#46 15.06.09 00:59
#47 12.09.09 10:01
Re: Вирусы, распространяющиеся через USB-флэшки и методы борьбы с ними
На днях столкнулся с неприятной траблой: невозможно было запустить ни один антивирусный сканер (типа Avz или CureIT) т.к. вирусня "поправила" в реестре файловые ассоциации для ехе-шников. Редактор реестра не запускался, но reg-файлы почему-то работали =) Ниже коды reg-файлов, восстанавливающих ассоциации для: exe / каталогов / дисков
Код::
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runasuser]
@="@shell32.dll,-50944"
"Extended"=""
"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"
[HKEY_CLASSES_ROOT\exefile\shell\runasuser\command]
"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]Код::
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Folder]
"ContentViewModeLayoutPatternForBrowse"="delta"
"ContentViewModeForBrowse"="prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified"
"ContentViewModeLayoutPatternForSearch"="alpha"
"ContentViewModeForSearch"="prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay"
@="Folder"
"EditFlags"=hex:d2,03,00,00
"FullDetails"="prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size"
"NoRecentDocs"=""
"ThumbnailCutoff"=dword:00000000
"TileInfo"="prop:System.Title;System.PropGroup.Description;System.ItemTypeText"
[HKEY_CLASSES_ROOT\Folder\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00
[HKEY_CLASSES_ROOT\Folder\shell]
[HKEY_CLASSES_ROOT\Folder\shell\explore]
"MultiSelectModel"="Document"
"ProgrammaticAccessOnly"=""
"LaunchExplorerFlags"=dword:00000018
[HKEY_CLASSES_ROOT\Folder\shell\explore\command]
"DelegateExecute"="{11dbb47c-a525-400b-9e80-a54615a090c0}"
[HKEY_CLASSES_ROOT\Folder\shell\open]
"MultiSelectModel"="Document"
[HKEY_CLASSES_ROOT\Folder\shell\open\command]
"DelegateExecute"="{11dbb47c-a525-400b-9e80-a54615a090c0}"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
[HKEY_CLASSES_ROOT\Folder\shell\opennewprocess]
"MUIVerb"="@shell32.dll,-8518"
"MultiSelectModel"="Document"
"Extended"=""
"LaunchExplorerFlags"=dword:00000003
"ExplorerHost"="{ceff45ee-c862-41de-aee2-a022c81eda92}"
[HKEY_CLASSES_ROOT\Folder\shell\opennewprocess\command]
"DelegateExecute"="{11dbb47c-a525-400b-9e80-a54615a090c0}"
[HKEY_CLASSES_ROOT\Folder\shell\opennewwindow]
"MUIVerb"="@shell32.dll,-8517"
"MultiSelectModel"="Document"
"OnlyInBrowserWindow"=""
"LaunchExplorerFlags"=dword:00000001
[HKEY_CLASSES_ROOT\Folder\shell\opennewwindow\command]
"DelegateExecute"="{11dbb47c-a525-400b-9e80-a54615a090c0}"
[HKEY_CLASSES_ROOT\Folder\ShellEx]
[HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu]
@="{85BBD920-42A0-1069-A2E4-08002B30309D}"
[HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\Library Location]
@="{3dad6c5d-2167-4cae-9914-f99e41c12cfa}"
[HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\Offline Files]
@="{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"
[HKEY_CLASSES_ROOT\Folder\ShellEx\DragDropHandlers]
[HKEY_CLASSES_ROOT\Folder\ShellEx\DragDropHandlers\{BD472F60-27FA-11cf-B8B4-444553540000}]
@=""
[HKEY_CLASSES_ROOT\Folder\ShellEx\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\Folder\ShellEx\PropertySheetHandlers\BriefcasePage]
@="{85BBD920-42A0-1069-A2E4-08002B30309D}"
[HKEY_CLASSES_ROOT\Folder\ShellEx\PropertySheetHandlers\Offline Files]
@="{7EFA68C6-086B-43e1-A2D2-55A113531240}"
[HKEY_CLASSES_ROOT\Folder\ShellNew]
"Directory"=""
"IconPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,\
00,00
"ItemName"="@shell32.dll,-30396"
"MenuText"="@shell32.dll,-30317"
"NonLFNFileSpec"="@shell32.dll,-30319"
[HKEY_CLASSES_ROOT\Folder\ShellNew\Config]
"AllDrives"=""
"IsFolder"=""
"NoExtension"=""
[HKEY_CLASSES_ROOT\Directory]
"AlwaysShowExt"=""
@="File Folder"
"EditFlags"=hex:d2,01,00,00
"FriendlyTypeName"="@shell32.dll,-10152"
"FullDetails"="prop:System.PropGroup.Description;System.DateCreated;System.FileCount;System.TotalFileSize"
"InfoTip"="prop:System.Comment;System.DateCreated"
"NoRecentDocs"=""
"PreviewDetails"="prop:System.DateModified;*System.SharedWith;*System.OfflineAvailability;*System.OfflineStatus"
"PreviewTitle"="prop:System.ItemNameDisplay;System.ItemTypeText"
[HKEY_CLASSES_ROOT\Directory\Background]
[HKEY_CLASSES_ROOT\Directory\Background\shell]
[HKEY_CLASSES_ROOT\Directory\Background\shell\cmd]
@="@shell32.dll,-8506"
"Extended"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\Background\shell\cmd\command]
@="cmd.exe /s /k pushd \"%V\""
[HKEY_CLASSES_ROOT\Directory\Background\shellex]
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Gadgets]
@="{6B9228DA-9C15-419e-856C-19E768A13BDC}"
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New]
@="{D969A300-E7FF-11d0-A93B-00A0C90F2719}"
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_CLASSES_ROOT\Directory\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00
[HKEY_CLASSES_ROOT\Directory\shell]
@="none"
[HKEY_CLASSES_ROOT\Directory\shell\cmd]
@="@shell32.dll,-8506"
"Extended"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\cmd\command]
@="cmd.exe /s /k pushd \"%V\""
[HKEY_CLASSES_ROOT\Directory\shell\find]
"LegacyDisable"=""
"SuppressionPolicy"=dword:00000080
[HKEY_CLASSES_ROOT\Directory\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
"DelegateExecute"="{a015411a-f97d-4ef3-8425-8a38d022aebc}"
[HKEY_CLASSES_ROOT\Directory\shellex]
[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Offline Files]
@="{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"
[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\SnagItMainShellExt]
@="{CF74B903-3389-469c-B3B6-0204D204FCBD}"
[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers]
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
@="{217FC9C0-3AEA-1069-A2DB-08002B30309D}"
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
@="{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\VPCCopyHook]
@="{30C14BAC-122C-42ed-B319-1139DBF48EB8}"
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Offline Files]
@="{7EFA68C6-086B-43e1-A2D2-55A113531240}"
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{1f2e5c40-9550-11ce-99d2-00aa006e086c}]
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{4a7ded0a-ad25-11d0-98a8-0800361b1103}]
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}]
[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}]
@=""Код::
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Drive]
"ContentViewModeLayoutPatternForBrowse"="delta"
"ContentViewModeForBrowse"="prop:~System.ItemNameDisplay;~System.PercentFull;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.Volume.FileSystem;~System.Computer.DecoratedFreeSpace"
@="Drive"
"EditFlags"=hex:d2,01,00,00
"InfoTip"="prop:System.FreeSpace;System.Capacity"
"PreviewDetails"="prop:*System.PercentFull;System.FreeSpace;System.Capacity;System.Volume.FileSystem;*System.Volume.BitLockerProtection"
"PreviewTitle"="prop:System.ItemNameDisplay;System.ItemTypeText"
"TileInfo"="prop:*System.PercentFull;System.Computer.DecoratedFreeSpace;System.Volume.FileSystem"
[HKEY_CLASSES_ROOT\Drive\Commands]
[HKEY_CLASSES_ROOT\Drive\Commands\Shell]
[HKEY_CLASSES_ROOT\Drive\Commands\Shell\Windows.EnhancedStorage.Lock]
@="Enhanced Storage Lock Command"
"CommandStateSync"=""
"ExplorerCommandHandler"="{CC55EE92-FE67-43C9-95E7-E646918A4A04}"
[HKEY_CLASSES_ROOT\Drive\Commands\Shell\Windows.EnhancedStorage.Unlock]
@="Enhanced Storage Unlock Command"
"CommandStateSync"=""
"ExplorerCommandHandler"="{CC55EE92-FE67-43C9-95E7-E646918A4A04}"
[HKEY_CLASSES_ROOT\Drive\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell]
@="none"
[HKEY_CLASSES_ROOT\Drive\shell\cmd]
@="@shell32.dll,-8506"
"Extended"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Drive\shell\cmd\command]
@="cmd.exe /s /k pushd \"%V\""
[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\
00,30,00,00,00
"AppliesTo"="System.Volume.BitlockerProtection:=2 AND System.Volume.BitlockerRequiresAdmin:=System.StructuredQueryType.Boolean#False"
"MultiSelectModel"="Single"
[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,54,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde-elev]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\
00,30,00,00,00
"HasLUAShield"=""
"AppliesTo"="System.Volume.BitlockerProtection:=2 AND System.Volume.BitlockerRequiresAdmin:=System.StructuredQueryType.Boolean#True"
"MultiSelectModel"="Single"
[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde-elev\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,45,00,6c,00,65,00,76,00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,\
54,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\find]
"LegacyDisable"=""
"SuppressionPolicy"=dword:00000080
[HKEY_CLASSES_ROOT\Drive\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
"DelegateExecute"="{a015411a-f97d-4ef3-8425-8a38d022aebc}"
[HKEY_CLASSES_ROOT\Drive\shell\manage-bde]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,34,\
00,39,00,00,00
"AppliesTo"="(System.Volume.BitLockerProtection:=1 OR System.Volume.BitLockerProtection:=3 OR System.Volume.BitLockerProtection:=5) AND System.Volume.BitLockerRequiresAdmin:=System.StructuredQueryType.Boolean#False"
"MultiSelectModel"="Single"
"HideIfDisabled"=""
[HKEY_CLASSES_ROOT\Drive\shell\manage-bde\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,55,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\manage-bde-elev]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,34,\
00,39,00,00,00
"HasLUAShield"=""
"AppliesTo"="(System.Volume.BitLockerProtection:=1 OR System.Volume.BitLockerProtection:=3 OR System.Volume.BitLockerProtection:=5) AND System.Volume.BitLockerRequiresAdmin:=System.StructuredQueryType.Boolean#True"
"MultiSelectModel"="Single"
"HideIfDisabled"=""
[HKEY_CLASSES_ROOT\Drive\shell\manage-bde-elev\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,45,00,6c,00,65,00,76,00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,\
55,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\resume-bde]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\
00,31,00,00,00
"AppliesTo"="System.Volume.BitlockerProtection:=5 AND System.Volume.BitlockerRequiresAdmin:=System.StructuredQueryType.Boolean#False"
"MultiSelectModel"="Single"
[HKEY_CLASSES_ROOT\Drive\shell\resume-bde\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,56,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\resume-bde-elev]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\
00,31,00,00,00
"HasLUAShield"=""
"AppliesTo"="System.Volume.BitlockerProtection:=5 AND System.Volume.BitlockerRequiresAdmin:=System.StructuredQueryType.Boolean#True"
"MultiSelectModel"="Single"
[HKEY_CLASSES_ROOT\Drive\shell\resume-bde-elev\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,45,00,6c,00,65,00,76,00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,\
56,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\unlock-bde]
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,\
64,00,65,00,55,00,6e,00,6c,00,6f,00,63,00,6b,00,57,00,69,00,7a,00,61,00,72,\
00,64,00,2e,00,65,00,78,00,65,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"DefaultAppliesTo"=""
"AppliesTo"="System.Volume.BitLockerProtection:=6"
"MultiSelectModel"="Single"
[HKEY_CLASSES_ROOT\Drive\shell\unlock-bde\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,64,00,\
65,00,55,00,6e,00,6c,00,6f,00,63,00,6b,00,57,00,69,00,7a,00,61,00,72,00,64,\
00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,00,00
[HKEY_CLASSES_ROOT\Drive\shellex]
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\EnhancedStorageShell]
@="{2854F705-3548-414C-A113-93E27C808C85}"
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{59099400-57FF-11CE-BD94-0020AF85B590}]
@=""
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}]
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""
[HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions]
[HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
"DriveMask"=dword:00000020
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers]
@="{5F5295E0-429F-1069-A2E2-08002B30309D}"
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{1f2e5c40-9550-11ce-99d2-00aa006e086c}]
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{4a7ded0a-ad25-11d0-98a8-0800361b1103}]
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{55B3A0BD-4D28-42fe-8CFB-FA3EDFF969B8}]
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{5F5295E0-429F-1069-A2E2-08002B30309D}]
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{7988B573-EC89-11cf-9C00-00AA00A14F56}]
@=""
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}]
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}]
@=""
[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""Offline
#48 24.09.09 00:27
Re: Вирусы, распространяющиеся через USB-флэшки и методы борьбы с ними
У меня вирь сидит когда флешку засуну все папки скрывает и создает приложения с иконкой папки и таким же названием!
А еще нод говорит что в оперативной памяти засел один в XP-D41D8CD9.EXE, подскажите что делать?)
Offline
#49 09.10.09 13:55
Re: Вирусы, распространяющиеся через USB-флэшки и методы борьбы с ними
Marat K. написал(а):
что делать?)
http://hostel.nstu.ru/viewtopic.php?id=136503
Исправлено A.Tom (09.10.09 13:55)
Offline
