Infection SVCHOST.EXE
Résolu/Fermé
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
-
9 oct. 2012 à 22:36
Utilisateur anonyme - 23 nov. 2012 à 10:01
Utilisateur anonyme - 23 nov. 2012 à 10:01
A voir également:
- Servicedllunloadonstop
- Svchost.exe - Guide
- Svchost.exe -k aarsvcgroup -p ✓ - Forum Virus
- Url blacklist infection - Forum Virus
- Svchost.exe (secsvcs) - Forum Virus
- Svchost.exe microphone ✓ - Forum Virus
90 réponses
Utilisateur anonyme
9 oct. 2012 à 22:46
9 oct. 2012 à 22:46
Bonsoir,
Pas de soucis, on va débloquer le pc puis le traiter:
http://www.security-helpzone.com/Thread-Pre-Scan-Mode-nettoyage
A faire stp,
Pas de soucis, on va débloquer le pc puis le traiter:
http://www.security-helpzone.com/Thread-Pre-Scan-Mode-nettoyage
A faire stp,
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
9 oct. 2012 à 23:05
9 oct. 2012 à 23:05
Merci de te pencher sur mon douloureux cas.
J'ai d'ores et dejà une info à donner. Il est ipossible d'installer ZHPDiag sur le poste infecté. Lorsque je le lance, le message suivant s'affiche :
L'assistant d'installation n'a pas pu créer le dossier
"C:\User\AppData\Local\Temp\is-DTQI?tm"
Erreur 5 : Accès refusé
J'ai d'ores et dejà une info à donner. Il est ipossible d'installer ZHPDiag sur le poste infecté. Lorsque je le lance, le message suivant s'affiche :
L'assistant d'installation n'a pas pu créer le dossier
"C:\User\AppData\Local\Temp\is-DTQI?tm"
Erreur 5 : Accès refusé
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
9 oct. 2012 à 23:37
9 oct. 2012 à 23:37
Je m'y emploi.
J'ai du redémarrer Windows en mode sans echec car l'explorateur moulinait tellement que la clé USB que j'utilise pour transférer les fichiers du PC sain vers le PC infecté n'est pas apparue dans l'explorateur. C'est long ...
J'ai du redémarrer Windows en mode sans echec car l'explorateur moulinait tellement que la clé USB que j'utilise pour transférer les fichiers du PC sain vers le PC infecté n'est pas apparue dans l'explorateur. C'est long ...
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 00:35
10 oct. 2012 à 00:35
Il y a un souci.
Winlogon ne parvient pas à termier son scan (le PC tourne actuellement en mode sans echec).
Message d'erreur affiché :
Line 6113 (File "C:\users\user\desktop\winlogon.exe")
Error : variable must be of type "object"
Winlogon ne parvient pas à termier son scan (le PC tourne actuellement en mode sans echec).
Message d'erreur affiché :
Line 6113 (File "C:\users\user\desktop\winlogon.exe")
Error : variable must be of type "object"
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 10/10/2012 à 01:41
Modifié par g3n-h@ckm@n le 10/10/2012 à 01:41
salut je suis le concepteur de pre_scan
as-tu possibilité de reactiver la rstauration systeme ?
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
as-tu possibilité de reactiver la rstauration systeme ?
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 10:14
10 oct. 2012 à 10:14
Bonjour g3n-h@ckm@n,
Peux-tu préciser ta question ?
Quelle serait la manip à réaliser ?
Peux-tu préciser ta question ?
Quelle serait la manip à réaliser ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
10 oct. 2012 à 10:48
10 oct. 2012 à 10:48
Bonjour,
Pour ta ligne aucun soucis,
Vire ton Pre_Scan et re-télécharge le nouveau sur le lien donné plus haut, puis lance-le en mode sans échec.
Pour ta ligne aucun soucis,
Vire ton Pre_Scan et re-télécharge le nouveau sur le lien donné plus haut, puis lance-le en mode sans échec.
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 16:38
10 oct. 2012 à 16:38
Bonjour Saachaa,
Mes problèmes ne s'arrangent pas.
J'ai ouvert une session administrateur (utilisateur habituel) en mode sans echec et j'ai pu installer Winlogon (version 2). voici le resultat :
- Fonction CMD : OK
- Fonction RECEDIT : OK
- Fonction SERVICES : OK
- Fonction SCRIPT : Aucune réaction
- Fonction DIAG : le scan est resté bloqué à la ligne "C:\WINDOWS\SYSTEM 32\WUDFDd.SYS"
- J'ai néanmois réussis à faire tourner entièrement la fonction CHK.SCV dont le rapport est joint ci-dessous.
Ensuite, je ne sais pas si j'ai fais une connerie ou pas (utilisation de la fonction KILL), mais toujours est-il que maintenant, le clavier ne répond plus sous la session Administrateur. Donc, impossible de saisir le mot de passe pour ouvrir la session.
J'ai donc basculé vers la session Invité qui n'est pas protégé par mot de passe. C'est grace à cela que j'ai pu copier le rapport de CHK.SCV sur un CD, car cette opération était irréalisable sous la session Adminitrateur.
D'autre part, l'ordi semble fonctionner un peu mieux lorsqu'il est ouvert sous Invité (?). Le bouton démarrer fait bien appraitre le menu, la vitesse est nettement meilleure, mais les problèmes décrits précedement perdurent. Quelques trucs bizarres tout de même, en session Invité :
- Impossible de lancer Winlogon
- Impossible d'ouvrir le gestionnaire des taches
- Sans aucune application en fonctionnement, le gadget de bureau m'indique le prosseceur à 55% de charge
Rapport CHK.SCV ci-dessous
-----------------------------------------------------------------------------------------------
¤¤¤¤¤¤¤¤¤¤ | BFE
[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain
¤¤¤¤¤¤¤¤¤¤ | BITS
[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000
¤¤¤¤¤¤¤¤¤¤ | Cryptsvc
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001
¤¤¤¤¤¤¤¤¤¤ | MPSSVC
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | RPCSS
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | Windefend
[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wscsvc
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wuauserv
[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | BFE
[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain
¤¤¤¤¤¤¤¤¤¤ | BITS
[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000
¤¤¤¤¤¤¤¤¤¤ | Cryptsvc
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001
¤¤¤¤¤¤¤¤¤¤ | MPSSVC
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | RPCSS
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | Windefend
[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wscsvc
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wuauserv
[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | BFE
[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain
¤¤¤¤¤¤¤¤¤¤ | BITS
[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000
¤¤¤¤¤¤¤¤¤¤ | Cryptsvc
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001
¤¤¤¤¤¤¤¤¤¤ | MPSSVC
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | RPCSS
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | Windefend
[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wscsvc
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wuauserv
[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
Mes problèmes ne s'arrangent pas.
J'ai ouvert une session administrateur (utilisateur habituel) en mode sans echec et j'ai pu installer Winlogon (version 2). voici le resultat :
- Fonction CMD : OK
- Fonction RECEDIT : OK
- Fonction SERVICES : OK
- Fonction SCRIPT : Aucune réaction
- Fonction DIAG : le scan est resté bloqué à la ligne "C:\WINDOWS\SYSTEM 32\WUDFDd.SYS"
- J'ai néanmois réussis à faire tourner entièrement la fonction CHK.SCV dont le rapport est joint ci-dessous.
Ensuite, je ne sais pas si j'ai fais une connerie ou pas (utilisation de la fonction KILL), mais toujours est-il que maintenant, le clavier ne répond plus sous la session Administrateur. Donc, impossible de saisir le mot de passe pour ouvrir la session.
J'ai donc basculé vers la session Invité qui n'est pas protégé par mot de passe. C'est grace à cela que j'ai pu copier le rapport de CHK.SCV sur un CD, car cette opération était irréalisable sous la session Adminitrateur.
D'autre part, l'ordi semble fonctionner un peu mieux lorsqu'il est ouvert sous Invité (?). Le bouton démarrer fait bien appraitre le menu, la vitesse est nettement meilleure, mais les problèmes décrits précedement perdurent. Quelques trucs bizarres tout de même, en session Invité :
- Impossible de lancer Winlogon
- Impossible d'ouvrir le gestionnaire des taches
- Sans aucune application en fonctionnement, le gadget de bureau m'indique le prosseceur à 55% de charge
Rapport CHK.SCV ci-dessous
-----------------------------------------------------------------------------------------------
¤¤¤¤¤¤¤¤¤¤ | BFE
[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain
¤¤¤¤¤¤¤¤¤¤ | BITS
[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000
¤¤¤¤¤¤¤¤¤¤ | Cryptsvc
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001
¤¤¤¤¤¤¤¤¤¤ | MPSSVC
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | RPCSS
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | Windefend
[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wscsvc
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wuauserv
[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | BFE
[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain
¤¤¤¤¤¤¤¤¤¤ | BITS
[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000
¤¤¤¤¤¤¤¤¤¤ | Cryptsvc
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001
¤¤¤¤¤¤¤¤¤¤ | MPSSVC
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | RPCSS
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | Windefend
[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wscsvc
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wuauserv
[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | BFE
[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain
¤¤¤¤¤¤¤¤¤¤ | BITS
[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000
¤¤¤¤¤¤¤¤¤¤ | Cryptsvc
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001
¤¤¤¤¤¤¤¤¤¤ | MPSSVC
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | RPCSS
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | Windefend
[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wscsvc
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000
¤¤¤¤¤¤¤¤¤¤ | wuauserv
[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
Utilisateur anonyme
10 oct. 2012 à 17:07
10 oct. 2012 à 17:07
les trois quarts des services sont desactivés.....
telecharge ici : Load_SalityKiller
Desactive tes protections
lance-le , clique sur lancer le nettoyage
à la fin SalityKiller.txt se mettra sur ton bureau
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
clic droit dessus , envoyer vers , dossiers compressés
ensuite :
tu m'envoies l'archive comme ceci :
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
telecharge ici : Load_SalityKiller
Desactive tes protections
lance-le , clique sur lancer le nettoyage
à la fin SalityKiller.txt se mettra sur ton bureau
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
clic droit dessus , envoyer vers , dossiers compressés
ensuite :
tu m'envoies l'archive comme ceci :
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 20:32
10 oct. 2012 à 20:32
Bonjour g3n-h@ckm@n,
Problème : le lien renvoie vers une erreur 404. Il m'est donc impossible de télécharger le logiciel.
Peux-tu être plus précis quant à la désactivation des protections ?
Merci
Problème : le lien renvoie vers une erreur 404. Il m'est donc impossible de télécharger le logiciel.
Peux-tu être plus précis quant à la désactivation des protections ?
Merci
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 22:39
10 oct. 2012 à 22:39
Antivirus et pare-feu desactivés. J'ai bien pu télécharger Sality (désolé pour la maladresse ;-)).
Nouveau problème : Le logiciel est maintenant intallé sur le PC infecté, mais il est impossible de le lancer. Je suis sur la session Invité, peut-être n'ai-je pas les droits pour faire cette manip ? Ce serait embetant, vu que je ne peux plus ouvrir de session Administrateur
Nouveau problème : Le logiciel est maintenant intallé sur le PC infecté, mais il est impossible de le lancer. Je suis sur la session Invité, peut-être n'ai-je pas les droits pour faire cette manip ? Ce serait embetant, vu que je ne peux plus ouvrir de session Administrateur
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 22:46
10 oct. 2012 à 22:46
Je voudrais bien !
La session infectée est protegée par un mot de passe et malheureusement, le clavier étant inopérant sous cette session, je ne peux pas rentrer le mot de passe.
Aie !
La session infectée est protegée par un mot de passe et malheureusement, le clavier étant inopérant sous cette session, je ne peux pas rentrer le mot de passe.
Aie !
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 22:50
10 oct. 2012 à 22:50
Non, clavier filaire standard.
Utilisateur anonyme
10 oct. 2012 à 22:58
10 oct. 2012 à 22:58
usb ou PS2 ?
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 22:59
10 oct. 2012 à 22:59
Port USB
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 23:17
10 oct. 2012 à 23:17
En session invité :
actuellement, la session Invité est plantée car j'ai essayé de tester le fonctionnement du clavier sur un document TXT. Apparement, il n'a pas aimé puiqu'il rame depuis 30 min
actuellement, la session Invité est plantée car j'ai essayé de tester le fonctionnement du clavier sur un document TXT. Apparement, il n'a pas aimé puiqu'il rame depuis 30 min
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 23:26
10 oct. 2012 à 23:26
J'ai redémarré la machine.
Cela peut prendre un certain temps !
Le problème de fonctionnement du clavier est apparu depuis l'utilisation de Winlogon. Aurais-je fais une anerie en cliquant sur "KILL" ?
Cela peut prendre un certain temps !
Le problème de fonctionnement du clavier est apparu depuis l'utilisation de Winlogon. Aurais-je fais une anerie en cliquant sur "KILL" ?
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 23:39
10 oct. 2012 à 23:39
Peut-être un redémarrage "mal controlé".
Vu qu'il faut 20 à 30 minutes au PC pour s'arreter, il m'arrive souvent de le stopper via le bouton ON/OFF afin d'accelerer la manoeuvre.
Vu qu'il faut 20 à 30 minutes au PC pour s'arreter, il m'arrive souvent de le stopper via le bouton ON/OFF afin d'accelerer la manoeuvre.
cqfd73
Messages postés
116
Date d'inscription
mardi 9 octobre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
10 oct. 2012 à 23:43
10 oct. 2012 à 23:43
Ca y est, le PC est repartit.
Session Administrateur impossible (clavier inopérant)
Session Invité active, mais impossible de lancer Sality. Le curser clignote comme un parkingsonien après le double clic sur l'icone, puis plus de résultat !
Y aurait-il une solution sous DOS ?
Session Administrateur impossible (clavier inopérant)
Session Invité active, mais impossible de lancer Sality. Le curser clignote comme un parkingsonien après le double clic sur l'icone, puis plus de résultat !
Y aurait-il une solution sous DOS ?
10 oct. 2012 à 23:06
Oui, le clavier est raccordé sur un port USB du PC.
Mais il est loin d'avoir 1000 ans (le PC), puisque je l'ai acheté au mois de fevrier 2012 !
Je sais que l'informatique se déprécie vite, mais quand même !