery FSFilter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ réseau \ Streams Pilotes]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ System Bus Extender]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Tcpip]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ TDI]
@ = "Groupe Pilote"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdpipe.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Tdtcp.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ termservice]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vga.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vgasave.sys]
@ = "Driver"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WZCSVC]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "Diskdrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Contrôleur de disquette standard"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Clavier"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Souris"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E972-E325-11CE-BFC1-08002BE10318}]
@ = "Net"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E973-E325-11CE-BFC1-08002BE10318}]
@ = "NetClient"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E974-E325-11CE-BFC1-08002BE10318}]
@ = "NetService"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E975-E325-11CE-BFC1-08002BE10318}]
@ = "NetTrans"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "Adaptateurs PCMCIA"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "Système"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Lecteur de disquettes"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa]
"Authentification Packages" = hex (7): 6d, 00,73,00,76,00,31,00,5f, 00,30,00,00,00,00, \
00

11. mis dans la protection normale (Antivir avec des bases d'actualité + pare-feu + antispyware)