Publicité
Publicité
Format du document : text/plain
Prévisualisation
--------------- QuickScript | g3n-h@ckm@n | V3_01.07.17.1 ---------------
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 04/07/2017 08:14:51
Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001)
System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius
----------| Script
Registry saved : C:\QuickDiag\Save\Registry [04.07.2017 @ 08_14_54]
492 | [Owner : UMFD-0 |Parent : 852(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
612 | [Owner : UMFD-1 |Parent : 952(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
1752 | [Owner : Système |Parent : 980(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
1800 | [Owner : SERVICE LOCAL |Parent : 1464(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
2308 | [Owner : SERVICE LOCAL |Parent : 1464(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
3008 | [Owner : Système |Parent : 980(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
3124 | [Owner : Système |Parent : 3008(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
3608 | [Owner : SERVICE LOCAL |Parent : 3528(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe
4128 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe
4336 | [Owner : Système |Parent : 980(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
4396 | [Owner : Système |Parent : 980(services.exe)] - (. - .) - (8.0.0.8327) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
4424 | [Owner : Système |Parent : 980(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe
4584 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
4600 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe
5740 | [Owner : MSSQL$ADK |Parent : 980(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe
4004 | [Owner : Système |Parent : 2220()] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5920 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
6148 | [Owner : Système |Parent : 5920(OfficeClickToRun.exe)] - (.Microsoft Corporation - AppVShNotify.) - (5.0.10348.0) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
3048 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
200 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
6316 | [Owner : Jean-Marie |Parent : 1584(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
6508 | [Owner : Jean-Marie |Parent : 3596()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
5532 | [Owner : Jean-Marie |Parent : 3596()] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe
848 | [Owner : Jean-Marie |Parent : 3596()] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
7184 | [Owner : Jean-Marie |Parent : 7040()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
7660 | [Owner : Jean-Marie |Parent : 7184(SynciosDeviceService.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
4764 | [Owner : Jean-Marie |Parent : 7248()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
1520 | [Owner : Jean-Marie |Parent : 1584(svchost.exe)] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
5848 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
7728 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.296) = C:\Windows\System32\InstallAgent.exe
7240 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.296) = C:\Windows\System32\InstallAgentUserBroker.exe
7084 | [Owner : Jean-Marie |Parent : 7388()] - (. - .) - (12.0.649.11190) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
7504 | [Owner : Jean-Marie |Parent : 5828()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
5940 | [Owner : Système |Parent : 980(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
8212 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe
2536 | [Owner : Jean-Marie |Parent : 5828()] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
8344 | [Owner : Système |Parent : 4348(svchost.exe)] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15063.0) = C:\Windows\System32\CompatTelRunner.exe
7940 | [Owner : Système |Parent : 8344(CompatTelRunner.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
8488 | [Owner : Jean-Marie |Parent : 5828()] - (. - ResetBrowser.) - (0.1.1.6) = K:\lfs hyper-jobs janv2016-dtpro-rebit-p2go11\ajustages lfsu100%sf-juin2017-anniv barrow 2-vexe-widen-amine\lfsu100%sf pt Z sigma\browsers pour mult. chances achats downloadcrew\ResetBrowser.exe
6012 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe
6500 | [Owner : SERVICE RÃSEAU |Parent : 9076()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
2096 | [Owner : Système |Parent : 8452(MpCmdRun.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
5876 | [Owner : SERVICE LOCAL |Parent : 980(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe
9048 | [Owner : Jean-Marie |Parent : 2292()] - (.WiseCleaner.com - Wise Hotkey.) - (1.1.8.32) = C:\Program Files\Wise\Wise Hotkey\WiseHotkey.exe
5188 | [Owner : Système |Parent : 980(services.exe)] - (.Crystal Rich Ltd - USB Safely Remove assistant service.) - (6.0.8.1261) = C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
6480 | [Owner : Jean-Marie |Parent : 6188(opera.exe)] - (.Crystal Rich Ltd - USB Safely Remove - an enhanced replacement for Windows safe removal tool.) - (6.0.8.1261) = C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
9388 | [Owner : Système |Parent : 980(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\extservice.exe
7740 | [Owner : SERVICE RÃSEAU |Parent : 1336()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
328 | [Owner : Jean-Marie |Parent : 2544()] - (.Paragon Software - Graphic user interface for Paragon ExtFS for Windows mounter.) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\Paragon ExtFS for Windows.exe
6800 | [Owner : Jean-Marie |Parent : 2544()] - (.Moonchild Productions - Pale Moon web browser.) - (27.3.0.6321) = C:\Program Files\Pale Moon\palemoon.exe
3804 | [Owner : Jean-Marie |Parent : 7756()] - (.OrdinarySoft - StartMenuX/StartMenu10.) - (6.0.2.0) = C:\Program Files\Start Menu X\StartMenuX.exe
8644 | [Owner : Jean-Marie |Parent : 2720()] - (. - .) - (0.0.0.0) = K:\lfs hyper-jobs janv2016-dtpro-rebit-p2go11\ajustages lfsu100%sf-juin2017-anniv barrow 2-vexe-widen-amine\lfsu100%sf pt Z sigma\cadeaux rec. lfsu100%sf\SkinPack Imagination.exe
9608 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
9532 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
6240 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.0) = C:\Windows\System32\smartscreen.exe
6676 | [Owner : Jean-Marie |Parent : 3860(explorer.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9784 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera crash-reporter.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera_crashreporter.exe
6380 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9924 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
3408 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6844 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
4304 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6188 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6016 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9500 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9856 | [Owner : Jean-Marie |Parent : 8300(explorer.exe)] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
6760 | [Owner : Système |Parent : 1584(svchost.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run Client.) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
-------------- | Listing : E:\
-------------- | Recurse Listing : E:\
C:\Users\Jean-Marie\Documents\Vuze Downloads Moved Successfully
C:\Program Files (x86)\ASP Not Found !
C:\Program Files (x86)\PC Clean Plus Not Found !
C:\Program Files (x86)\pccleanplus Not Found !
C:\Program Files (x86)\WinZip Malware Protector Not Found !
C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap Moved Successfully
-------------- | IP Trace All
Connexions actives
Proto Adresse locale Adresse distante tat
TCP 127.0.0.1:20158 127.0.0.1:55967 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:20158 127.0.0.1:55968 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:55967 127.0.0.1:20158 ESTABLISHED
[explorer.exe]
TCP 127.0.0.1:55968 127.0.0.1:20158 ESTABLISHED
[explorer.exe]
TCP 192.168.1.13:49729 lon25:http ESTABLISHED
[avastsvc.exe]
TCP 192.168.1.13:50085 db5sch101101209:https ESTABLISHED
WpnService
[svchost.exe]
TCP 192.168.1.13:54263 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55180 r-149-58-45-5:http CLOSE_WAIT
[avastsvc.exe]
TCP 192.168.1.13:55739 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55741 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55742 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55743 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55795 n29-03-09-vip:https LAST_ACK
[System]
TCP 192.168.1.13:55819 wo-in-f113:http ESTABLISHED
BITS
[svchost.exe]
TCP 192.168.1.13:55852 173.194.135.179:http LAST_ACK
BITS
[svchost.exe]
TCP 192.168.1.13:55887 192.35.177.195:http TIME_WAIT
TCP 192.168.1.13:55928 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55929 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55958 52.164.251.44:https ESTABLISHED
Impossible d'obtenir les informations de propritaire
TCP 192.168.1.13:55972 a104-126-85-80:https ESTABLISHED
WpnUserService_129ca09
[svchost.exe]
TCP 192.168.1.13:55974 52.232.114.25:https ESTABLISHED
[OfficeClickToRun.exe]
TCP 192.168.1.13:55975 185.60.216.35:https ESTABLISHED
WpnUserService_129ca09
[svchost.exe]
TCP 192.168.1.13:55976 2.17.152.87:http ESTABLISHED
[OfficeClickToRun.exe]
TCP 192.168.1.13:55977 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55978 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55979 a84-53-132-48:http ESTABLISHED
[OfficeClickToRun.exe]
TCP 192.168.1.13:55981 173.194.135.179:http ESTABLISHED
BITS
[svchost.exe]
TCP 192.168.1.13:55982 msnbot-65-52-108-90:https TIME_WAIT
TCP 192.168.1.13:55983 13.107.4.50:http SYN_SENT
DoSvc
[svchost.exe]
TCP 192.168.1.13:55984 13.107.4.50:http SYN_SENT
DoSvc
[svchost.exe]
-------------- | FileSearch : Petya
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 04/07/2017 08:14:51
Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001)
System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius
----------| Script
Registry saved : C:\QuickDiag\Save\Registry [04.07.2017 @ 08_14_54]
492 | [Owner : UMFD-0 |Parent : 852(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
612 | [Owner : UMFD-1 |Parent : 952(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
1752 | [Owner : Système |Parent : 980(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
1800 | [Owner : SERVICE LOCAL |Parent : 1464(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
2308 | [Owner : SERVICE LOCAL |Parent : 1464(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
3008 | [Owner : Système |Parent : 980(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
3124 | [Owner : Système |Parent : 3008(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
3608 | [Owner : SERVICE LOCAL |Parent : 3528(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe
4128 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe
4336 | [Owner : Système |Parent : 980(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
4396 | [Owner : Système |Parent : 980(services.exe)] - (. - .) - (8.0.0.8327) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
4424 | [Owner : Système |Parent : 980(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe
4584 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
4600 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe
5740 | [Owner : MSSQL$ADK |Parent : 980(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe
4004 | [Owner : Système |Parent : 2220()] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5920 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
6148 | [Owner : Système |Parent : 5920(OfficeClickToRun.exe)] - (.Microsoft Corporation - AppVShNotify.) - (5.0.10348.0) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
3048 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
200 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
6316 | [Owner : Jean-Marie |Parent : 1584(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
6508 | [Owner : Jean-Marie |Parent : 3596()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
5532 | [Owner : Jean-Marie |Parent : 3596()] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe
848 | [Owner : Jean-Marie |Parent : 3596()] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
7184 | [Owner : Jean-Marie |Parent : 7040()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
7660 | [Owner : Jean-Marie |Parent : 7184(SynciosDeviceService.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
4764 | [Owner : Jean-Marie |Parent : 7248()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
1520 | [Owner : Jean-Marie |Parent : 1584(svchost.exe)] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
5848 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
7728 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.296) = C:\Windows\System32\InstallAgent.exe
7240 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.296) = C:\Windows\System32\InstallAgentUserBroker.exe
7084 | [Owner : Jean-Marie |Parent : 7388()] - (. - .) - (12.0.649.11190) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
7504 | [Owner : Jean-Marie |Parent : 5828()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
5940 | [Owner : Système |Parent : 980(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
8212 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe
2536 | [Owner : Jean-Marie |Parent : 5828()] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
8344 | [Owner : Système |Parent : 4348(svchost.exe)] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15063.0) = C:\Windows\System32\CompatTelRunner.exe
7940 | [Owner : Système |Parent : 8344(CompatTelRunner.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
8488 | [Owner : Jean-Marie |Parent : 5828()] - (. - ResetBrowser.) - (0.1.1.6) = K:\lfs hyper-jobs janv2016-dtpro-rebit-p2go11\ajustages lfsu100%sf-juin2017-anniv barrow 2-vexe-widen-amine\lfsu100%sf pt Z sigma\browsers pour mult. chances achats downloadcrew\ResetBrowser.exe
6012 | [Owner : Système |Parent : 980(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe
6500 | [Owner : SERVICE RÃSEAU |Parent : 9076()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
2096 | [Owner : Système |Parent : 8452(MpCmdRun.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
5876 | [Owner : SERVICE LOCAL |Parent : 980(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe
9048 | [Owner : Jean-Marie |Parent : 2292()] - (.WiseCleaner.com - Wise Hotkey.) - (1.1.8.32) = C:\Program Files\Wise\Wise Hotkey\WiseHotkey.exe
5188 | [Owner : Système |Parent : 980(services.exe)] - (.Crystal Rich Ltd - USB Safely Remove assistant service.) - (6.0.8.1261) = C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
6480 | [Owner : Jean-Marie |Parent : 6188(opera.exe)] - (.Crystal Rich Ltd - USB Safely Remove - an enhanced replacement for Windows safe removal tool.) - (6.0.8.1261) = C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
9388 | [Owner : Système |Parent : 980(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\extservice.exe
7740 | [Owner : SERVICE RÃSEAU |Parent : 1336()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
328 | [Owner : Jean-Marie |Parent : 2544()] - (.Paragon Software - Graphic user interface for Paragon ExtFS for Windows mounter.) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\Paragon ExtFS for Windows.exe
6800 | [Owner : Jean-Marie |Parent : 2544()] - (.Moonchild Productions - Pale Moon web browser.) - (27.3.0.6321) = C:\Program Files\Pale Moon\palemoon.exe
3804 | [Owner : Jean-Marie |Parent : 7756()] - (.OrdinarySoft - StartMenuX/StartMenu10.) - (6.0.2.0) = C:\Program Files\Start Menu X\StartMenuX.exe
8644 | [Owner : Jean-Marie |Parent : 2720()] - (. - .) - (0.0.0.0) = K:\lfs hyper-jobs janv2016-dtpro-rebit-p2go11\ajustages lfsu100%sf-juin2017-anniv barrow 2-vexe-widen-amine\lfsu100%sf pt Z sigma\cadeaux rec. lfsu100%sf\SkinPack Imagination.exe
9608 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
9532 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
6240 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.0) = C:\Windows\System32\smartscreen.exe
6676 | [Owner : Jean-Marie |Parent : 3860(explorer.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9784 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera crash-reporter.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera_crashreporter.exe
6380 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9924 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
3408 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6844 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
4304 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6188 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6016 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9500 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9856 | [Owner : Jean-Marie |Parent : 8300(explorer.exe)] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
6760 | [Owner : Système |Parent : 1584(svchost.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run Client.) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
-------------- | Listing : E:\
-------------- | Recurse Listing : E:\
C:\Users\Jean-Marie\Documents\Vuze Downloads Moved Successfully
C:\Program Files (x86)\ASP Not Found !
C:\Program Files (x86)\PC Clean Plus Not Found !
C:\Program Files (x86)\pccleanplus Not Found !
C:\Program Files (x86)\WinZip Malware Protector Not Found !
C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap Moved Successfully
-------------- | IP Trace All
Connexions actives
Proto Adresse locale Adresse distante tat
TCP 127.0.0.1:20158 127.0.0.1:55967 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:20158 127.0.0.1:55968 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:55967 127.0.0.1:20158 ESTABLISHED
[explorer.exe]
TCP 127.0.0.1:55968 127.0.0.1:20158 ESTABLISHED
[explorer.exe]
TCP 192.168.1.13:49729 lon25:http ESTABLISHED
[avastsvc.exe]
TCP 192.168.1.13:50085 db5sch101101209:https ESTABLISHED
WpnService
[svchost.exe]
TCP 192.168.1.13:54263 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55180 r-149-58-45-5:http CLOSE_WAIT
[avastsvc.exe]
TCP 192.168.1.13:55739 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55741 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55742 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55743 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55795 n29-03-09-vip:https LAST_ACK
[System]
TCP 192.168.1.13:55819 wo-in-f113:http ESTABLISHED
BITS
[svchost.exe]
TCP 192.168.1.13:55852 173.194.135.179:http LAST_ACK
BITS
[svchost.exe]
TCP 192.168.1.13:55887 192.35.177.195:http TIME_WAIT
TCP 192.168.1.13:55928 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55929 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55958 52.164.251.44:https ESTABLISHED
Impossible d'obtenir les informations de propritaire
TCP 192.168.1.13:55972 a104-126-85-80:https ESTABLISHED
WpnUserService_129ca09
[svchost.exe]
TCP 192.168.1.13:55974 52.232.114.25:https ESTABLISHED
[OfficeClickToRun.exe]
TCP 192.168.1.13:55975 185.60.216.35:https ESTABLISHED
WpnUserService_129ca09
[svchost.exe]
TCP 192.168.1.13:55976 2.17.152.87:http ESTABLISHED
[OfficeClickToRun.exe]
TCP 192.168.1.13:55977 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55978 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:55979 a84-53-132-48:http ESTABLISHED
[OfficeClickToRun.exe]
TCP 192.168.1.13:55981 173.194.135.179:http ESTABLISHED
BITS
[svchost.exe]
TCP 192.168.1.13:55982 msnbot-65-52-108-90:https TIME_WAIT
TCP 192.168.1.13:55983 13.107.4.50:http SYN_SENT
DoSvc
[svchost.exe]
TCP 192.168.1.13:55984 13.107.4.50:http SYN_SENT
DoSvc
[svchost.exe]
-------------- | FileSearch : Petya