Infection SVCHOST.EXE

Résolu
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

J'ai un problème similaire à celui décrit par Elisiss le 25/02/2012 sur ce forum:
- Le PC est soudainement devenu très lent (20 minutes mini pour le démarage et l'arrêt).
- D est inaccessible (Le disque D est physiquement différent du disque C)
- Plus de laison réseau (mails et internet)
- La plupart des applications ne repondent plus ou bien partiellement.
- le bouton "démarrer" est inerte, le menu n'apparait plus.

Malheureusement, les explications données par Loumax91 pour le dépannage de Elisiss ne m'ont pas permis de faire redémarrer correctement la machine.

Petites indications :
- j'ai réussi, avec beaucoup de patience, à lancer Avast après avoir fait un démarrage sans echec. Avast a mouliné pendant 2 heures. La barre de progression est restée sur 0%. La première (et unique) ligne apparue sur le scan d'Avast me parait louche :
SVC: wudfsvc>C:WINDOWS\SYSTEM32\SVCHOST.EXE
- J'ai également lancé Malwarebytes qui, à priori, a fonctionné correctement. Cependant, le scan n'a rien detecté de suspect.

Voilà le triste tableau !

Merci pour votre aide

90 réponses

Réponse 1 / 90
Utilisateur anonyme
 
il a 1000 ans ton pc ?
1
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Bon, j'espère que je me suis bien exprimé.

Oui, le clavier est raccordé sur un port USB du PC.

Mais il est loin d'avoir 1000 ans (le PC), puisque je l'ai acheté au mois de fevrier 2012 !

Je sais que l'informatique se déprécie vite, mais quand même !
0
Réponse 2 / 90
Utilisateur anonyme
 
Bonsoir,

Pas de soucis, on va débloquer le pc puis le traiter:

http://www.security-helpzone.com/Thread-Pre-Scan-Mode-nettoyage

A faire stp,
0
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Merci de te pencher sur mon douloureux cas.
J'ai d'ores et dejà une info à donner. Il est ipossible d'installer ZHPDiag sur le poste infecté. Lorsque je le lance, le message suivant s'affiche :

L'assistant d'installation n'a pas pu créer le dossier
"C:\User\AppData\Local\Temp\is-DTQI?tm"
Erreur 5 : Accès refusé
0
Utilisateur anonyme
 
Ne lance que Pre_Scan ci-dessus, pas de ZHPdiag.
0
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Je m'y emploi.

J'ai du redémarrer Windows en mode sans echec car l'explorateur moulinait tellement que la clé USB que j'utilise pour transférer les fichiers du PC sain vers le PC infecté n'est pas apparue dans l'explorateur. C'est long ...
0
Utilisateur anonyme
 
Parfait,

Allez, un peu de courage ;-)
0
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Il y a un souci.
Winlogon ne parvient pas à termier son scan (le PC tourne actuellement en mode sans echec).
Message d'erreur affiché :

Line 6113 (File "C:\users\user\desktop\winlogon.exe")
Error : variable must be of type "object"
0
Réponse 3 / 90
Utilisateur anonyme
 
salut je suis le concepteur de pre_scan

as-tu possibilité de reactiver la rstauration systeme ?

¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
0
Réponse 4 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour g3n-h@ckm@n,

Peux-tu préciser ta question ?
Quelle serait la manip à réaliser ?
0
Utilisateur anonyme
 
c'est ok fais ce que demande saachaa juste en dessous je vous laisse :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 90
Utilisateur anonyme
 
Bonjour,

Pour ta ligne aucun soucis,

Vire ton Pre_Scan et re-télécharge le nouveau sur le lien donné plus haut, puis lance-le en mode sans échec.
0
Réponse 6 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour Saachaa,

Mes problèmes ne s'arrangent pas.

J'ai ouvert une session administrateur (utilisateur habituel) en mode sans echec et j'ai pu installer Winlogon (version 2). voici le resultat :
- Fonction CMD : OK
- Fonction RECEDIT : OK
- Fonction SERVICES : OK
- Fonction SCRIPT : Aucune réaction
- Fonction DIAG : le scan est resté bloqué à la ligne "C:\WINDOWS\SYSTEM 32\WUDFDd.SYS"
- J'ai néanmois réussis à faire tourner entièrement la fonction CHK.SCV dont le rapport est joint ci-dessous.

Ensuite, je ne sais pas si j'ai fais une connerie ou pas (utilisation de la fonction KILL), mais toujours est-il que maintenant, le clavier ne répond plus sous la session Administrateur. Donc, impossible de saisir le mot de passe pour ouvrir la session.
J'ai donc basculé vers la session Invité qui n'est pas protégé par mot de passe. C'est grace à cela que j'ai pu copier le rapport de CHK.SCV sur un CD, car cette opération était irréalisable sous la session Adminitrateur.

D'autre part, l'ordi semble fonctionner un peu mieux lorsqu'il est ouvert sous Invité (?). Le bouton démarrer fait bien appraitre le menu, la vitesse est nettement meilleure, mais les problèmes décrits précedement perdurent. Quelques trucs bizarres tout de même, en session Invité :
- Impossible de lancer Winlogon
- Impossible d'ouvrir le gestionnaire des taches
- Sans aucune application en fonctionnement, le gadget de bureau m'indique le prosseceur à 55% de charge

Rapport CHK.SCV ci-dessous

-----------------------------------------------------------------------------------------------

¤¤¤¤¤¤¤¤¤¤ | BFE

[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain

¤¤¤¤¤¤¤¤¤¤ | BITS

[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000

¤¤¤¤¤¤¤¤¤¤ | Cryptsvc

[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001

¤¤¤¤¤¤¤¤¤¤ | MPSSVC

[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | RPCSS

[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | Windefend

[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | wscsvc

[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | wuauserv

[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | BFE

[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain

¤¤¤¤¤¤¤¤¤¤ | BITS

[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000

¤¤¤¤¤¤¤¤¤¤ | Cryptsvc

[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001

¤¤¤¤¤¤¤¤¤¤ | MPSSVC

[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | RPCSS

[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | Windefend

[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | wscsvc

[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | wuauserv

[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | BFE

[HKLM\System\Currentcontrolset\Services\BFE]|[DisplayName] : @%SystemRoot%\system32\bfe.dll,-1001
[HKLM\System\Currentcontrolset\Services\BFE]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\BFE]|[ImagePath] : %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\BFE]|[Description] : @%SystemRoot%\system32\bfe.dll,-1002
[HKLM\System\Currentcontrolset\Services\BFE]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\BFE]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BFE]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BFE]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BFE]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\BFE]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\BFE]|[RequiredPrivileges] : SeAuditPrivilege
[HKLM\System\Currentcontrolset\Services\BFE]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDll] : %SystemRoot%\System32\bfe.dll
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\BFE\Parameters]|[ServiceMain] : BfeServiceMain

¤¤¤¤¤¤¤¤¤¤ | BITS

[HKLM\System\Currentcontrolset\Services\BITS]|[DisplayName] : @%SystemRoot%\system32\qmgr.dll,-1000
[HKLM\System\Currentcontrolset\Services\BITS]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\BITS]|[Description] : @%SystemRoot%\system32\qmgr.dll,-1001
[HKLM\System\Currentcontrolset\Services\BITS]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\BITS]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\BITS]|[DependOnService] : RpcSs
EventSystem
[HKLM\System\Currentcontrolset\Services\BITS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\BITS]|[RequiredPrivileges] : SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\BITS]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
[HKLM\System\Currentcontrolset\Services\BITS\Parameters]|[ServiceDll] : %SystemRoot%\System32\qmgr.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Library] : bitsperf.dll
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Open] : PerfMon_Open
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Collect] : PerfMon_Collect
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Close] : PerfMon_Close
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[InstallType] : 1
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfIniFile] : bitsctrs.ini
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Counter] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Counter] : 2172
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[First Help] : 2157
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Last Help] : 2173
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[Object List] : 2156
[HKLM\System\Currentcontrolset\Services\BITS\Performance]|[PerfMMFileName] : Global\MMF_BITS_s
[HKLM\System\Currentcontrolset\Services\BITS\Security]|[Security] : 0x0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000

¤¤¤¤¤¤¤¤¤¤ | Cryptsvc

[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DisplayName] : @%SystemRoot%\system32\cryptsvc.dll,-1001
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Description] : @%SystemRoot%\system32\cryptsvc.dll,-1002
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ObjectName] : NT Authority\NetworkService
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Start] : 3
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\Cryptsvc]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDll] : %SystemRoot%\system32\cryptsvc.dll
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceMain] : CryptServiceMain
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Cryptsvc\Security]|[Security] : 0x00000E0001

¤¤¤¤¤¤¤¤¤¤ | MPSSVC

[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DisplayName] : @%SystemRoot%\system32\FirewallAPI.dll,-23090
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Group] : NetworkProvider
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Description] : @%SystemRoot%\system32\FirewallAPI.dll,-23091
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ObjectName] : NT Authority\LocalService
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[DependOnService] : mpsdrv
bfe
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[ServiceSidType] : 3
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[RequiredPrivileges] : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
[HKLM\System\Currentcontrolset\Services\MPSSVC]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDll] : %SystemRoot%\system32\mpssvc.dll
[HKLM\System\Currentcontrolset\Services\MPSSVC\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\MPSSVC\Security]|[Security] : 0x01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D010200010100000000000506000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | RPCSS

[HKLM\System\Currentcontrolset\Services\RPCSS]|[DisplayName] : @oleres.dll,-5010
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Group] : COM Infrastructure
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ImagePath] : %SystemRoot%\system32\svchost.exe -k rpcss
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Description] : @oleres.dll,-5011
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ObjectName] : NT AUTHORITY\NetworkService
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\RPCSS]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\RPCSS]|[DependOnService] : RpcEptMapper
DcomLaunch
[HKLM\System\Currentcontrolset\Services\RPCSS]|[FailureActions] : 0x00000000000000000000000001000000000000000200000060EA0000
[HKLM\System\Currentcontrolset\Services\RPCSS]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\RPCSS]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\RPCSS\Parameters]|[ServiceDll] : %SystemRoot%\system32\rpcss.dll
[HKLM\System\Currentcontrolset\Services\RPCSS\Security]|[Security] : 0x01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | Windefend

[HKLM\System\Currentcontrolset\Services\Windefend]|[DisplayName] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
[HKLM\System\Currentcontrolset\Services\Windefend]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k secsvcs
[HKLM\System\Currentcontrolset\Services\Windefend]|[Start] : 2
[HKLM\System\Currentcontrolset\Services\Windefend]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\Windefend]|[Description] : @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
[HKLM\System\Currentcontrolset\Services\Windefend]|[DependOnService] : RpcSs
[HKLM\System\Currentcontrolset\Services\Windefend]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\Windefend]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[RequiredPrivileges] : SeImpersonatePrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeShutdownPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
[HKLM\System\Currentcontrolset\Services\Windefend]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\Windefend]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\Windefend\Parameters]|[ServiceDll] : %ProgramFiles%\Windows Defender\mpsvc.dll
[HKLM\System\Currentcontrolset\Services\Windefend\Security]|[Security] : 0x01001480DC000000E8000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200AC000600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC0026487000B280000000010010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | wscsvc

[HKLM\System\Currentcontrolset\Services\wscsvc]|[DisplayName] : @%SystemRoot%\System32\wscsvc.dll,-200
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ImagePath] : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wscsvc]|[Description] : @%SystemRoot%\System32\wscsvc.dll,-201
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DependOnService] : RpcSs
WinMgmt
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ObjectName] : NT AUTHORITY\LocalService
[HKLM\System\Currentcontrolset\Services\wscsvc]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[RequiredPrivileges] : SeChangeNotifyPrivilege
SeImpersonatePrivilege
[HKLM\System\Currentcontrolset\Services\wscsvc]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc]|[FailureActions] : 0x805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wscsvc\Parameters]|[ServiceDll] : %SystemRoot%\System32\wscsvc.dll
[HKLM\System\Currentcontrolset\Services\wscsvc\Security]|[Security] : 0x01001480C8000000D4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000000028001500000001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B421356010100000000000512000000010100000000000512000000

¤¤¤¤¤¤¤¤¤¤ | wuauserv

[HKLM\System\Currentcontrolset\Services\wuauserv]|[PreshutdownTimeout] : 57600000
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DisplayName] : @%systemroot%\system32\wuaueng.dll,-105
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ImagePath] : %systemroot%\system32\svchost.exe -k netsvcs
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Description] : @%systemroot%\system32\wuaueng.dll,-106
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ObjectName] : LocalSystem
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ErrorControl] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Start] : 4
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DelayedAutoStart] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[Type] : 32
[HKLM\System\Currentcontrolset\Services\wuauserv]|[DependOnService] : rpcss
[HKLM\System\Currentcontrolset\Services\wuauserv]|[ServiceSidType] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv]|[RequiredPrivileges] : SeAuditPrivilege
SeCreateGlobalPrivilege
SeCreatePageFilePrivilege
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
SeIncreaseQuotaPrivilege
SeShutdownPrivilege
[HKLM\System\Currentcontrolset\Services\wuauserv]|[FailureActions] : 0x80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDll] : %systemroot%\system32\wuaueng.dll
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceMain] : WUServiceMain
[HKLM\System\Currentcontrolset\Services\wuauserv\Parameters]|[ServiceDllUnloadOnStop] : 1
[HKLM\System\Currentcontrolset\Services\wuauserv\Security]|[Security] : 0x010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
0
Réponse 7 / 90
Utilisateur anonyme
 
les trois quarts des services sont desactivés.....

telecharge ici : Load_SalityKiller

Desactive tes protections

lance-le , clique sur lancer le nettoyage

à la fin SalityKiller.txt se mettra sur ton bureau

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

clic droit dessus , envoyer vers , dossiers compressés

ensuite :

tu m'envoies l'archive comme ceci :

clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
0
Réponse 8 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour g3n-h@ckm@n,

Problème : le lien renvoie vers une erreur 404. Il m'est donc impossible de télécharger le logiciel.

Peux-tu être plus précis quant à la désactivation des protections ?

Merci
0
Utilisateur anonyme
 
Désactiver ton antivirus / pare-feu.

-> http://www.forums-fec.be/gen-hackman/Load_SalityKiller.exe
0
Utilisateur anonyme
 
ah ouais desolé j'ai oublié de la changer cette fiche...
0
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Antivirus et pare-feu desactivés. J'ai bien pu télécharger Sality (désolé pour la maladresse ;-)).

Nouveau problème : Le logiciel est maintenant intallé sur le PC infecté, mais il est impossible de le lancer. Je suis sur la session Invité, peut-être n'ai-je pas les droits pour faire cette manip ? Ce serait embetant, vu que je ne peux plus ouvrir de session Administrateur
0
Réponse 9 / 90
Utilisateur anonyme
 
il faut l utiliser sur la session infectée
0
Réponse 10 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Je voudrais bien !
La session infectée est protegée par un mot de passe et malheureusement, le clavier étant inopérant sous cette session, je ne peux pas rentrer le mot de passe.

Aie !
0
Réponse 11 / 90
Utilisateur anonyme
 
il est sans fil le clavier ?
0
Réponse 12 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Non, clavier filaire standard.
0
Réponse 13 / 90
Utilisateur anonyme
 
usb ou PS2 ?
0
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Port USB
0
Réponse 14 / 90
Utilisateur anonyme
 
ca dit quoi quand tu le lances de la sesion invité ?
0
Réponse 15 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
En session invité :
actuellement, la session Invité est plantée car j'ai essayé de tester le fonctionnement du clavier sur un document TXT. Apparement, il n'a pas aimé puiqu'il rame depuis 30 min
0
Réponse 16 / 90
Utilisateur anonyme
 
bon ben alors....
0
Réponse 17 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
J'ai redémarré la machine.

Cela peut prendre un certain temps !

Le problème de fonctionnement du clavier est apparu depuis l'utilisation de Winlogon. Aurais-je fais une anerie en cliquant sur "KILL" ?
0
Réponse 18 / 90
Utilisateur anonyme
 
impossible il touche pas aux pilotes legitimes
0
Réponse 19 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Peut-être un redémarrage "mal controlé".
Vu qu'il faut 20 à 30 minutes au PC pour s'arreter, il m'arrive souvent de le stopper via le bouton ON/OFF afin d'accelerer la manoeuvre.
0
Réponse 20 / 90
cqfd73 Messages postés 116 Date d'inscription   Statut Membre Dernière intervention  
 
Ca y est, le PC est repartit.

Session Administrateur impossible (clavier inopérant)
Session Invité active, mais impossible de lancer Sality. Le curser clignote comme un parkingsonien après le double clic sur l'icone, puis plus de résultat !

Y aurait-il une solution sous DOS ?
0

Discussions similaires

Svchost.exe bouffe ma connexion et mon cpu
Azerking -
Daemon -

9 réponses
Svchost s'ouvre treize fois , normal ou pas ?
Arnold0 -
chossette9 -

6 réponses
Infection svchost.exe !! Que faire ?
truman23 -
truman23 -

18 réponses
svchost.exe (secsvcs)
kiteroy -
Daemon -

31 réponses
SVCHOST.EXE --> Lag
Mike -
Xasher -

70 réponses