Problème d'un Malware bloquant Svchost.exe

dbzgtmax Messages postés 64 Statut Membre -  
 Utilisateur anonyme -
<config>Windo

Bonsoir cher Internautes, je suis désespéré:

- Je tente d'activer mon pare-feu mais il est bloqué
- Avast ne démarre plus (il est instable)
- Il bloque les ports de mes logiciels VPN

Un scan avec Spybot, je détecte Svchost.exe comme infecté en malware, il a été supprimé mais maintenant j'arrive plus à réparer :/

Donc j'ai scan, total contrôle de mon compte admin, modifié le registre HKEY/Local_machine/.....BFE et fais tout autorisé à "Tout le monde"

J'ai tenté un redémarrage via le services.msc (Pare-feu en mode automatique...etc)

Donc j'ai testé toutes les solutions :'(

Et bien sur, si possible je ne voudrais pas une réponse du style " Go formater ton disque dur" parce que j'ai vraiment besoin de bosser, merci de votre compréhension

.ws 7 / Firefox 9.0.1</config>

20 réponses

  1. Utilisateur anonyme
     
    Je regarde le rapport demain.

    ▶ Télécharge SEAF sur ton bureau (merci à C_XX)

    ▶ Lance-le, (exécuter en tant qu'administrateur pour Vista/7)

    ▶ Dans le logiciel, vérifie :

    - Que les cases à gauche sont toutes cochées
    - Que "Calculer le Checksum" soit bien sur MD5
    - Que l'option "Chercher également dans le registre" est bien sélectionnée

    ▶ Dans le champ de recherche tape : svchost.exe , puis lance la recherche

    ▶ Patiente pendant la recherche, à la fin de celle-ci, un rapport (log.txt) s'ouvrira

    ▶ Copie/colle ce rapport dans ta prochaine réponse
    ?? Saachaa ?
    Contributeur CCM
    2
  2. Utilisateur anonyme
     
    Salut,

    Si je comprends bien tu as viré Svchost.exe ?

    En fait, ce n'est pas un virus mais un composant essentiel de Windows, et un virus est rentré dedans...

    /!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS /!\

    ___________________________________________________________
    Ce logiciel n'est à utiliser que prescrit par un helpeur qualifié et formé à l'outil

    >>>>>>> Ne pas utiliser en dehors de ce cas de figure : dangereux <<<<<<
    ___________________________________________________________


    ▶ Surtout, pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    ▶ Telecharge ici : Combofix

    Avant d'utiliser ComboFix :

    Si tu utilises AVG, il faut impérativement le désinstaller avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système ! La simple désactivation du résident n'est pas suffisante.
    En suivant ce lien, recherche AVG et choisis la version adéquat, puis lance l'outil.


    ▶ Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    ▶ Télécharge et lance Defogger (de jpshortstuff) sur ton Bureau

    ▶ Une fenêtre apparaît : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable".

    _________________________________________________________
    ▶ Enregistre et ferme tous tes programmes en cours
    ▶ Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, toutes tes protections (Antivirus, AntiSpyware etc...) qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
    _________________________________________________________

    Si tu as Windows XP -> double clique sur le logiciel pour le lancer.
    Si tu as Windows Vista ou Windows 7 -> clic droit "exécuter en tant qu'administrateur" sur le logiciel pour le lancer.

    ¤¤ Accepte l'installation de la console de récupération si demandé ¤¤¤

    ! Ne touche à rien pendant que l'outil travaille (souris, clavier...) !

    ▶ Une fois que ComboFix a terminé, n'oublie pas de réactiver la garde de tes protections avant de te reconnecter à Internet

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  3. dbzgtmax Messages postés 64 Statut Membre
     
    Je l'ai viré à la corbeille (il est dedans car je sais que c'est pas un virus mais apparemment le virus veut pas dégager), je vais suivre ta procédure, je te dis quoi, merci

    Edit: je n'ai pas de AVG ( Mais j'ai avast qui est bloqué)

    Edit2: Impossibilité de coller le log ici, bizarre
    0
  4. dbzgtmax Messages postés 64 Statut Membre
     
    Doublon
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dbzgtmax Messages postés 64 Statut Membre
     
    ComboFix 12-01-23.02 - FICELLO 25/01/2012 21:12:36.1.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4055.2661 [GMT 1:00]
    Lancé depuis: c:\users\FICELLO\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\CrashLog_20110403.txt
    c:\cflog\CrashLog_20110404.txt
    c:\cflog\CrashLog_20110408.txt
    c:\cflog\CrashLog_20110409.txt
    c:\cflog\CrashLog_20110410.txt
    C:\update.exe
    c:\users\FICELLO\AppData\Local\assembly\tmp
    c:\users\FICELLO\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray
    c:\users\FICELLO\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
    c:\users\FICELLO\AppData\Local\TempDIR
    c:\users\FICELLO\AppData\Local\TempDIR\BetterInstaller.exe
    c:\users\FICELLO\AppData\Roaming\cacaoweb
    c:\users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe
    c:\users\FICELLO\AppData\Roaming\cacaoweb\downloadPNWTDCP058397237.cacao
    c:\users\FICELLO\AppData\Roaming\cacaoweb\fileE9016507786BDCBA59DB93627BA0A5F8.cacao
    c:\users\FICELLO\AppData\Roaming\cacaoweb\npdfile.dat
    c:\users\FICELLO\AppData\Roaming\cacaoweb\storage.db
    c:\users\FICELLO\AppData\Roaming\chrtmp
    c:\users\FICELLO\AppData\Roaming\EurekaLog
    c:\users\FICELLO\AppData\Roaming\EurekaLog\EurekaLog.ini
    c:\users\FICELLO\AppData\Roaming\explorer.exe.exe
    c:\users\FICELLO\AppData\Roaming\FICELLOlog.dat
    c:\users\FICELLO\AppData\Roaming\install\server.exe
    c:\users\FICELLO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.exe
    c:\windows\Install
    c:\windows\Install\server.exe
    c:\windows\PCGWIN32.LI5
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\java.exe
    c:\windows\system32\jucheck.exe
    c:\windows\system32\jusched.exe
    c:\windows\SysWow64\BReWErS.dll
    c:\windows\SysWow64\Explorer
    c:\windows\WindowsUpdate.log
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-12-25 au 2012-01-25 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-01-25 20:20 . 2012-01-25 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-24 22:22 . 2012-01-25 20:11 -------- d-----w- c:\users\FICELLO\AppData\Local\LogMeIn Hamachi
    2012-01-24 22:21 . 2012-01-24 22:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-01-24 21:00 . 2012-01-25 19:20 -------- d-----w- c:\users\Adminsecours
    2012-01-24 19:08 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F31F09D1-2CB1-4F73-87B2-CE463A6D2F57}\mpengine.dll
    2012-01-22 23:09 . 2012-01-22 23:09 -------- d-----w- c:\windows\SysWow64\Adobe
    2012-01-16 17:47 . 2012-01-16 18:17 -------- d-----w- c:\windows\9580813D94B14C289426A441E2BB29A5.TMP
    2012-01-15 21:03 . 2012-01-15 21:03 -------- d-----w- c:\program files (x86)\Activision
    2012-01-15 16:38 . 2012-01-15 16:38 4608 ----a-w- c:\windows\SysWow64\dvttrn.dll
    2012-01-15 12:44 . 2012-01-15 12:44 -------- d-----w- c:\users\FICELLO\AppData\Local\Activision
    2012-01-15 01:42 . 2012-01-15 01:42 -------- d-----w- c:\programdata\Megamedia
    2012-01-14 11:42 . 2012-01-14 11:42 -------- d-----w- c:\program files (x86)\THQ
    2012-01-12 13:04 . 2012-01-12 13:04 -------- d-----w- c:\users\FICELLO\AppData\Local\mpress
    2012-01-11 16:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 16:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-01-11 16:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 16:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-11 16:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 16:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-11 16:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 16:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-10 18:40 . 2012-01-10 18:40 -------- d-----w- c:\programdata\Canneverbe Limited
    2012-01-10 18:40 . 2012-01-10 18:40 -------- d-----w- c:\users\FICELLO\AppData\Roaming\Canneverbe Limited
    2012-01-10 18:39 . 2012-01-10 18:39 -------- d-----w- c:\program files (x86)\CDBurnerXP
    2012-01-02 02:23 . 2012-01-02 02:23 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
    2011-12-31 01:07 . 2011-12-31 01:07 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-31 01:07 . 2011-12-31 01:07 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-31 01:07 . 2011-12-31 01:07 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-31 01:07 . 2011-12-31 01:07 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-27 21:24 . 2011-12-27 21:24 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-28 00:52 . 2011-05-16 15:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2010-07-18 17:17 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2010-06-16 08:17 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-11-28 18:01 . 2011-01-27 17:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:54 . 2011-06-04 16:02 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2010-06-16 08:18 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2010-06-16 08:18 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2010-06-16 08:18 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2010-06-16 08:18 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-28 17:51 . 2010-06-16 08:18 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-24 04:52 . 2011-12-13 23:28 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 13:29 . 2010-06-16 08:46 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-05 05:41 . 2011-12-13 23:28 1188864 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 05:32 . 2011-12-13 23:28 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:35 . 2011-12-13 23:28 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-05 04:26 . 2011-12-13 23:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-05 03:32 . 2011-12-13 23:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-05 02:48 . 2011-12-13 23:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-06-23 3380632]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Revolution1;Revolution1;c:\users\FICELLO\Desktop\Revolution_Engine_8.3_ShaK3\Revolution_Engine_8.3_ShaK3\SHAK3.sys [x]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-11-03 19952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va001;X6va001;c:\users\FICELLO\AppData\Local\Temp\0011162.tmp [x]
    R3 X6va003;X6va003;c:\users\FICELLO\AppData\Local\Temp\00358E8.tmp [x]
    R3 X6va005;X6va005;c:\users\FICELLO\AppData\Local\Temp\005B578.tmp [x]
    R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
    R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
    R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-04-12 420864]
    R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
    R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
    R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-12-12 751464]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.olgh.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Capture Web Page
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Fetch to Megaupload
    IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\FICELLO\AppData\Roaming\Mozilla\Firefox\Profiles\qm50pug4.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    BHO-{77F4E711-789B-447F-9614-96759B2F83C6} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKCU-Run-cacaoweb - c:\users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe
    Wow6432Node-HKCU-Run-BIOS Backup - c:\users\FICELLO\AppData\Roaming\5YtCaXaWoDdf.exe
    Wow6432Node-HKCU-Run-KeyProtector - c:\users\FICELLO\AppData\Roaming\419836955.exe
    Wow6432Node-HKCU-Run-Megakey - c:\users\FICELLO\AppData\Local\Megamedia\Megakey\Megakey.exe
    Wow6432Node-HKCU-Run-MegakeyUpdater - c:\users\FICELLO\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
    Wow6432Node-HKLM-Run-ShwiconXP9106 - c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    Wow6432Node-HKLM-Run-PDVDDXSrv - c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    Wow6432Node-HKLM-Run-BIOS Backup - c:\users\FICELLO\AppData\Roaming\5YtCaXaWoDdf.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM_Wow6432Node-ActiveSetup-{B7D3DCF9-7B4D-F7AE-B1CC-3E937BC5C7B9} - c:\users\FICELLO\AppData\Local\Temp\GX7EX0BYPW.exe
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{4565939C-AABE-46B5-A128-E5CD330B1373}_is1 - c:\users\FICELLO\Desktop\Autoclics_4.1.0\unins000.exe
    AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
    "ImagePath"="\??\c:\users\FICELLO\AppData\Local\Temp\0011162.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\FICELLO\AppData\Local\Temp\00358E8.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\FICELLO\AppData\Local\Temp\005B578.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8EEB6160-CBAF-2EA3-C147-DF7B0C01B7A7}*]
    "hagebflbbmchfkkm"=hex:69,61,61,6f,69,62,62,62,64,66,6c,6d,63,62,64,6c,64,69,
    00,00
    "iamchgoidngkfbjolg"=hex:69,61,61,6f,69,62,62,62,64,66,6c,6d,63,62,64,6c,64,69,
    00,00
    .
    [HKEY_USERS\S-1-5-21-3872701368-3742618672-997886230-1000\Software\SecuROM\License information*]
    "datasecu"=hex:f4,85,82,8e,60,9b,72,d9,0c,c1,f9,92,60,19,60,6a,61,a7,1c,33,79,
    d3,36,ae,a4,c4,40,0d,df,13,ad,37,be,bc,e5,11,2f,58,c2,9c,0e,3d,0f,0b,7c,9b,\
    "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\xampp\mysql\bin\mysqld.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Internet Download Manager\IEMonitor.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-01-25 21:28:15 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-01-25 20:28
    .
    Avant-CF: 52 908 765 184 octets libres
    Après-CF: 54 707 728 384 octets libres
    .
    - - End Of File - - E903687226F00BE997735AC828B4C765
    0
  7. dbzgtmax Messages postés 64 Statut Membre
     
    UP
    0
  8. Utilisateur anonyme
     
    Salut,

    Je viens de rentrer du travail, désolé je ne suis pas un robot !

    Je regarde ça dans la soirée
    0
  9. Utilisateur anonyme
     
    Combofix a bien bossé, toujours des soucis ?

    Si oui, nomme-les.

    Ensuite :

    Ferme et enregistre toutes tes applications en cours

    Télécharge et enregistre ceci sur ton bureau :

    Pre_Scan

    S'il n'est pas sur ton bureau coupe-le de ton dossier téléchargements et colle-le sur ton bureau

    Une fois téléchargé lance-le et laisse faire le scan

    Tous les processus non vitaux seront coupés, donc il se peut que ton Antivirus aussi, c'est normal !

    Si 'outil est bloqué par l'infection utilise cette version : Version .pif

    Si l'outil ne se lance toujours pas, utilise cette version renommée : Winlogon.exe (Pre_Scan)

    Si l'outil détecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

    Poste Pre_Scan_la_date_et_l'heure.txt qui apparaîtra sur le bureau en fin de scan grâce à ce qui suit :

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    ▶ Clique sur ce lien : https://www.cjoint.com/

    ▶ Clique sur Parcourir, et sélectionne le fichier Pre_Scan_la_date_et_l'heure.txt sur ton bureau

    ▶ Donne moi le lien en résultant

    ▶ Si Cjoint ne fonctionne pas, consulte cette page : Autres hébergeurs en ligne

    Si ton bureau ne réapparaît pas -> Ctrl+Alt+Suppr , gestionnaire des tâches -> onglet fichier -> nouvelle tâche puis tape explorer
    0
  10. dbzgtmax Messages postés 64 Statut Membre
     
    Oui j'ai toujours un souci mais j'ai remarqué une chose:

    un svchost.exe dans C:\Users\FICELLO\AppData\Roaming qui est un malware supprimé et définitivement

    et le svchost.exe qui se dans le dossier system32 qui est un composant essentiel à Windows (en regardant dans gestionnaire de tâches, j'ai compté 12 "svchost.exe" menant tous au meme dossier system32, je sais pas si c'est normal mais en tout cas le pare-feu est inutilisable et l'antivirus est bloqué donc je suis ta procédure dans l'immédiat, merci et je te dis quoi ensuite.
    0
  11. dbzgtmax Messages postés 64 Statut Membre
     
    http://cjoint.com/12jv/BAAuKfQlNuz.htm

    voilà le cjoint
    0
  12. dbzgtmax Messages postés 64 Statut Membre
     
    Voilà le rapport copie/collé

    1. ========================= SEAF 1.0.1.0 - C_XX
    2.
    3. Commencé à: 21:50:42 le 26/01/2012
    4.
    5. Valeur(s) recherchée(s):
    6. svchost.exe
    7.
    8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
    9.
    10. (!) --- Calcul du Hash "MD5"
    11. (!) --- Informations supplémentaires
    12. (!) --- Affichage des ADS
    13. (!) --- Affichage des dossiers
    14. (!) --- Recherche registre
    15.
    16. ====== Fichier(s) ======
    17.
    18.
    19. "C:\Users\FICELLO\Desktop\svchost.exe" [ ARCHIVE | 21 Ko ]
    20. TC: 26/01/2012,21:38:47 | TM: 26/01/2012,21:38:48 | DA: 26/01/2012,21:38:48
    21.
    22. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
    23.
    24. CompanyName: Microsoft Corporation
    25. ProductName: Système d'exploitation Microsoft® Windows®
    26. InternalName: svchost.exe
    27. OriginalFileName: svchost.exe.mui
    28. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    29. ProductVersion: 6.1.7600.16385
    30. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    31.
    32. /!\ ADS: Zone.Identifier - 26 octets
    33.
    34. =========================
    35.
    36.
    37. "C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
    38. TC: 02/07/2011,01:52:15 | TM: 05/11/2010,02:52:39 | DA: 25/01/2012,21:20:24
    39.
    40. Hash MD5: F476EC40033CDB91EFBE73EB99B8362D
    41.
    42. CompanyName: Microsoft Corporation
    43. ProductName: Microsoft® .NET Framework
    44. InternalName: SMSvcHost.exe
    45. OriginalFileName: SMSvcHost.exe
    46. LegalCopyright: © Microsoft Corporation. All rights reserved.
    47. ProductVersion: 3.0.4506.5420
    48. FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
    49.
    50. =========================
    51.
    52.
    53. "C:\Windows\ERDNT\cache64\svchost.exe" [ ARCHIVE | 27 Ko ]
    54. TC: 25/01/2012,21:26:00 | TM: 14/07/2009,02:39:46 | DA: 25/01/2012,21:26:00
    55.
    56. Hash MD5: C78655BC80301D76ED4FEF1C1EA40A7D
    57.
    58. CompanyName: Microsoft Corporation
    59. ProductName: Système d'exploitation Microsoft® Windows®
    60. InternalName: svchost.exe
    61. OriginalFileName: svchost.exe.mui
    62. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    63. ProductVersion: 6.1.7600.16385
    64. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    65.
    66. =========================
    67.
    68.
    69. "C:\Windows\ERDNT\cache86\svchost.exe" [ ARCHIVE | 21 Ko ]
    70. TC: 25/01/2012,21:26:01 | TM: 14/07/2009,02:14:41 | DA: 25/01/2012,21:26:01
    71.
    72. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
    73.
    74. CompanyName: Microsoft Corporation
    75. ProductName: Système d'exploitation Microsoft® Windows®
    76. InternalName: svchost.exe
    77. OriginalFileName: svchost.exe.mui
    78. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    79. ProductVersion: 6.1.7600.16385
    80. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    81.
    82. =========================
    83.
    84.
    85. "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
    86. TC: 02/07/2011,01:52:15 | TM: 05/11/2010,02:52:39 | DA: 25/01/2012,21:20:24
    87.
    88. Hash MD5: F476EC40033CDB91EFBE73EB99B8362D
    89.
    90. CompanyName: Microsoft Corporation
    91. ProductName: Microsoft® .NET Framework
    92. InternalName: SMSvcHost.exe
    93. OriginalFileName: SMSvcHost.exe
    94. LegalCopyright: © Microsoft Corporation. All rights reserved.
    95. ProductVersion: 3.0.4506.5420
    96. FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
    97.
    98. =========================
    99.
    100.
    101. "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config" [ NORMAL | 2 Ko ]
    102. TC: 14/07/2009,06:32:40 | TM: 14/07/2009,06:32:32 | DA: 14/07/2009,06:32:32
    103.
    104. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
    105.
    106.
    107. =========================
    108.
    109.
    110. "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" [ ARCHIVE | 124 Ko ]
    111. TC: 18/03/2010,13:16:28 | TM: 18/03/2010,13:16:28 | DA: 12/01/2012,13:21:21
    112.
    113. Hash MD5: D22CD77D4F0D63D1169BB35911BFF12D
    114.
    115. CompanyName: Microsoft Corporation
    116. ProductName: Microsoft® .NET Framework
    117. InternalName: SMSvcHost.exe
    118. OriginalFileName: SMSvcHost.exe
    119. LegalCopyright: © Microsoft Corporation. All rights reserved.
    120. ProductVersion: 4.0.30319.1
    121. FileVersion: 4.0.30319.1 (RTMRel.030319-0100)
    122.
    123. =========================
    124.
    125.
    126. "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
    127. TC: 18/03/2010,00:10:40 | TM: 18/03/2010,00:10:40 | DA: 12/01/2012,13:21:21
    128.
    129. Hash MD5: A9E7E2A3A82362D180CEA7EA1EDFA81A
    130.
    131.
    132. =========================
    133.
    134.
    135. "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [ ARCHIVE | 117 Ko ]
    136. TC: 14/07/2009,02:01:53 | TM: 10/06/2009,21:30:46 | DA: 25/01/2012,21:20:25
    137.
    138. Hash MD5: 3E5A36127E201DDF663176B66828FAFE
    139.
    140. CompanyName: Microsoft Corporation
    141. ProductName: Microsoft® .NET Framework
    142. InternalName: SMSvcHost.exe
    143. OriginalFileName: SMSvcHost.exe
    144. LegalCopyright: © Microsoft Corporation. All rights reserved.
    145. ProductVersion: 3.0.4506.4926
    146. FileVersion: 3.0.4506.4926 (NetFXw7.030729-4900)
    147.
    148. =========================
    149.
    150.
    151. "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
    152. TC: 14/07/2009,06:32:40 | TM: 14/07/2009,06:32:32 | DA: 14/07/2009,06:32:32
    153.
    154. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
    155.
    156.
    157. =========================
    158.
    159.
    160. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" [ ARCHIVE | 124 Ko ]
    161. TC: 18/03/2010,13:16:28 | TM: 18/03/2010,13:16:28 | DA: 25/01/2012,21:13:10
    162.
    163. Hash MD5: D22CD77D4F0D63D1169BB35911BFF12D
    164.
    165. CompanyName: Microsoft Corporation
    166. ProductName: Microsoft® .NET Framework
    167. InternalName: SMSvcHost.exe
    168. OriginalFileName: SMSvcHost.exe
    169. LegalCopyright: © Microsoft Corporation. All rights reserved.
    170. ProductVersion: 4.0.30319.1
    171. FileVersion: 4.0.30319.1 (RTMRel.030319-0100)
    172.
    173. =========================
    174.
    175.
    176. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
    177. TC: 18/03/2010,00:10:40 | TM: 18/03/2010,00:10:40 | DA: 12/01/2012,13:17:35
    178.
    179. Hash MD5: A9E7E2A3A82362D180CEA7EA1EDFA81A
    180.
    181.
    182. =========================
    183.
    184.
    185. "C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 21 Ko ]
    186. TC: 28/12/2011,13:48:07 | TM: 26/01/2012,20:09:22 | DA: 26/01/2012,20:09:22
    187.
    188. Hash MD5: 47BD2E780A24B5998812B9E25ED26303
    189.
    190.
    191. =========================
    192.
    193.
    194. "C:\Windows\Prefetch\SVCHOST.EXE-CFE81CB7.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 19 Ko ]
    195. TC: 04/12/2010,22:34:12 | TM: 26/01/2012,20:34:52 | DA: 26/01/2012,20:34:52
    196.
    197. Hash MD5: 6CA69A9CAA88F6CCFC76455446065101
    198.
    199.
    200. =========================
    201.
    202.
    203. "C:\Windows\Prefetch\SVCHOST.EXE-EDA5A3D2.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 58 Ko ]
    204. TC: 11/01/2012,15:13:08 | TM: 26/01/2012,20:15:36 | DA: 26/01/2012,20:15:36
    205.
    206. Hash MD5: D3C84795D71E71B3F61C3F63CADBAE1D
    207.
    208.
    209. =========================
    210.
    211.
    212. "C:\Windows\System32\fr-FR\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
    213. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 02/01/2012,14:30:25
    214.
    215. Hash MD5: 0A963D5DFB4245BF19B7B4AB0D83560E
    216.
    217. CompanyName: Microsoft Corporation
    218. ProductName: Système d'exploitation Microsoft® Windows®
    219. InternalName: svchost.exe
    220. OriginalFileName: svchost.exe.mui
    221. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    222. ProductVersion: 6.1.7600.16385
    223. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    224.
    225. =========================
    226.
    227.
    228. "C:\Windows\System32\svchost.exe" [ ARCHIVE | 21 Ko ]
    229. TC: 14/07/2009,00:19:28 | TM: 14/07/2009,02:14:41 | DA: 26/01/2012,19:57:12
    230.
    231. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
    232.
    233. CompanyName: Microsoft Corporation
    234. ProductName: Système d'exploitation Microsoft® Windows®
    235. InternalName: svchost.exe
    236. OriginalFileName: svchost.exe.mui
    237. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    238. ProductVersion: 6.1.7600.16385
    239. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    240.
    241. =========================
    242.
    243.
    244. "C:\Windows\SysWOW64\fr-FR\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
    245. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 02/01/2012,14:30:25
    246.
    247. Hash MD5: 0A963D5DFB4245BF19B7B4AB0D83560E
    248.
    249. CompanyName: Microsoft Corporation
    250. ProductName: Système d'exploitation Microsoft® Windows®
    251. InternalName: svchost.exe
    252. OriginalFileName: svchost.exe.mui
    253. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    254. ProductVersion: 6.1.7600.16385
    255. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    256.
    257. =========================
    258.
    259.
    260. "C:\Windows\SysWOW64\svchost.exe" [ ARCHIVE | 21 Ko ]
    261. TC: 14/07/2009,00:19:28 | TM: 14/07/2009,02:14:41 | DA: 26/01/2012,19:57:12
    262.
    263. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
    264.
    265. CompanyName: Microsoft Corporation
    266. ProductName: Système d'exploitation Microsoft® Windows®
    267. InternalName: svchost.exe
    268. OriginalFileName: svchost.exe.mui
    269. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    270. ProductVersion: 6.1.7600.16385
    271. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    272.
    273. =========================
    274.
    275.
    276. "C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fc0b563b423b21e\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
    277. TC: 14/07/2009,16:23:33 | TM: 14/07/2009,16:23:33 | DA: 14/07/2009,16:23:34
    278.
    279. Hash MD5: 0F5AF281B79F91D782FAE3230FF90288
    280.
    281. CompanyName: Microsoft Corporation
    282. ProductName: Système d'exploitation Microsoft® Windows®
    283. InternalName: svchost.exe
    284. OriginalFileName: svchost.exe.mui
    285. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    286. ProductVersion: 6.1.7600.16385
    287. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    288.
    289. =========================
    290.
    291.
    292. "C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe" [ ARCHIVE | 27 Ko ]
    293. TC: 14/07/2009,00:31:13 | TM: 14/07/2009,02:39:46 | DA: 14/07/2009,00:31:13
    294.
    295. Hash MD5: C78655BC80301D76ED4FEF1C1EA40A7D
    296.
    297. CompanyName: Microsoft Corporation
    298. ProductName: Système d'exploitation Microsoft® Windows®
    299. InternalName: svchost.exe
    300. OriginalFileName: svchost.exe.mui
    301. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    302. ProductVersion: 6.1.7600.16385
    303. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    304.
    305. =========================
    306.
    307.
    308. "C:\Windows\winsxs\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_50a8efa432beeea2\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
    309. TC: 14/07/2009,02:01:53 | TM: 10/06/2009,21:30:46 | DA: 14/07/2009,02:01:53
    310.
    311. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
    312.
    313.
    314. =========================
    315.
    316.
    317. "C:\Windows\winsxs\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22\SMSvcHost.exe" [ ARCHIVE | 117 Ko ]
    318. TC: 14/07/2009,02:01:53 | TM: 10/06/2009,21:30:46 | DA: 14/07/2009,02:01:53
    319.
    320. Hash MD5: 3E5A36127E201DDF663176B66828FAFE
    321.
    322. CompanyName: Microsoft Corporation
    323. ProductName: Microsoft® .NET Framework
    324. InternalName: SMSvcHost.exe
    325. OriginalFileName: SMSvcHost.exe
    326. LegalCopyright: © Microsoft Corporation. All rights reserved.
    327. ProductVersion: 3.0.4506.4926
    328. FileVersion: 3.0.4506.4926 (NetFXw7.030729-4900)
    329.
    330. =========================
    331.
    332.
    333. "C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_e6e1153910bdcce8\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
    334. TC: 14/07/2009,01:36:26 | TM: 10/06/2009,22:14:05 | DA: 02/07/2011,01:52:15
    335.
    336. Hash MD5: FE2AA5A684B0DD9B1FAE57B7817C198B
    337.
    338. CompanyName: Microsoft Corporation
    339. ProductName: Microsoft® .NET Framework
    340. InternalName: SMSvcHost.exe
    341. OriginalFileName: SMSvcHost.exe
    342. LegalCopyright: © Microsoft Corporation. All rights reserved.
    343. ProductVersion: 3.0.4506.4926
    344. FileVersion: 3.0.4506.4926 (NetFXw7.030729-4900)
    345.
    346. =========================
    347.
    348.
    349. "C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e\SMSvcHost.exe" [ ARCHIVE | 129 Ko ]
    350. TC: 02/07/2011,01:52:15 | TM: 05/11/2010,02:52:39 | DA: 07/07/2011,12:59:22
    351.
    352. Hash MD5: F476EC40033CDB91EFBE73EB99B8362D
    353.
    354. CompanyName: Microsoft Corporation
    355. ProductName: Microsoft® .NET Framework
    356. InternalName: SMSvcHost.exe
    357. OriginalFileName: SMSvcHost.exe
    358. LegalCopyright: © Microsoft Corporation. All rights reserved.
    359. ProductVersion: 3.0.4506.5420
    360. FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
    361.
    362. =========================
    363.
    364.
    365. "C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f3a219dffbc640e8\svchost.exe.mui" [ ARCHIVE | 2 Ko ]
    366. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 14/07/2009,16:23:37
    367.
    368. Hash MD5: 0A963D5DFB4245BF19B7B4AB0D83560E
    369.
    370. CompanyName: Microsoft Corporation
    371. ProductName: Système d'exploitation Microsoft® Windows®
    372. InternalName: svchost.exe
    373. OriginalFileName: svchost.exe.mui
    374. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    375. ProductVersion: 6.1.7600.16385
    376. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    377.
    378. =========================
    379.
    380.
    381. "C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe" [ ARCHIVE | 21 Ko ]
    382. TC: 14/07/2009,00:19:28 | TM: 14/07/2009,02:14:41 | DA: 14/07/2009,00:19:28
    383.
    384. Hash MD5: 54A47F6B5E09A77E61649109C6A08866
    385.
    386. CompanyName: Microsoft Corporation
    387. ProductName: Système d'exploitation Microsoft® Windows®
    388. InternalName: svchost.exe
    389. OriginalFileName: svchost.exe.mui
    390. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
    391. ProductVersion: 6.1.7600.16385
    392. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    393.
    394. =========================
    395.
    396.
    397. "C:\Windows\winsxs\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_f48a54207a617d6c\SMSvcHost.exe.config" [ ARCHIVE | 2 Ko ]
    398. TC: 14/07/2009,01:36:26 | TM: 10/06/2009,22:14:05 | DA: 14/07/2009,01:36:26
    399.
    400. Hash MD5: 757BC33428B870035A16FD96B9DDB7FA
    401.
    402.
    403. =========================
    404.
    405.
    406.
    407. ====== Entrée(s) du registre ======
    408.
    409.
    410. [HKLM\Software\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\C:/Windows/Microsoft.NET/Framework/v4.0.30319/SMSvcHost.exe]
    411. DA: 12/01/2012 13:24:26
    412.
    413. [HKLM\Software\Microsoft\FTH]
    414. "ExclusionList"="smss.exe
    415. csrss.exe
    416. wininit.exe
    417. services.exe
    418. lsass.exe
    419. lsm.exe
    420. svchost.exe
    421. winlogon.exe
    422. SLsvc.exe
    423. spoolsv.exe
    424. taskhost.exe" (REG_MULTI_SZ)
    425.
    426. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651]
    427. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
    428.
    429. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0]
    430. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
    431.
    432. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA]
    433. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
    434.
    435. [HKLM\Software\Swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0]
    436. "AppFullPath"="C:\Windows\system32\svchost.exe" (REG_SZ)
    437.
    438. [HKLM\System\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\WinInetHelperClass\HelperClasses\WinInetHelperClass\Attributes\AppID]
    439. "DefaultValue"="C:\Windows\system32\svchost.exe" (REG_SZ)
    440.
    441. [HKLM\System\ControlSet001\services\AeLookupSvc]
    442. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    443.
    444. [HKLM\System\ControlSet001\services\Akamai]
    445. "ImagePath"="%SystemRoot%\System32\svchost.exe -k Akamai" (REG_EXPAND_SZ)
    446.
    447. [HKLM\System\ControlSet001\services\AppIDSvc]
    448. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    449.
    450. [HKLM\System\ControlSet001\services\Appinfo]
    451. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    452.
    453. [HKLM\System\ControlSet001\services\AppMgmt]
    454. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    455.
    456. [HKLM\System\ControlSet001\services\AudioEndpointBuilder]
    457. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    458.
    459. [HKLM\System\ControlSet001\services\AudioSrv]
    460. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
    461.
    462. [HKLM\System\ControlSet001\services\AxInstSV]
    463. "ImagePath"="%SystemRoot%\system32\svchost.exe -k AxInstSVGroup" (REG_EXPAND_SZ)
    464.
    465. [HKLM\System\ControlSet001\services\BDESVC]
    466. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    467.
    468. [HKLM\System\ControlSet001\services\BFE]
    469. "ImagePath"="%systemroot%\system32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
    470.
    471. [HKLM\System\ControlSet001\services\BITS]
    472. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    473.
    474. [HKLM\System\ControlSet001\services\Browser]
    475. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    476.
    477. [HKLM\System\ControlSet001\services\bthserv]
    478. "ImagePath"="%SystemRoot%\system32\svchost.exe -k bthsvcs" (REG_EXPAND_SZ)
    479.
    480. [HKLM\System\ControlSet001\services\CertPropSvc]
    481. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    482.
    483. [HKLM\System\ControlSet001\services\CryptSvc]
    484. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
    485.
    486. [HKLM\System\ControlSet001\services\DcomLaunch]
    487. "ImagePath"="%SystemRoot%\system32\svchost.exe -k DcomLaunch" (REG_EXPAND_SZ)
    488.
    489. [HKLM\System\ControlSet001\services\defragsvc]
    490. "ImagePath"="%SystemRoot%\system32\svchost.exe -k defragsvc" (REG_EXPAND_SZ)
    491.
    492. [HKLM\System\ControlSet001\services\Dhcp]
    493. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
    494.
    495. [HKLM\System\ControlSet001\services\Dnscache]
    496. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
    497.
    498. [HKLM\System\ControlSet001\services\dot3svc]
    499. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    500.
    501. [HKLM\System\ControlSet001\services\DPS]
    502. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
    503.
    504. [HKLM\System\ControlSet001\services\EapHost]
    505. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    506.
    507. [HKLM\System\ControlSet001\services\eventlog]
    508. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
    509.
    510. [HKLM\System\ControlSet001\services\EventSystem]
    511. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
    512.
    513. [HKLM\System\ControlSet001\services\fdPHost]
    514. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
    515.
    516. [HKLM\System\ControlSet001\services\FDResPub]
    517. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    518.
    519. [HKLM\System\ControlSet001\services\FontCache]
    520. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    521.
    522. [HKLM\System\ControlSet001\services\gpsvc]
    523. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    524.
    525. [HKLM\System\ControlSet001\services\hidserv]
    526. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    527.
    528. [HKLM\System\ControlSet001\services\hkmsvc]
    529. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    530.
    531. [HKLM\System\ControlSet001\services\HomeGroupListener]
    532. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    533.
    534. [HKLM\System\ControlSet001\services\HomeGroupProvider]
    535. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
    536.
    537. [HKLM\System\ControlSet001\services\IKEEXT]
    538. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    539.
    540. [HKLM\System\ControlSet001\services\IPBusEnum]
    541. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    542.
    543. [HKLM\System\ControlSet001\services\iphlpsvc]
    544. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetSvcs" (REG_EXPAND_SZ)
    545.
    546. [HKLM\System\ControlSet001\services\KtmRm]
    547. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation" (REG_EXPAND_SZ)
    548.
    549. [HKLM\System\ControlSet001\services\LanmanServer]
    550. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    551.
    552. [HKLM\System\ControlSet001\services\LanmanWorkstation]
    553. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
    554.
    555. [HKLM\System\ControlSet001\services\lltdsvc]
    556. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
    557.
    558. [HKLM\System\ControlSet001\services\lmhosts]
    559. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted" (REG_EXPAND_SZ)
    560.
    561. [HKLM\System\ControlSet001\services\Mcx2Svc]
    562. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    563.
    564. [HKLM\System\ControlSet001\services\MMCSS]
    565. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    566.
    567. [HKLM\System\ControlSet001\services\MpsSvc]
    568. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
    569.
    570. [HKLM\System\ControlSet001\services\MSiSCSI]
    571. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    572.
    573. [HKLM\System\ControlSet001\services\napagent]
    574. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
    575.
    576. [HKLM\System\ControlSet001\services\Netman]
    577. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    578.
    579. [HKLM\System\ControlSet001\services\NetMsmqActivator]
    580. "ImagePath"=""c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator" (REG_EXPAND_SZ)
    581.
    582. [HKLM\System\ControlSet001\services\NetPipeActivator]
    583. "ImagePath"="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" (REG_EXPAND_SZ)
    584.
    585. [HKLM\System\ControlSet001\services\netprofm]
    586. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
    587.
    588. [HKLM\System\ControlSet001\services\NetTcpActivator]
    589. "ImagePath"="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" (REG_EXPAND_SZ)
    590.
    591. [HKLM\System\ControlSet001\services\NetTcpPortSharing]
    592. "ImagePath"="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" (REG_EXPAND_SZ)
    593.
    594. [HKLM\System\ControlSet001\services\NlaSvc]
    595. "ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
    596.
    597. [HKLM\System\ControlSet001\services\nsi]
    598. "ImagePath"="%systemroot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
    599.
    600. [HKLM\System\ControlSet001\services\p2pimsvc]
    601. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
    602.
    603. [HKLM\System\ControlSet001\services\p2psvc]
    604. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
    605.
    606. [HKLM\System\ControlSet001\services\PcaSvc]
    607. "ImagePath"="%systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted" (REG_EXPAND_SZ)
    608.
    609. [HKLM\System\ControlSet001\services\pla]
    610. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork" (REG_EXPAND_SZ)
    611.
    612. [HKLM\System\ControlSet001\services\PlugPlay]
    613. "ImagePath"="%SystemRoot%\system32\svchost.exe -k DcomLaunch" (REG_EXPAND_SZ)
    614.
    615. [HKLM\System\ControlSet001\services\PNRPAutoReg]
    616. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
    617.
    618. [HKLM\System\ControlSet001\services\PNRPsvc]
    619. "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServicePeerNet" (REG_EXPAND_SZ)
    620.
    621. [HKLM\System\ControlSet001\services\PolicyAgent]
    622. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted" (REG_EXPAND_SZ)
    623.
    624. [HKLM\System\ControlSet001\services\Power]
    625. "ImagePath"="%SystemRoot%\system32\svchost.exe -k DcomLaunch" (REG_EXPAND_SZ)
    626.
    627. [HKLM\System\ControlSet001\services\ProfSvc]
    628. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    629.
    630. [HKLM\System\ControlSet001\services\QWAVE]
    631. "ImagePath"="%windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    632.
    633. [HKLM\System\ControlSet001\services\RasAuto]
    634. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    635.
    636. [HKLM\System\ControlSet001\services\RasMan]
    637. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    638.
    639. [HKLM\System\ControlSet001\services\RemoteAccess]
    640. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    641.
    642. [HKLM\System\ControlSet001\services\RemoteRegistry]
    643. "ImagePath"="%SystemRoot%\system32\svchost.exe -k regsvc" (REG_EXPAND_SZ)
    644.
    645. [HKLM\System\ControlSet001\services\RpcEptMapper]
    646. "ImagePath"="%SystemRoot%\system32\svchost.exe -k RPCSS" (REG_EXPAND_SZ)
    647.
    648. [HKLM\System\ControlSet001\services\RpcSs]
    649. "ImagePath"="%SystemRoot%\system32\svchost.exe -k rpcss" (REG_EXPAND_SZ)
    650.
    651. [HKLM\System\ControlSet001\services\SCardSvr]
    652. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    653.
    654. [HKLM\System\ControlSet001\services\Schedule]
    655. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    656.
    657. [HKLM\System\ControlSet001\services\SCPolicySvc]
    658. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    659.
    660. [HKLM\System\ControlSet001\services\SDRSVC]
    661. "ImagePath"="%SystemRoot%\system32\svchost.exe -k SDRSVC" (REG_EXPAND_SZ)
    662.
    663. [HKLM\System\ControlSet001\services\seclogon]
    664. "ImagePath"="%windir%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    665.
    666. [HKLM\System\ControlSet001\services\SENS]
    667. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    668.
    669. [HKLM\System\ControlSet001\services\SensrSvc]
    670. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation" (REG_EXPAND_SZ)
    671.
    672. [HKLM\System\ControlSet001\services\SessionEnv]
    673. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    674.
    675. [HKLM\System\ControlSet001\services\SharedAccess]
    676. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
    677.
    678. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    679. "WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    680.
    681. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    682. "WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    683.
    684. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    685. "WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    686.
    687. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    688. "WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    689.
    690. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    691. "WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    692.
    693. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    694. "WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    695.
    696. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    697. "WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    698.
    699. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    700. "WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    701.
    702. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    703. "WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    704.
    705. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    706. "WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    707.
    708. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    709. "WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|" (REG_SZ)
    710.
    711. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    712. "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
    713.
    714. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    715. "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
    716.
    717. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    718. "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
    719.
    720. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    721. "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|" (REG_SZ)
    722.
    723. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    724. "PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|Defer=App|" (REG_SZ)
    725.
    726. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    727. "PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|" (REG_SZ)
    728.
    729. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    730. "PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|" (REG_SZ)
    731.
    732. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    733. "PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|" (REG_SZ)
    734.
    735. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    736. "RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|" (REG_SZ)
    737.
    738. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    739. "RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|" (REG_SZ)
    740.
    741. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    742. "Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|" (REG_SZ)
    743.
    744. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    745. "Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|" (REG_SZ)
    746.
    747. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    748. "Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|" (REG_SZ)
    749.
    750. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    751. "Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|" (REG_SZ)
    752.
    753. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    754. "FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|" (REG_SZ)
    755.
    756. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    757. "FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|" (REG_SZ)
    758.
    759. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    760. "CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    761.
    762. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    763. "CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    764.
    765. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    766. "CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    767.
    768. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    769. "CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    770.
    771. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    772. "CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    773.
    774. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    775. "CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    776.
    777. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    778. "CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    779.
    780. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    781. "CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    782.
    783. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    784. "CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|" (REG_SZ)
    785.
    786. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    787. "PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|" (REG_SZ)
    788.
    789. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    790. "PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|" (REG_SZ)
    791.
    792. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    793. "MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
    794.
    795. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    796. "MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
    797.
    798. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    799. "MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
    800.
    801. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    802. "MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|" (REG_SZ)
    803.
    804. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    805. "WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
    806.
    807. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    808. "WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
    809.
    810. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    811. "WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
    812.
    813. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    814. "WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
    815.
    816. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    817. "WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
    818.
    819. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    820. "WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|" (REG_SZ)
    821.
    822. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    823. "NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    824.
    825. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    826. "NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    827.
    828. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    829. "NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    830.
    831. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    832. "NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    833.
    834. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    835. "NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    836.
    837. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    838. "NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    839.
    840. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    841. "NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    842.
    843. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    844. "NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    845.
    846. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    847. "NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    848.
    849. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    850. "NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    851.
    852. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    853. "NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    854.
    855. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    856. "NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    857.
    858. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    859. "NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    860.
    861. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    862. "NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    863.
    864. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    865. "NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    866.
    867. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    868. "NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    869.
    870. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    871. "NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    872.
    873. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    874. "NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|" (REG_SZ)
    875.
    876. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    877. "RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|" (REG_SZ)
    878.
    879. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    880. "RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|" (REG_SZ)
    881.
    882. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    883. "RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
    884.
    885. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    886. "RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
    887.
    888. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    889. "RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
    890.
    891. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    892. "RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|" (REG_SZ)
    893.
    894. [HKLM\System\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    895. "MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|" (REG_SZ)
    896.
    0
  13. Utilisateur anonyme
     
    Salut,

    ▶ Télécharge et lance AdwCleaner (merci à Xplode)
    ▶ Clique sur Suppression, et poste le rapport sur le forum

    Ensuite, on va réessayer de passer Mbam.

    En cas de problème, n'hésite pas à consulter le tutoriel Malwarebytes
    Il se peut que le scan soit long, mais il faut le laisser se terminer.


    ▶ Télécharge Malwarebytes' Anti-Malware sur ton bureau :

    ▶ Lance l'installation, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7).

    ▶ Une fois l'installation terminée, le programme se lance et se met à jour. Dans l'onglet Mise à jour, clique sur le bouton "Recherche de mise à jour au cas où.

    ▶ Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ▶ Sélectionne Exécuter un examen complet.
    ▶ Sélectionne Tous les disques.
    ▶ Clique sur Rechercher.

    ▶ Si des menaces ont été détectées, clique sur Afficher les résultats.

    ▶ Sélectionne toutes les menaces et clique sur Supprimer la sélection, l'ordinateur peut demander le redémarrage, si tel est la cas accepte.

    ▶ Une fois redémarré, ouvre Malwarebytes et rends-toi dans l'onglet Rapport.

    ▶ Ouvre le dernier en date, et copie-colle le sur le forum.
    0
  14. dbzgtmax Messages postés 64 Statut Membre
     
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Version de la base de données: v2012.01.27.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    FICELLO :: FICELLO-PC [administrateur]

    27/01/2012 20:01:18
    mbam-log-2012-01-27 (20-01-18).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 203921
    Temps écoulé: 2 minute(s), 46 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:\Users\FICELLO\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.

    (fin)
    0
  15. dbzgtmax Messages postés 64 Statut Membre
     
    # AdwCleaner v1.407 - Rapport créé le 28/01/2012 à 00:49:19
    # Mis à jour le 18/01/2012 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : FICELLO - FICELLO-PC (Administrateur)
    # Exécuté depuis : C:\Users\FICELLO\Desktop\adwcleaner.exe
    # Option [Suppression]

    ***** [Services] *****

    ***** [Fichiers / Dossiers] *****

    ***** [Registre] *****

    ***** [Registre (x64)] *****

    ***** [Navigateurs] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v9.0.1 (fr)

    Profil : qm50pug4.default
    Fichier : C:\Users\FICELLO\AppData\Roaming\Mozilla\Firefox\Profiles\qm50pug4.default\prefs.js

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[S1].txt - [3340 octets] - [27/01/2012 19:50:16]
    AdwCleaner[R1].txt - [1013 octets] - [28/01/2012 00:43:57]
    AdwCleaner[S2].txt - [947 octets] - [28/01/2012 00:49:19]

    *************************

    Dossier Temporaire : 2 dossier(s) et 1 fichier(s) supprimés

    ########## EOF - C:\AdwCleaner[S2].txt - [1166 octets] ##########
    0
  16. Utilisateur anonyme
     
    C:\AdwCleaner[S2].txt

    Il me faut :

    C:\AdwCleaner[S1].txt

    As-tu encore des soucis ?
    0
  17. Utilisateur anonyme
     
    Okay.

    Désinstalle Avast :

    http://security-helpzone.olympe-network.com/Thread-D%C3%A9sinstaller-vos-Antivirus-%C3%A0-coup-s%C3%BBr

    _________________________________________

    Ensuite, on va diagnostiquer le pc :

    ▶ Télécharge ZHPDiag (de Nicolas Coolman)

    ▶ Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7")

    ▶ Clique sur l'icône en forme de loupe pour lancer le diagnostique

    ▶ Héberge le rapport ZHPDiag.txt de ton bureau sur :

    http://pjjoint.malekal.com/

    ▶ Si le site ne fonctionne pas, consulte cette page : Autres hébergeurs en ligne
    0
  18. Utilisateur anonyme
     
    Re,

    Lance ZHPfix, et copie/colle ces lignes en gras :

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\${ELV_GUID}] | (BabylonToolbarsrv.exe) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19 => Infection BT (Toolbar.Babylon)
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] | (Weather.exe) -> C:\Program Files (x86)\ClickPotatoLite\bin\10.0.631.0\ => Infection BT (Adware.ClickPotato)
    [HKCU\Software\cacaoweb] => Infection PUP (PUP.CacaoWeb)
    [28/06/2010|17:38:24] | C:\Windows\IFinst27.exe => Infection MSN
    [21/09/2011|21:37:46] | C:\Users\FICELLO\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)
    [21/09/2011|21:37:48] | C:\Users\FICELLO\AppData\Local\OpenCandy => Infection PUP (Adware.OpenCandy)
    "C:\Users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe"=C:\Users\FICELLO\AppData\Roaming\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb => Infection PUP (PUP.CacaoWeb)
    "C:\Users\FICELLO\AppData\Roaming\explorer.exe.exe"=C:\Users\FICELLO\AppData\Roaming\explorer.exe.exe:*:Enabled:Windows Messanger => Infection FakeAlert (Possible)
    "C:\Users\FICELLO\AppData\Roaming\svchost.exe"=C:\Users\FICELLO\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger => Infection FakeAlert (Possible)
    EmptyTemp
    EmptyFlash
    FirewallRAZ


    Clique sur Go et poste le rapport.

    Ensuite, retélécharge et installe Avast :

    http://ftp01net.telechargement.fr/setup_av_free.exe
    0