Sujet Précédent Sujet Suivant

Problème d'un Malware bloquant Svchost.exe

Fermé
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013 - 25 janv. 2012 à 20:15
 Utilisateur anonyme - 29 janv. 2012 à 00:09
<config>Windo

Bonsoir cher Internautes, je suis désespéré:

- Je tente d'activer mon pare-feu mais il est bloqué
- Avast ne démarre plus (il est instable)
- Il bloque les ports de mes logiciels VPN


Un scan avec Spybot, je détecte Svchost.exe comme infecté en malware, il a été supprimé mais maintenant j'arrive plus à réparer :/

Donc j'ai scan, total contrôle de mon compte admin, modifié le registre HKEY/Local_machine/.....BFE et fais tout autorisé à "Tout le monde"

J'ai tenté un redémarrage via le services.msc (Pare-feu en mode automatique...etc)

Donc j'ai testé toutes les solutions :'(

Et bien sur, si possible je ne voudrais pas une réponse du style " Go formater ton disque dur" parce que j'ai vraiment besoin de bosser, merci de votre compréhension

.ws 7 / Firefox 9.0.1</config>

20 réponses

Réponse 1 / 20
Utilisateur anonyme
Modifié par Saachaa le 26/01/2012 à 21:02
Je regarde le rapport demain.

▶ Télécharge SEAF sur ton bureau (merci à C_XX)

▶ Lance-le, (exécuter en tant qu'administrateur pour Vista/7)

▶ Dans le logiciel, vérifie :

- Que les cases à gauche sont toutes cochées
- Que "Calculer le Checksum" soit bien sur MD5
- Que l'option "Chercher également dans le registre" est bien sélectionnée

▶ Dans le champ de recherche tape : svchost.exe , puis lance la recherche

▶ Patiente pendant la recherche, à la fin de celle-ci, un rapport (log.txt) s'ouvrira

▶ Copie/colle ce rapport dans ta prochaine réponse
?? Saachaa ?
Contributeur CCM
2
Réponse 2 / 20
Utilisateur anonyme
25 janv. 2012 à 20:38
Salut,

Si je comprends bien tu as viré Svchost.exe ?

En fait, ce n'est pas un virus mais un composant essentiel de Windows, et un virus est rentré dedans...

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS /!\

___________________________________________________________
Ce logiciel n'est à utiliser que prescrit par un helpeur qualifié et formé à l'outil

>>>>>>> Ne pas utiliser en dehors de ce cas de figure : dangereux <<<<<<
___________________________________________________________

▶ Surtout, pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

▶ Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, il faut impérativement le désinstaller avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système ! La simple désactivation du résident n'est pas suffisante.
En suivant ce lien, recherche AVG et choisis la version adéquat, puis lance l'outil.

▶ Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge et lance Defogger (de jpshortstuff) sur ton Bureau

▶ Une fenêtre apparaît : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable".

_________________________________________________________
▶ Enregistre et ferme tous tes programmes en cours
▶ Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, toutes tes protections (Antivirus, AntiSpyware etc...) qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
_________________________________________________________

Si tu as Windows XP -> double clique sur le logiciel pour le lancer.
Si tu as Windows Vista ou Windows 7 -> clic droit "exécuter en tant qu'administrateur" sur le logiciel pour le lancer.

¤¤ Accepte l'installation de la console de récupération si demandé ¤¤¤

! Ne touche à rien pendant que l'outil travaille (souris, clavier...) !

▶ Une fois que ComboFix a terminé, n'oublie pas de réactiver la garde de tes protections avant de te reconnecter à Internet

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 3 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
Modifié par dbzgtmax le 25/01/2012 à 21:52
Je l'ai viré à la corbeille (il est dedans car je sais que c'est pas un virus mais apparemment le virus veut pas dégager), je vais suivre ta procédure, je te dis quoi, merci

Edit: je n'ai pas de AVG ( Mais j'ai avast qui est bloqué)

Edit2: Impossibilité de coller le log ici, bizarre
0
Réponse 4 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
Modifié par dbzgtmax le 25/01/2012 à 22:11
Doublon
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
25 janv. 2012 à 22:16
ComboFix 12-01-23.02 - FICELLO 25/01/2012 21:12:36.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4055.2661 [GMT 1:00]
Lancé depuis: c:\users\FICELLO\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110403.txt
c:\cflog\CrashLog_20110404.txt
c:\cflog\CrashLog_20110408.txt
c:\cflog\CrashLog_20110409.txt
c:\cflog\CrashLog_20110410.txt
C:\update.exe
c:\users\FICELLO\AppData\Local\assembly\tmp
c:\users\FICELLO\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray
c:\users\FICELLO\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
c:\users\FICELLO\AppData\Local\TempDIR
c:\users\FICELLO\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\FICELLO\AppData\Roaming\cacaoweb
c:\users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\FICELLO\AppData\Roaming\cacaoweb\downloadPNWTDCP058397237.cacao
c:\users\FICELLO\AppData\Roaming\cacaoweb\fileE9016507786BDCBA59DB93627BA0A5F8.cacao
c:\users\FICELLO\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\FICELLO\AppData\Roaming\cacaoweb\storage.db
c:\users\FICELLO\AppData\Roaming\chrtmp
c:\users\FICELLO\AppData\Roaming\EurekaLog
c:\users\FICELLO\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\FICELLO\AppData\Roaming\explorer.exe.exe
c:\users\FICELLO\AppData\Roaming\FICELLOlog.dat
c:\users\FICELLO\AppData\Roaming\install\server.exe
c:\users\FICELLO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.exe
c:\windows\Install
c:\windows\Install\server.exe
c:\windows\PCGWIN32.LI5
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\SysWow64\BReWErS.dll
c:\windows\SysWow64\Explorer
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-25 au 2012-01-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-25 20:20 . 2012-01-25 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 22:22 . 2012-01-25 20:11 -------- d-----w- c:\users\FICELLO\AppData\Local\LogMeIn Hamachi
2012-01-24 22:21 . 2012-01-24 22:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-01-24 21:00 . 2012-01-25 19:20 -------- d-----w- c:\users\Adminsecours
2012-01-24 19:08 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F31F09D1-2CB1-4F73-87B2-CE463A6D2F57}\mpengine.dll
2012-01-22 23:09 . 2012-01-22 23:09 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-16 17:47 . 2012-01-16 18:17 -------- d-----w- c:\windows\9580813D94B14C289426A441E2BB29A5.TMP
2012-01-15 21:03 . 2012-01-15 21:03 -------- d-----w- c:\program files (x86)\Activision
2012-01-15 16:38 . 2012-01-15 16:38 4608 ----a-w- c:\windows\SysWow64\dvttrn.dll
2012-01-15 12:44 . 2012-01-15 12:44 -------- d-----w- c:\users\FICELLO\AppData\Local\Activision
2012-01-15 01:42 . 2012-01-15 01:42 -------- d-----w- c:\programdata\Megamedia
2012-01-14 11:42 . 2012-01-14 11:42 -------- d-----w- c:\program files (x86)\THQ
2012-01-12 13:04 . 2012-01-12 13:04 -------- d-----w- c:\users\FICELLO\AppData\Local\mpress
2012-01-11 16:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 16:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 16:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 16:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:40 . 2012-01-10 18:40 -------- d-----w- c:\programdata\Canneverbe Limited
2012-01-10 18:40 . 2012-01-10 18:40 -------- d-----w- c:\users\FICELLO\AppData\Roaming\Canneverbe Limited
2012-01-10 18:39 . 2012-01-10 18:39 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-01-02 02:23 . 2012-01-02 02:23 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-12-31 01:07 . 2011-12-31 01:07 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-31 01:07 . 2011-12-31 01:07 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-31 01:07 . 2011-12-31 01:07 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-31 01:07 . 2011-12-31 01:07 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-27 21:24 . 2011-12-27 21:24 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 00:52 . 2011-05-16 15:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-07-18 17:17 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-06-16 08:17 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-27 17:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-06-04 16:02 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-06-16 08:18 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-06-16 08:18 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-06-16 08:18 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-06-16 08:18 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-06-16 08:18 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-13 23:28 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2010-06-16 08:46 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:41 . 2011-12-13 23:28 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-13 23:28 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-13 23:28 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-13 23:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-13 23:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-13 23:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-06-23 3380632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revolution1;Revolution1;c:\users\FICELLO\Desktop\Revolution_Engine_8.3_ShaK3\Revolution_Engine_8.3_ShaK3\SHAK3.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-11-03 19952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\FICELLO\AppData\Local\Temp\0011162.tmp [x]
R3 X6va003;X6va003;c:\users\FICELLO\AppData\Local\Temp\00358E8.tmp [x]
R3 X6va005;X6va005;c:\users\FICELLO\AppData\Local\Temp\005B578.tmp [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-04-12 420864]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-12-12 751464]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.olgh.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Capture Web Page
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fetch to Megaupload
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\FICELLO\AppData\Roaming\Mozilla\Firefox\Profiles\qm50pug4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{77F4E711-789B-447F-9614-96759B2F83C6} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-cacaoweb - c:\users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe
Wow6432Node-HKCU-Run-BIOS Backup - c:\users\FICELLO\AppData\Roaming\5YtCaXaWoDdf.exe
Wow6432Node-HKCU-Run-KeyProtector - c:\users\FICELLO\AppData\Roaming\419836955.exe
Wow6432Node-HKCU-Run-Megakey - c:\users\FICELLO\AppData\Local\Megamedia\Megakey\Megakey.exe
Wow6432Node-HKCU-Run-MegakeyUpdater - c:\users\FICELLO\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
Wow6432Node-HKLM-Run-ShwiconXP9106 - c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
Wow6432Node-HKLM-Run-PDVDDXSrv - c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
Wow6432Node-HKLM-Run-BIOS Backup - c:\users\FICELLO\AppData\Roaming\5YtCaXaWoDdf.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{B7D3DCF9-7B4D-F7AE-B1CC-3E937BC5C7B9} - c:\users\FICELLO\AppData\Local\Temp\GX7EX0BYPW.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{4565939C-AABE-46B5-A128-E5CD330B1373}_is1 - c:\users\FICELLO\Desktop\Autoclics_4.1.0\unins000.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\FICELLO\AppData\Local\Temp\0011162.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\FICELLO\AppData\Local\Temp\00358E8.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\FICELLO\AppData\Local\Temp\005B578.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8EEB6160-CBAF-2EA3-C147-DF7B0C01B7A7}*]
"hagebflbbmchfkkm"=hex:69,61,61,6f,69,62,62,62,64,66,6c,6d,63,62,64,6c,64,69,
00,00
"iamchgoidngkfbjolg"=hex:69,61,61,6f,69,62,62,62,64,66,6c,6d,63,62,64,6c,64,69,
00,00
.
[HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,85,82,8e,60,9b,72,d9,0c,c1,f9,92,60,19,60,6a,61,a7,1c,33,79,
d3,36,ae,a4,c4,40,0d,df,13,ad,37,be,bc,e5,11,2f,58,c2,9c,0e,3d,0f,0b,7c,9b,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Heure de fin: 2012-01-25 21:28:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-01-25 20:28
.
Avant-CF: 52 908 765 184 octets libres
Après-CF: 54 707 728 384 octets libres
.
- - End Of File - - E903687226F00BE997735AC828B4C765
0
Réponse 6 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
26 janv. 2012 à 18:59
UP
0
Réponse 7 / 20
Utilisateur anonyme
26 janv. 2012 à 19:52
Salut,

Je viens de rentrer du travail, désolé je ne suis pas un robot !

Je regarde ça dans la soirée
0
Réponse 8 / 20
Utilisateur anonyme
26 janv. 2012 à 20:08
Combofix a bien bossé, toujours des soucis ?

Si oui, nomme-les.

Ensuite :

Ferme et enregistre toutes tes applications en cours

Télécharge et enregistre ceci sur ton bureau :

Pre_Scan

S'il n'est pas sur ton bureau coupe-le de ton dossier téléchargements et colle-le sur ton bureau

Une fois téléchargé lance-le et laisse faire le scan

Tous les processus non vitaux seront coupés, donc il se peut que ton Antivirus aussi, c'est normal !

Si 'outil est bloqué par l'infection utilise cette version : Version .pif

Si l'outil ne se lance toujours pas, utilise cette version renommée : Winlogon.exe (Pre_Scan)

Si l'outil détecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaîtra sur le bureau en fin de scan grâce à ce qui suit :

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

▶ Clique sur ce lien : https://www.cjoint.com/

▶ Clique sur Parcourir, et sélectionne le fichier Pre_Scan_la_date_et_l'heure.txt sur ton bureau

▶ Donne moi le lien en résultant

▶ Si Cjoint ne fonctionne pas, consulte cette page : Autres hébergeurs en ligne

Si ton bureau ne réapparaît pas -> Ctrl+Alt+Suppr , gestionnaire des tâches -> onglet fichier -> nouvelle tâche puis tape explorer
0
Réponse 9 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
26 janv. 2012 à 20:22
Oui j'ai toujours un souci mais j'ai remarqué une chose:

un svchost.exe dans C:\Users\FICELLO\AppData\Roaming qui est un malware supprimé et définitivement

et le svchost.exe qui se dans le dossier system32 qui est un composant essentiel à Windows (en regardant dans gestionnaire de tâches, j'ai compté 12 "svchost.exe" menant tous au meme dossier system32, je sais pas si c'est normal mais en tout cas le pare-feu est inutilisable et l'antivirus est bloqué donc je suis ta procédure dans l'immédiat, merci et je te dis quoi ensuite.
0
Réponse 10 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
26 janv. 2012 à 20:36
http://cjoint.com/12jv/BAAuKfQlNuz.htm

voilà le cjoint
0
Réponse 11 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
26 janv. 2012 à 21:59
Voilà le rapport copie/collé

1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 21:50:42 le 26/01/2012
4.
5. Valeur(s) recherchée(s):
6. svchost.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Affichage des ADS
13. (!) --- Affichage des dossiers
14. (!) --- Recherche registre
15.
16. ====== Fichier(s) ======
17.
18.
19. "C:\Users\FICELLO\Desktop\svchost.exe" [ ARCHIVE | 21 Ko ]
20. TC: 26/01/2012,21:38:47 | TM: 26/01/2012,21:38:48 | DA: 26/01/2012,21:38:48
21.
22. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
23.
24. CompanyName: Microsoft Corporation
25. ProductName: Système d'exploitation Microsoft® Windows®
26. InternalName: svchost.exe
27. OriginalFileName: svchost.exe.mui
28. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
29. ProductVersion: 6.1.7600.16385
30. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
31.
32. /!\ ADS: Zone.Identifier - 26 octets
33.
34. =========================
35.
36.
37. "C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
38. TC: 02/07/2011,01:52:15 | TM: 05/11/2010,02:52:39 | DA: 25/01/2012,21:20:24
39.
40. Hash MD5: F476EC40033CDB91EFBE73EB99B8362D
41.
42. CompanyName: Microsoft Corporation
43. ProductName: Microsoft® .NET Framework
44. InternalName: SMSvcHost.exe
45. OriginalFileName: SMSvcHost.exe
46. LegalCopyright: © Microsoft Corporation. All rights reserved.
47. ProductVersion: 3.0.4506.5420
48. FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
49.
50. =========================
51.
52.
53. "C:\Windows\ERDNT\cache64\svchost.exe" [ ARCHIVE | 27 Ko ]
54. TC: 25/01/2012,21:26:00 | TM: 14/07/2009,02:39:46 | DA: 25/01/2012,21:26:00
55.
56. Hash MD5: C78655BC80301D76ED4FEF1C1EA40A7D
57.
58. CompanyName: Microsoft Corporation
59. ProductName: Système d'exploitation Microsoft® Windows®
60. InternalName: svchost.exe
61. OriginalFileName: svchost.exe.mui
62. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
63. ProductVersion: 6.1.7600.16385
64. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
65.
66. =========================
67.
68.
69. "C:\Windows\ERDNT\cache86\svchost.exe" [ ARCHIVE | 21 Ko ]
70. TC: 25/01/2012,21:26:01 | TM: 14/07/2009,02:14:41 | DA: 25/01/2012,21:26:01
71.
72. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
73.
74. CompanyName: Microsoft Corporation
75. ProductName: Système d'exploitation Microsoft® Windows®
76. InternalName: svchost.exe
77. OriginalFileName: svchost.exe.mui
78. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
79. ProductVersion: 6.1.7600.16385
80. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
81.
82. =========================
83.
84.
85. "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
86. TC: 02/07/2011,01:52:15 | TM: 05/11/2010,02:52:39 | DA: 25/01/2012,21:20:24
87.
88. Hash MD5: F476EC40033CDB91EFBE73EB99B8362D
89.
90. CompanyName: Microsoft Corporation
91. ProductName: Microsoft® .NET Framework
92. InternalName: SMSvcHost.exe
93. OriginalFileName: SMSvcHost.exe
94. LegalCopyright: © Microsoft Corporation. All rights reserved.
95. ProductVersion: 3.0.4506.5420
96. FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
97.
98. =========================
99.
100.
101. "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config" [ NORMAL | 2 Ko ]
102. TC: 14/07/2009,06:32:40 | TM: 14/07/2009,06:32:32 | DA: 14/07/2009,06:32:32
103.
104. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
105.
106.
107. =========================
108.
109.
110. "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" [ ARCHIVE | 124 Ko ]
111. TC: 18/03/2010,13:16:28 | TM: 18/03/2010,13:16:28 | DA: 12/01/2012,13:21:21
112.
113. Hash MD5: D22CD77D4F0D63D1169BB35911BFF12D
114.
115. CompanyName: Microsoft Corporation
116. ProductName: Microsoft® .NET Framework
117. InternalName: SMSvcHost.exe
118. OriginalFileName: SMSvcHost.exe
119. LegalCopyright: © Microsoft Corporation. All rights reserved.
120. ProductVersion: 4.0.30319.1
121. FileVersion: 4.0.30319.1 (RTMRel.030319-0100)
122.
123. =========================
124.
125.
126. "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
127. TC: 18/03/2010,00:10:40 | TM: 18/03/2010,00:10:40 | DA: 12/01/2012,13:21:21
128.
129. Hash MD5: A9E7E2A3A82362D180CEA7EA1EDFA81A
130.
131.
132. =========================
133.
134.
135. "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [ ARCHIVE | 117 Ko ]
136. TC: 14/07/2009,02:01:53 | TM: 10/06/2009,21:30:46 | DA: 25/01/2012,21:20:25
137.
138. Hash MD5: 3E5A36127E201DDF663176B66828FAFE
139.
140. CompanyName: Microsoft Corporation
141. ProductName: Microsoft® .NET Framework
142. InternalName: SMSvcHost.exe
143. OriginalFileName: SMSvcHost.exe
144. LegalCopyright: © Microsoft Corporation. All rights reserved.
145. ProductVersion: 3.0.4506.4926
146. FileVersion: 3.0.4506.4926 (NetFXw7.030729-4900)
147.
148. =========================
149.
150.
151. "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
152. TC: 14/07/2009,06:32:40 | TM: 14/07/2009,06:32:32 | DA: 14/07/2009,06:32:32
153.
154. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
155.
156.
157. =========================
158.
159.
160. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" [ ARCHIVE | 124 Ko ]
161. TC: 18/03/2010,13:16:28 | TM: 18/03/2010,13:16:28 | DA: 25/01/2012,21:13:10
162.
163. Hash MD5: D22CD77D4F0D63D1169BB35911BFF12D
164.
165. CompanyName: Microsoft Corporation
166. ProductName: Microsoft® .NET Framework
167. InternalName: SMSvcHost.exe
168. OriginalFileName: SMSvcHost.exe
169. LegalCopyright: © Microsoft Corporation. All rights reserved.
170. ProductVersion: 4.0.30319.1
171. FileVersion: 4.0.30319.1 (RTMRel.030319-0100)
172.
173. =========================
174.
175.
176. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
177. TC: 18/03/2010,00:10:40 | TM: 18/03/2010,00:10:40 | DA: 12/01/2012,13:17:35
178.
179. Hash MD5: A9E7E2A3A82362D180CEA7EA1EDFA81A
180.
181.
182. =========================
183.
184.
185. "C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 21 Ko ]
186. TC: 28/12/2011,13:48:07 | TM: 26/01/2012,20:09:22 | DA: 26/01/2012,20:09:22
187.
188. Hash MD5: 47BD2E780A24B5998812B9E25ED26303
189.
190.
191. =========================
192.
193.
194. "C:\Windows\Prefetch\SVCHOST.EXE-CFE81CB7.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 19 Ko ]
195. TC: 04/12/2010,22:34:12 | TM: 26/01/2012,20:34:52 | DA: 26/01/2012,20:34:52
196.
197. Hash MD5: 6CA69A9CAA88F6CCFC76455446065101
198.
199.
200. =========================
201.
202.
203. "C:\Windows\Prefetch\SVCHOST.EXE-EDA5A3D2.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 58 Ko ]
204. TC: 11/01/2012,15:13:08 | TM: 26/01/2012,20:15:36 | DA: 26/01/2012,20:15:36
205.
206. Hash MD5: D3C84795D71E71B3F61C3F63CADBAE1D
207.
208.
209. =========================
210.
211.
212. "C:\Windows\System32\fr-FR\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
213. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 02/01/2012,14:30:25
214.
215. Hash MD5: 0A963D5DFB4245BF19B7B4AB0D83560E
216.
217. CompanyName: Microsoft Corporation
218. ProductName: Système d'exploitation Microsoft® Windows®
219. InternalName: svchost.exe
220. OriginalFileName: svchost.exe.mui
221. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
222. ProductVersion: 6.1.7600.16385
223. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
224.
225. =========================
226.
227.
228. "C:\Windows\System32\svchost.exe" [ ARCHIVE | 21 Ko ]
229. TC: 14/07/2009,00:19:28 | TM: 14/07/2009,02:14:41 | DA: 26/01/2012,19:57:12
230.
231. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
232.
233. CompanyName: Microsoft Corporation
234. ProductName: Système d'exploitation Microsoft® Windows®
235. InternalName: svchost.exe
236. OriginalFileName: svchost.exe.mui
237. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
238. ProductVersion: 6.1.7600.16385
239. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
240.
241. =========================
242.
243.
244. "C:\Windows\SysWOW64\fr-FR\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
245. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 02/01/2012,14:30:25
246.
247. Hash MD5: 0A963D5DFB4245BF19B7B4AB0D83560E
248.
249. CompanyName: Microsoft Corporation
250. ProductName: Système d'exploitation Microsoft® Windows®
251. InternalName: svchost.exe
252. OriginalFileName: svchost.exe.mui
253. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
254. ProductVersion: 6.1.7600.16385
255. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
256.
257. =========================
258.
259.
260. "C:\Windows\SysWOW64\svchost.exe" [ ARCHIVE | 21 Ko ]
261. TC: 14/07/2009,00:19:28 | TM: 14/07/2009,02:14:41 | DA: 26/01/2012,19:57:12
262.
263. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
264.
265. CompanyName: Microsoft Corporation
266. ProductName: Système d'exploitation Microsoft® Windows®
267. InternalName: svchost.exe
268. OriginalFileName: svchost.exe.mui
269. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
270. ProductVersion: 6.1.7600.16385
271. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
272.
273. =========================
274.
275.
276. "C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fc0b563b423b21e\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
277. TC: 14/07/2009,16:23:33 | TM: 14/07/2009,16:23:33 | DA: 14/07/2009,16:23:34
278.
279. Hash MD5: 0F5AF281B79F91D782FAE3230FF90288
280.
281. CompanyName: Microsoft Corporation
282. ProductName: Système d'exploitation Microsoft® Windows®
283. InternalName: svchost.exe
284. OriginalFileName: svchost.exe.mui
285. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
286. ProductVersion: 6.1.7600.16385
287. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
288.
289. =========================
290.
291.
292. "C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe" [ ARCHIVE | 27 Ko ]
293. TC: 14/07/2009,00:31:13 | TM: 14/07/2009,02:39:46 | DA: 14/07/2009,00:31:13
294.
295. Hash MD5: C78655BC80301D76ED4FEF1C1EA40A7D
296.
297. CompanyName: Microsoft Corporation
298. ProductName: Système d'exploitation Microsoft® Windows®
299. InternalName: svchost.exe
300. OriginalFileName: svchost.exe.mui
301. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
302. ProductVersion: 6.1.7600.16385
303. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
304.
305. =========================
306.
307.
308. "C:\Windows\winsxs\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_50a8efa432beeea2\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
309. TC: 14/07/2009,02:01:53 | TM: 10/06/2009,21:30:46 | DA: 14/07/2009,02:01:53
310.
311. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
312.
313.
314. =========================
315.
316.
317. "C:\Windows\winsxs\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22\SMSvcHost.exe" [ ARCHIVE | 117 Ko ]
318. TC: 14/07/2009,02:01:53 | TM: 10/06/2009,21:30:46 | DA: 14/07/2009,02:01:53
319.
320. Hash MD5: 3E5A36127E201DDF663176B66828FAFE
321.
322. CompanyName: Microsoft Corporation
323. ProductName: Microsoft® .NET Framework
324. InternalName: SMSvcHost.exe
325. OriginalFileName: SMSvcHost.exe
326. LegalCopyright: © Microsoft Corporation. All rights reserved.
327. ProductVersion: 3.0.4506.4926
328. FileVersion: 3.0.4506.4926 (NetFXw7.030729-4900)
329.
330. =========================
331.
332.
333. "C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_e6e1153910bdcce8\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
334. TC: 14/07/2009,01:36:26 | TM: 10/06/2009,22:14:05 | DA: 02/07/2011,01:52:15
335.
336. Hash MD5: FE2AA5A684B0DD9B1FAE57B7817C198B
337.
338. CompanyName: Microsoft Corporation
339. ProductName: Microsoft® .NET Framework
340. InternalName: SMSvcHost.exe
341. OriginalFileName: SMSvcHost.exe
342. LegalCopyright: © Microsoft Corporation. All rights reserved.
343. ProductVersion: 3.0.4506.4926
344. FileVersion: 3.0.4506.4926 (NetFXw7.030729-4900)
345.
346. =========================
347.
348.
349. "C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
350. TC: 02/07/2011,01:52:15 | TM: 05/11/2010,02:52:39 | DA: 07/07/2011,12:59:22
351.
352. Hash MD5: F476EC40033CDB91EFBE73EB99B8362D
353.
354. CompanyName: Microsoft Corporation
355. ProductName: Microsoft® .NET Framework
356. InternalName: SMSvcHost.exe
357. OriginalFileName: SMSvcHost.exe
358. LegalCopyright: © Microsoft Corporation. All rights reserved.
359. ProductVersion: 3.0.4506.5420
360. FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
361.
362. =========================
363.
364.
365. "C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f3a219dffbc640e8\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
366. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 14/07/2009,16:23:37
367.
368. Hash MD5: 0A963D5DFB4245BF19B7B4AB0D83560E
369.
370. CompanyName: Microsoft Corporation
371. ProductName: Système d'exploitation Microsoft® Windows®
372. InternalName: svchost.exe
373. OriginalFileName: svchost.exe.mui
374. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
375. ProductVersion: 6.1.7600.16385
376. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
377.
378. =========================
379.
380.
381. "C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe" [ ARCHIVE | 21 Ko ]
382. TC: 14/07/2009,00:19:28 | TM: 14/07/2009,02:14:41 | DA: 14/07/2009,00:19:28
383.
384. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
385.
386. CompanyName: Microsoft Corporation
387. ProductName: Système d'exploitation Microsoft® Windows®
388. InternalName: svchost.exe
389. OriginalFileName: svchost.exe.mui
390. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
391. ProductVersion: 6.1.7600.16385
392. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
393.
394. =========================
395.
396.
397. "C:\Windows\winsxs\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_f48a54207a617d6c\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
398. TC: 14/07/2009,01:36:26 | TM: 10/06/2009,22:14:05 | DA: 14/07/2009,01:36:26
399.
400. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
401.
402.
403. =========================
404.
405.
406.
407. ====== Entrée(s) du registre ======
408.
409.
410. [HKLM\Software\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\C:/Windows/Microsoft.NET/Framework/v4.0.30319/SMSvcHost.exe]
411. DA: 12/01/2012 13:24:26
412.
413. [HKLM\Software\Microsoft\FTH]
414. "ExclusionList"="smss.exe
415. csrss.exe
416. wininit.exe
417. services.exe
418. lsass.exe
419. lsm.exe
420. svchost.exe
421. winlogon.exe
422. SLsvc.exe
423. spoolsv.exe
424. taskhost.exe" (REG_MULTI_SZ)
425.
426. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651]
427. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
428.
429. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0]
430. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
431.
432. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA]
433. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
434.
435. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0]
436. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
437.
438. [HKLM\System\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\WinInetHelperClass\HelperClasses\WinInetHelperClass\Attributes\AppID]
439. "DefaultValue"="C:\Windows\system32\svchost.exe" (REG_SZ)
440.
441. [HKLM\System\ControlSet001\services\AeLookupSvc]
442. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
443.
444. [HKLM\System\ControlSet001\services\Akamai]
445. "ImagePath"="%SystemRoot%\System32\svchost.exe -k Akamai" (REG_EXPAND_SZ)
446.
447. [HKLM\System\ControlSet001\services\AppIDSvc]
448. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
449.
450. [HKLM\System\ControlSet001\services\Appinfo]
451. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
452.
453. [HKLM\System\ControlSet001\services\AppMgmt]
454. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
455.
456. [HKLM\System\ControlSet001\services\AudioEndpointBuilder]
457. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
458.
459. [HKLM\System\ControlSet001\services\AudioSrv]
460. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
461.
462. [HKLM\System\ControlSet001\services\AxInstSV]
463. "ImagePath"="%SystemRoot%\system32\svchost.exe -k AxInstSVGroup" (REG_EXPAND_SZ)
464.
465. [HKLM\System\ControlSet001\services\BDESVC]
466. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
467.
468. [HKLM\System\ControlSet001\services\BFE]
469. "ImagePath"="%systemroot%\system32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
470.
471. [HKLM\System\ControlSet001\services\BITS]
472. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
473.
474. [HKLM\System\ControlSet001\services\Browser]
475. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
476.
477. [HKLM\System\ControlSet001\services\bthserv]
478. "ImagePath"="%SystemRoot%\system32\svchost.exe -k bthsvcs" (REG_EXPAND_SZ)
479.
480. [HKLM\System\ControlSet001\services\CertPropSvc]
481. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
482.
483. [HKLM\System\ControlSet001\services\CryptSvc]
484. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
485.
486. [HKLM\System\ControlSet001\services\DcomLaunch]
487. "ImagePath"="%SystemRoot%\system32\svchost.exe -k DcomLaunch" (REG_EXPAND_SZ)
488.
489. [HKLM\System\ControlSet001\services\defragsvc]
490. "ImagePath"="%SystemRoot%\system32\svchost.exe -k defragsvc" (REG_EXPAND_SZ)
491.
492. [HKLM\System\ControlSet001\services\Dhcp]
493. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
494.
495. [HKLM\System\ControlSet001\services\Dnscache]
496. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
497.
498. [HKLM\System\ControlSet001\services\dot3svc]
499. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
500.
501. [HKLM\System\ControlSet001\services\DPS]
502. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
503.
504. [HKLM\System\ControlSet001\services\EapHost]
505. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
506.
507. [HKLM\System\ControlSet001\services\eventlog]
508. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
509.
510. [HKLM\System\ControlSet001\services\EventSystem]
511. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
512.
513. [HKLM\System\ControlSet001\services\fdPHost]
514. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
515.
516. [HKLM\System\ControlSet001\services\FDResPub]
517. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
518.
519. [HKLM\System\ControlSet001\services\FontCache]
520. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
521.
522. [HKLM\System\ControlSet001\services\gpsvc]
523. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
524.
525. [HKLM\System\ControlSet001\services\hidserv]
526. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
527.
528. [HKLM\System\ControlSet001\services\hkmsvc]
529. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
530.
531. [HKLM\System\ControlSet001\services\HomeGroupListener]
532. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
533.
534. [HKLM\System\ControlSet001\services\HomeGroupProvider]
535. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
536.
537. [HKLM\System\ControlSet001\services\IKEEXT]
538. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
539.
540. [HKLM\System\ControlSet001\services\IPBusEnum]
541. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
542.
543. [HKLM\System\ControlSet001\services\iphlpsvc]
544. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetSvcs" (REG_EXPAND_SZ)
545.
546. [HKLM\System\ControlSet001\services\KtmRm]
547. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation" (REG_EXPAND_SZ)
548.
549. [HKLM\System\ControlSet001\services\LanmanServer]
550. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
551.
552. [HKLM\System\ControlSet001\services\LanmanWorkstation]
553. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
554.
555. [HKLM\System\ControlSet001\services\lltdsvc]
556. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
557.
558. [HKLM\System\ControlSet001\services\lmhosts]
559. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
560.
561. [HKLM\System\ControlSet001\services\Mcx2Svc]
562. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
563.
564. [HKLM\System\ControlSet001\services\MMCSS]
565. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
566.
567. [HKLM\System\ControlSet001\services\MpsSvc]
568. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
569.
570. [HKLM\System\ControlSet001\services\MSiSCSI]
571. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
572.
573. [HKLM\System\ControlSet001\services\napagent]
574. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
575.
576. [HKLM\System\ControlSet001\services\Netman]
577. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
578.
579. [HKLM\System\ControlSet001\services\NetMsmqActivator]
580. "ImagePath"=""c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator" (REG_EXPAND_SZ)
581.
582. [HKLM\System\ControlSet001\services\NetPipeActivator]
583. "ImagePath"="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" (REG_EXPAND_SZ)
584.
585. [HKLM\System\ControlSet001\services\netprofm]
586. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
587.
588. [HKLM\System\ControlSet001\services\NetTcpActivator]
589. "ImagePath"="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" (REG_EXPAND_SZ)
590.
591. [HKLM\System\ControlSet001\services\NetTcpPortSharing]
592. "ImagePath"="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" (REG_EXPAND_SZ)
593.
594. [HKLM\System\ControlSet001\services\NlaSvc]
595. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
596.
597. [HKLM\System\ControlSet001\services\nsi]
598. "ImagePath"="%systemroot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
599.
600. [HKLM\System\ControlSet001\services\p2pimsvc]
601. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
602.
603. [HKLM\System\ControlSet001\services\p2psvc]
604. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
605.
606. [HKLM\System\ControlSet001\services\PcaSvc]
607. "ImagePath"="%systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
608.
609. [HKLM\System\ControlSet001\services\pla]
610. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
611.
612. [HKLM\System\ControlSet001\services\PlugPlay]
613. "ImagePath"="%SystemRoot%\system32\svchost.exe -k DcomLaunch" (REG_EXPAND_SZ)
614.
615. [HKLM\System\ControlSet001\services\PNRPAutoReg]
616. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
617.
618. [HKLM\System\ControlSet001\services\PNRPsvc]
619. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
620.
621. [HKLM\System\ControlSet001\services\PolicyAgent]
622. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted" (REG_EXPAND_SZ)
623.
624. [HKLM\System\ControlSet001\services\Power]
625. "ImagePath"="%SystemRoot%\system32\svchost.exe -k DcomLaunch" (REG_EXPAND_SZ)
626.
627. [HKLM\System\ControlSet001\services\ProfSvc]
628. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
629.
630. [HKLM\System\ControlSet001\services\QWAVE]
631. "ImagePath"="%windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
632.
633. [HKLM\System\ControlSet001\services\RasAuto]
634. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
635.
636. [HKLM\System\ControlSet001\services\RasMan]
637. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
638.
639. [HKLM\System\ControlSet001\services\RemoteAccess]
640. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
641.
642. [HKLM\System\ControlSet001\services\RemoteRegistry]
643. "ImagePath"="%SystemRoot%\system32\svchost.exe -k regsvc" (REG_EXPAND_SZ)
644.
645. [HKLM\System\ControlSet001\services\RpcEptMapper]
646. "ImagePath"="%SystemRoot%\system32\svchost.exe -k RPCSS" (REG_EXPAND_SZ)
647.
648. [HKLM\System\ControlSet001\services\RpcSs]
649. "ImagePath"="%SystemRoot%\system32\svchost.exe -k rpcss" (REG_EXPAND_SZ)
650.
651. [HKLM\System\ControlSet001\services\SCardSvr]
652. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
653.
654. [HKLM\System\ControlSet001\services\Schedule]
655. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
656.
657. [HKLM\System\ControlSet001\services\SCPolicySvc]
658. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
659.
660. [HKLM\System\ControlSet001\services\SDRSVC]
661. "ImagePath"="%SystemRoot%\system32\svchost.exe -k SDRSVC" (REG_EXPAND_SZ)
662.
663. [HKLM\System\ControlSet001\services\seclogon]
664. "ImagePath"="%windir%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
665.
666. [HKLM\System\ControlSet001\services\SENS]
667. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
668.
669. [HKLM\System\ControlSet001\services\SensrSvc]
670. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
671.
672. [HKLM\System\ControlSet001\services\SessionEnv]
673. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
674.
675. [HKLM\System\ControlSet001\services\SharedAccess]
676. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
677.
678. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
679. "WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
680.
681. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
682. "WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
683.
684. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
685. "WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
686.
687. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
688. "WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
689.
690. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
691. "WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
692.
693. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
694. "WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
695.
696. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
697. "WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
698.
699. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
700. "WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
701.
702. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
703. "WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
704.
705. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
706. "WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
707.
708. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
709. "WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
710.
711. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
712. "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
713.
714. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
715. "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
716.
717. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
718. "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
719.
720. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
721. "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
722.
723. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
724. "PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|Defer=App|" (REG_SZ)
725.
726. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
727. "PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|" (REG_SZ)
728.
729. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
730. "PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|" (REG_SZ)
731.
732. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
733. "PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|" (REG_SZ)
734.
735. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
736. "RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|" (REG_SZ)
737.
738. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
739. "RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|" (REG_SZ)
740.
741. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
742. "Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|" (REG_SZ)
743.
744. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
745. "Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|" (REG_SZ)
746.
747. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
748. "Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|" (REG_SZ)
749.
750. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
751. "Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|" (REG_SZ)
752.
753. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
754. "FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|" (REG_SZ)
755.
756. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
757. "FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|" (REG_SZ)
758.
759. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
760. "CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
761.
762. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
763. "CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
764.
765. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
766. "CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
767.
768. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
769. "CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
770.
771. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
772. "CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
773.
774. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
775. "CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
776.
777. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
778. "CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
779.
780. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
781. "CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
782.
783. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
784. "CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
785.
786. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
787. "PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|" (REG_SZ)
788.
789. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
790. "PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|" (REG_SZ)
791.
792. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
793. "MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
794.
795. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
796. "MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
797.
798. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
799. "MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
800.
801. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
802. "MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
803.
804. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
805. "WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
806.
807. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
808. "WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
809.
810. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
811. "WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
812.
813. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
814. "WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
815.
816. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
817. "WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
818.
819. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
820. "WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
821.
822. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
823. "NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
824.
825. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
826. "NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
827.
828. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
829. "NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
830.
831. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
832. "NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
833.
834. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
835. "NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
836.
837. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
838. "NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
839.
840. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
841. "NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
842.
843. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
844. "NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
845.
846. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
847. "NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
848.
849. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
850. "NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
851.
852. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
853. "NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
854.
855. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
856. "NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
857.
858. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
859. "NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
860.
861. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
862. "NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
863.
864. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
865. "NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
866.
867. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
868. "NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
869.
870. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
871. "NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
872.
873. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
874. "NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
875.
876. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
877. "RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|" (REG_SZ)
878.
879. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
880. "RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|" (REG_SZ)
881.
882. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
883. "RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
884.
885. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
886. "RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
887.
888. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
889. "RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
890.
891. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
892. "RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
893.
894. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
895. "MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|" (REG_SZ)
896.
0
Réponse 12 / 20
Utilisateur anonyme
27 janv. 2012 à 19:18
Salut,

▶ Télécharge et lance AdwCleaner (merci à Xplode)
▶ Clique sur Suppression, et poste le rapport sur le forum

Ensuite, on va réessayer de passer Mbam.

En cas de problème, n'hésite pas à consulter le tutoriel Malwarebytes
Il se peut que le scan soit long, mais il faut le laisser se terminer.

▶ Télécharge Malwarebytes' Anti-Malware sur ton bureau :

▶ Lance l'installation, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7).

▶ Une fois l'installation terminée, le programme se lance et se met à jour. Dans l'onglet Mise à jour, clique sur le bouton "Recherche de mise à jour au cas où.

▶ Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
▶ Sélectionne Exécuter un examen complet.
▶ Sélectionne Tous les disques.
▶ Clique sur Rechercher.

▶ Si des menaces ont été détectées, clique sur Afficher les résultats.

▶ Sélectionne toutes les menaces et clique sur Supprimer la sélection, l'ordinateur peut demander le redémarrage, si tel est la cas accepte.

▶ Une fois redémarré, ouvre Malwarebytes et rends-toi dans l'onglet Rapport.

▶ Ouvre le dernier en date, et copie-colle le sur le forum.
0
Réponse 13 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
27 janv. 2012 à 20:06
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Version de la base de données: v2012.01.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
FICELLO :: FICELLO-PC [administrateur]

27/01/2012 20:01:18
mbam-log-2012-01-27 (20-01-18).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 203921
Temps écoulé: 2 minute(s), 46 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\FICELLO\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 14 / 20
Utilisateur anonyme
27 janv. 2012 à 21:49
Et l'autre rapport ??
0
Réponse 15 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
Modifié par dbzgtmax le 28/01/2012 à 00:51
# AdwCleaner v1.407 - Rapport créé le 28/01/2012 à 00:49:19
# Mis à jour le 18/01/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : FICELLO - FICELLO-PC (Administrateur)
# Exécuté depuis : C:\Users\FICELLO\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Registre (x64)] *****


***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v9.0.1 (fr)

Profil : qm50pug4.default
Fichier : C:\Users\FICELLO\AppData\Roaming\Mozilla\Firefox\Profiles\qm50pug4.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [3340 octets] - [27/01/2012 19:50:16]
AdwCleaner[R1].txt - [1013 octets] - [28/01/2012 00:43:57]
AdwCleaner[S2].txt - [947 octets] - [28/01/2012 00:49:19]

*************************

Dossier Temporaire : 2 dossier(s) et 1 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S2].txt - [1166 octets] ##########
0
Réponse 16 / 20
Utilisateur anonyme
28 janv. 2012 à 09:25
C:\AdwCleaner[S2].txt

Il me faut :

C:\AdwCleaner[S1].txt

As-tu encore des soucis ?
0
Réponse 17 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
28 janv. 2012 à 13:52
Oui encore des soucis, pare-feu et avast inutilisable

https://www.cjoint.com/?BACn0mi3cxu S1
0
Réponse 18 / 20
Utilisateur anonyme
28 janv. 2012 à 14:06
Okay.

Désinstalle Avast :

http://security-helpzone.olympe-network.com/Thread-D%C3%A9sinstaller-vos-Antivirus-%C3%A0-coup-s%C3%BBr

_________________________________________

Ensuite, on va diagnostiquer le pc :

▶ Télécharge ZHPDiag (de Nicolas Coolman)

▶ Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7")

▶ Clique sur l'icône en forme de loupe pour lancer le diagnostique

▶ Héberge le rapport ZHPDiag.txt de ton bureau sur :

http://pjjoint.malekal.com/

▶ Si le site ne fonctionne pas, consulte cette page : Autres hébergeurs en ligne
0
Réponse 19 / 20
dbzgtmax Messages postés 52 Date d'inscription mardi 11 novembre 2008 Statut Membre Dernière intervention 26 décembre 2013
28 janv. 2012 à 14:37
Avast désinstallé

https://www.cjoint.com/?BACoIJ4hRNh ZhpDiag
0
Réponse 20 / 20
Utilisateur anonyme
29 janv. 2012 à 00:09
Re,

Lance ZHPfix, et copie/colle ces lignes en gras :

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\${ELV_GUID}] | (BabylonToolbarsrv.exe) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] | (Weather.exe) -> C:\Program Files (x86)\ClickPotatoLite\bin\10.0.631.0\ => Infection BT (Adware.ClickPotato)
[HKCU\Software\cacaoweb] => Infection PUP (PUP.CacaoWeb)
[28/06/2010|17:38:24] | C:\Windows\IFinst27.exe => Infection MSN
[21/09/2011|21:37:46] | C:\Users\FICELLO\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)
[21/09/2011|21:37:48] | C:\Users\FICELLO\AppData\Local\OpenCandy => Infection PUP (Adware.OpenCandy)
"C:\Users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe"=C:\Users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb => Infection PUP (PUP.CacaoWeb)
"C:\Users\FICELLO\AppData\Roaming\explorer.exe.exe"=C:\Users\FICELLO\AppData\Roaming\explorer.exe.exe:*:Enabled:Windows Messanger => Infection FakeAlert (Possible)
"C:\Users\FICELLO\AppData\Roaming\svchost.exe"=C:\Users\FICELLO\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger => Infection FakeAlert (Possible)
EmptyTemp
EmptyFlash
FirewallRAZ

Clique sur Go et poste le rapport.

Ensuite, retélécharge et installe Avast :


http://ftp01net.telechargement.fr/setup_av_free.exe
0

Discussions similaires

SVCHOST.EXE --> Lag
Mike -
Xasher -

70 réponses
Svchost.exe bouffe ma connexion et mon cpu
Azerking -
Daemon -

9 réponses
comment supprimer svchost.exe?
kacem06 -
billongo1 -

79 réponses
alerte avast: fichier svchost.exe
mayflower -
mayflower -

28 réponses
problème connexion bouffé par svchost.exe (netsvcs)
Utilisateur anonyme -
Utilisateur anonyme -

7 réponses