Publicité
Publicité
Format du document : text/plain
Prévisualisation
--------------- QuickScript | g3n-h@ckm@n | V3_01.07.17.1 ---------------
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 06/07/2017 13:55:21
Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001)
System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius
----------| Script
Registry saved : C:\QuickDiag\Save\Registry [06.07.2017 @ 13_55_30]
636 | [Owner : UMFD-1 |Parent : 972(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
640 | [Owner : UMFD-0 |Parent : 872(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
1660 | [Owner : SERVICE LOCAL |Parent : 1236(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
1772 | [Owner : Système |Parent : 1000(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
2980 | [Owner : Système |Parent : 1000(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
3068 | [Owner : Système |Parent : 2980(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
3528 | [Owner : SERVICE LOCAL |Parent : 3404(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe
3600 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe
4260 | [Owner : Système |Parent : 1000(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
4292 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
4300 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe
4392 | [Owner : Système |Parent : 1000(services.exe)] - (. - .) - (8.0.0.8327) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
4444 | [Owner : Système |Parent : 1000(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe
5628 | [Owner : MSSQL$ADK |Parent : 1000(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe
2352 | [Owner : Système |Parent : 1448()] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
6620 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
6308 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
2712 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
5720 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
8184 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
7588 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe
9028 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
8008 | [Owner : Jean-Marie |Parent : 8644()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
8940 | [Owner : Jean-Marie |Parent : 8008()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
7336 | [Owner : Jean-Marie |Parent : 2452()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
8588 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
7872 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
8920 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
5144 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe
4932 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
8460 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
5152 | [Owner : Jean-Marie |Parent : 8460(OfficeClickToRun.exe)] - (.Microsoft Corporation - AppVShNotify.) - (5.0.10348.0) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
5604 | [Owner : Jean-Marie |Parent : 8264()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
10228 | [Owner : Système |Parent : 1000(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
7324 | [Owner : Système |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Windows Problem Reporting.) - (10.0.15063.0) = C:\Windows\System32\wermgr.exe
3724 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Moonchild Productions - Pale Moon web browser.) - (27.3.0.6321) = C:\Program Files\Pale Moon\palemoon.exe
5504 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.296) = C:\Windows\System32\InstallAgent.exe
9596 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.296) = C:\Windows\System32\InstallAgentUserBroker.exe
8488 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe
6768 | [Owner : SERVICE LOCAL |Parent : 1000(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe
9056 | [Owner : Système |Parent : 1000(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\extservice.exe
10068 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Paragon Software - Graphic user interface for Paragon ExtFS for Windows mounter.) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\Paragon ExtFS for Windows.exe
656 | [Owner : SERVICE RÃSEAU |Parent : 7388()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
3792 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
332 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.0) = C:\Windows\System32\smartscreen.exe
5272 | [Owner : Jean-Marie |Parent : 7788(quickdiag_3_01.07.17.1(2).exe)] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.15063.0) = C:\Windows\System32\cmd.exe
8252 | [Owner : Jean-Marie |Parent : 5272()] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
2888 | [Owner : Jean-Marie |Parent : 5272()] - (.SteelWerX - Freeware implementation of XCACLS.) - (1.0.2.0) = C:\QuickDiag\smss.exe
-------------- | Listing : D:\
-------------- | Recurse Listing : D:\
C:\Users\Jean-Marie\Documents\Vuze Downloads Moved Successfully
C:\Program Files (x86)\ASP Not Found !
C:\Program Files (x86)\PC Clean Plus Not Found !
C:\Program Files (x86)\pccleanplus Not Found !
C:\Program Files (x86)\UTILILAB Moved Successfully
C:\Program Files (x86)\WinZip Malware Protector Not Found !
C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap Moved Successfully
-------------- | IP Trace All
Connexions actives
Proto Adresse locale Adresse distante tat
TCP 127.0.0.1:20158 127.0.0.1:53002 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:20158 127.0.0.1:53003 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:53002 127.0.0.1:20158 ESTABLISHED
[explorer.exe]
TCP 127.0.0.1:53003 127.0.0.1:20158 ESTABLISHED
[Explorer.EXE]
TCP 192.168.1.13:49717 lon14:http ESTABLISHED
[avastsvc.exe]
TCP 192.168.1.13:52157 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52158 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52160 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52166 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52167 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52168 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52172 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52173 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52174 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52175 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52176 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52177 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52642 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52643 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52645 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52647 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52649 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52650 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52651 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52652 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52676 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52678 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52731 par10s29-in-f2:https TIME_WAIT
TCP 192.168.1.13:52733 par10s29-in-f2:https TIME_WAIT
TCP 192.168.1.13:52898 a84-53-132-56:http TIME_WAIT
TCP 192.168.1.13:52904 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52905 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52906 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52907 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52908 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52909 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52910 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52911 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52912 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52913 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52914 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52915 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52916 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52917 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52918 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52919 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52953 52.94.218.7:https TIME_WAIT
TCP 192.168.1.13:52960 69.172.216.55:https TIME_WAIT
TCP 192.168.1.13:52963 69.172.216.55:https TIME_WAIT
TCP 192.168.1.13:52984 69.172.216.55:https TIME_WAIT
TCP 192.168.1.13:52985 69.172.216.111:https TIME_WAIT
TCP 192.168.1.13:53018 104.244.46.231:https TIME_WAIT
TCP 192.168.1.13:53019 a184-24-198-121:https ESTABLISHED
WpnUserService_2ccad4
[svchost.exe]
TCP 192.168.1.13:53026 edge-star-mini-shv-01-amt2:https ESTABLISHED
WpnUserService_2ccad4
[svchost.exe]
TCP 192.168.1.13:55062 msnbot-65-52-108-196:https ESTABLISHED
WpnService
[svchost.exe]
TCP 192.168.1.13:63487 r-147-58-45-5:http CLOSE_WAIT
[avastsvc.exe]
-------------- | FileSearch : Petya
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 06/07/2017 13:55:21
Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001)
System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius
----------| Script
Registry saved : C:\QuickDiag\Save\Registry [06.07.2017 @ 13_55_30]
636 | [Owner : UMFD-1 |Parent : 972(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
640 | [Owner : UMFD-0 |Parent : 872(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
1660 | [Owner : SERVICE LOCAL |Parent : 1236(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
1772 | [Owner : Système |Parent : 1000(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
2980 | [Owner : Système |Parent : 1000(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
3068 | [Owner : Système |Parent : 2980(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
3528 | [Owner : SERVICE LOCAL |Parent : 3404(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe
3600 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe
4260 | [Owner : Système |Parent : 1000(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
4292 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
4300 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe
4392 | [Owner : Système |Parent : 1000(services.exe)] - (. - .) - (8.0.0.8327) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
4444 | [Owner : Système |Parent : 1000(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe
5628 | [Owner : MSSQL$ADK |Parent : 1000(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe
2352 | [Owner : Système |Parent : 1448()] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
6620 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
6308 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
2712 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
5720 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
8184 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
7588 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe
9028 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
8008 | [Owner : Jean-Marie |Parent : 8644()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
8940 | [Owner : Jean-Marie |Parent : 8008()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
7336 | [Owner : Jean-Marie |Parent : 2452()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
8588 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
7872 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
8920 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
5144 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe
4932 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
8460 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
5152 | [Owner : Jean-Marie |Parent : 8460(OfficeClickToRun.exe)] - (.Microsoft Corporation - AppVShNotify.) - (5.0.10348.0) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
5604 | [Owner : Jean-Marie |Parent : 8264()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
10228 | [Owner : Système |Parent : 1000(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
7324 | [Owner : Système |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Windows Problem Reporting.) - (10.0.15063.0) = C:\Windows\System32\wermgr.exe
3724 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Moonchild Productions - Pale Moon web browser.) - (27.3.0.6321) = C:\Program Files\Pale Moon\palemoon.exe
5504 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.296) = C:\Windows\System32\InstallAgent.exe
9596 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.296) = C:\Windows\System32\InstallAgentUserBroker.exe
8488 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe
6768 | [Owner : SERVICE LOCAL |Parent : 1000(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe
9056 | [Owner : Système |Parent : 1000(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\extservice.exe
10068 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Paragon Software - Graphic user interface for Paragon ExtFS for Windows mounter.) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\Paragon ExtFS for Windows.exe
656 | [Owner : SERVICE RÃSEAU |Parent : 7388()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
3792 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
332 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.0) = C:\Windows\System32\smartscreen.exe
5272 | [Owner : Jean-Marie |Parent : 7788(quickdiag_3_01.07.17.1(2).exe)] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.15063.0) = C:\Windows\System32\cmd.exe
8252 | [Owner : Jean-Marie |Parent : 5272()] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
2888 | [Owner : Jean-Marie |Parent : 5272()] - (.SteelWerX - Freeware implementation of XCACLS.) - (1.0.2.0) = C:\QuickDiag\smss.exe
-------------- | Listing : D:\
-------------- | Recurse Listing : D:\
C:\Users\Jean-Marie\Documents\Vuze Downloads Moved Successfully
C:\Program Files (x86)\ASP Not Found !
C:\Program Files (x86)\PC Clean Plus Not Found !
C:\Program Files (x86)\pccleanplus Not Found !
C:\Program Files (x86)\UTILILAB Moved Successfully
C:\Program Files (x86)\WinZip Malware Protector Not Found !
C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap Moved Successfully
-------------- | IP Trace All
Connexions actives
Proto Adresse locale Adresse distante tat
TCP 127.0.0.1:20158 127.0.0.1:53002 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:20158 127.0.0.1:53003 ESTABLISHED
[EaseUSEverySyncCache.exe]
TCP 127.0.0.1:53002 127.0.0.1:20158 ESTABLISHED
[explorer.exe]
TCP 127.0.0.1:53003 127.0.0.1:20158 ESTABLISHED
[Explorer.EXE]
TCP 192.168.1.13:49717 lon14:http ESTABLISHED
[avastsvc.exe]
TCP 192.168.1.13:52157 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52158 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52160 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52166 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52167 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52168 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52172 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52173 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52174 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52175 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52176 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52177 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52642 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52643 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52645 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52647 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52649 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52650 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52651 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52652 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52676 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52678 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52731 par10s29-in-f2:https TIME_WAIT
TCP 192.168.1.13:52733 par10s29-in-f2:https TIME_WAIT
TCP 192.168.1.13:52898 a84-53-132-56:http TIME_WAIT
TCP 192.168.1.13:52904 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52905 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52906 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52907 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52908 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52909 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52910 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52911 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52912 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52913 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52914 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52915 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52916 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52917 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52918 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52919 13.107.4.50:http ESTABLISHED
DoSvc
[svchost.exe]
TCP 192.168.1.13:52953 52.94.218.7:https TIME_WAIT
TCP 192.168.1.13:52960 69.172.216.55:https TIME_WAIT
TCP 192.168.1.13:52963 69.172.216.55:https TIME_WAIT
TCP 192.168.1.13:52984 69.172.216.55:https TIME_WAIT
TCP 192.168.1.13:52985 69.172.216.111:https TIME_WAIT
TCP 192.168.1.13:53018 104.244.46.231:https TIME_WAIT
TCP 192.168.1.13:53019 a184-24-198-121:https ESTABLISHED
WpnUserService_2ccad4
[svchost.exe]
TCP 192.168.1.13:53026 edge-star-mini-shv-01-amt2:https ESTABLISHED
WpnUserService_2ccad4
[svchost.exe]
TCP 192.168.1.13:55062 msnbot-65-52-108-196:https ESTABLISHED
WpnService
[svchost.exe]
TCP 192.168.1.13:63487 r-147-58-45-5:http CLOSE_WAIT
[avastsvc.exe]
-------------- | FileSearch : Petya