{ "header": { "program": { "project": "RogueKiller", "version": "12.11.0.0", "x64": true, "date": "May 29 2017", "contact": "http://www.adlice.com/contact/", "feedback": "https://forum.adlice.com", "website": "http://www.adlice.com/fr/download/roguekiller/", "blog": "http://www.adlice.com" }, "environment": { "operating_system": "Windows 10 (10.0.15063) 64 bits version", "boot": 0, "winpe": false, "user": "User", "user_admin": true, "program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe", "x64": true, "licensing": "free" }, "report": { "type": 1, "aborted": false, "date": "06/02/2017 15:33:35", "duration": 1511, "debug": false, "count": 0, "show_legit_hooks": false, "expert_mode": false, "switches": [] } }, "information": { "processes": [ { "name": "[System Process]", "name_parent": "", "pid": 0, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "System", "name_parent": "", "pid": 4, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "smss.exe", "name_parent": "", "pid": 380, "path": "C:\\Windows\\System32\\smss.exe", "command_line": "", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "csrss.exe", "name_parent": "", "pid": 488, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "", "pid_parent": 480, "path_parent": "", "is_64": true }, { "name": "wininit.exe", "name_parent": "", "pid": 624, "path": "C:\\Windows\\System32\\wininit.exe", "command_line": "", "pid_parent": 480, "path_parent": "", "is_64": true }, { "name": "csrss.exe", "name_parent": "", "pid": 636, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "", "pid_parent": 616, "path_parent": "", "is_64": true }, { "name": "winlogon.exe", "name_parent": "", "pid": 728, "path": "C:\\Windows\\System32\\winlogon.exe", "command_line": "winlogon.exe", "pid_parent": 616, "path_parent": "", "is_64": true }, { "name": "services.exe", "name_parent": "", "pid": 776, "path": "C:\\Windows\\System32\\services.exe", "command_line": "", "pid_parent": 624, "path_parent": "", "is_64": true }, { "name": "lsass.exe", "name_parent": "", "pid": 784, "path": "C:\\Windows\\System32\\lsass.exe", "command_line": "C:\\WINDOWS\\system32\\lsass.exe", "pid_parent": 624, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 888, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -s PlugPlay", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "fontdrvhost.exe", "name_parent": "winlogon.exe", "pid": 912, "path": "C:\\Windows\\System32\\fontdrvhost.exe", "command_line": "\"fontdrvhost.exe\"", "pid_parent": 728, "path_parent": "C:\\Windows\\System32\\winlogon.exe", "is_64": true }, { "name": "fontdrvhost.exe", "name_parent": "", "pid": 916, "path": "C:\\Windows\\System32\\fontdrvhost.exe", "command_line": "\"fontdrvhost.exe\"", "pid_parent": 624, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 936, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 336, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k rpcss", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 448, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -s LSM", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "dwm.exe", "name_parent": "winlogon.exe", "pid": 68, "path": "C:\\Windows\\System32\\dwm.exe", "command_line": "\"dwm.exe\"", "pid_parent": 728, "path_parent": "C:\\Windows\\System32\\winlogon.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1136, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Schedule", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1176, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s NcbService", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1184, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s ProfSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1196, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1276, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s UserManager", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1340, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s hidserv", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "atiesrxx.exe", "name_parent": "", "pid": 1444, "path": "C:\\Windows\\System32\\atiesrxx.exe", "command_line": "C:\\WINDOWS\\system32\\atiesrxx.exe", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1452, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s EventLog", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "atieclxx.exe", "name_parent": "atiesrxx.exe", "pid": 1548, "path": "C:\\Windows\\System32\\atieclxx.exe", "command_line": "atieclxx", "pid_parent": 1444, "path_parent": "C:\\Windows\\System32\\atiesrxx.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1564, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1600, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1624, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Themes", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1636, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s EventSystem", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1664, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s nsi", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1760, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s SENS", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1772, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s Dhcp", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1856, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s NlaSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "igfxCUIService.exe", "name_parent": "", "pid": 1904, "path": "C:\\Windows\\System32\\igfxCUIService.exe", "command_line": "C:\\WINDOWS\\system32\\igfxCUIService.exe", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1916, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s Dnscache", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1984, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1992, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s FontCache", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2036, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Winmgmt", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2064, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s netprofm", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "WUDFHost.exe", "name_parent": "svchost.exe", "pid": 2180, "path": "C:\\Windows\\System32\\WUDFHost.exe", "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b5fe9c67-72b3-47a8-a87f-29470e770fc8 -SystemEventPortName:HostProcess-fdaa64b0-f36e-4712-9563-4066e998093b -IoCancelEventPortName:HostProcess-9b109cb4-ffac-4b67-8144-c8de1697ded5 -NonStateChangingEventPortName:HostProcess-dc578d35-0723-41ee-b1db-e2f89901284c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a298c89c-b9ef-44ce-b9c3-15f3ec744287 -DeviceGroupId:WpdFsGroup", "pid_parent": 1600, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2252, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2492, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2500, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2552, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s ShellHWDetection", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2568, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -s StateRepository", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "spoolsv.exe", "name_parent": "", "pid": 2660, "path": "C:\\Windows\\System32\\spoolsv.exe", "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2712, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s LanmanWorkstation", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "armsvc.exe", "name_parent": "", "pid": 2820, "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe", "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"", "pid_parent": 776, "path_parent": "", "is_64": false }, { "name": "MBAMService.exe", "name_parent": "", "pid": 2828, "path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe", "command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2836, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s PcaSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2844, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s CryptSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2852, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2860, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s iphlpsvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2868, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -s DPS", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2968, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s SysMain", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2976, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3008, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s TrkWks", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3040, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s WpnService", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3048, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s LanmanServer", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "MsMpEng.exe", "name_parent": "", "pid": 3064, "path": "C:\\Program Files\\Windows Defender\\MsMpEng.exe", "command_line": "", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "SecurityHealthService.exe", "name_parent": "", "pid": 2540, "path": "C:\\Windows\\System32\\SecurityHealthService.exe", "command_line": "", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "Memory Compression", "name_parent": "", "pid": 3152, "path": "MemCompression", "command_line": "", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3320, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s WdiServiceHost", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3512, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -s tiledatamodelsvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3708, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 4064, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 4412, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s CDPUserSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "sihost.exe", "name_parent": "svchost.exe", "pid": 4420, "path": "c:\\Windows\\System32\\sihost.exe", "command_line": "sihost.exe", "pid_parent": 1276, "path_parent": "c:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 4468, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "PresentationFontCache.exe", "name_parent": "", "pid": 4548, "path": "C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe", "command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "taskhostw.exe", "name_parent": "svchost.exe", "pid": 4792, "path": "c:\\Windows\\System32\\taskhostw.exe", "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", "pid_parent": 1136, "path_parent": "c:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 4872, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s TokenBroker", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "explorer.exe", "name_parent": "", "pid": 5092, "path": "C:\\Windows\\explorer.exe", "command_line": "C:\\WINDOWS\\Explorer.EXE", "pid_parent": 5040, "path_parent": "", "is_64": true }, { "name": "igfxEM.exe", "name_parent": "", "pid": 4680, "path": "C:\\Windows\\System32\\igfxEM.exe", "command_line": "igfxEM.exe ", "pid_parent": 1964, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 4580, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Appinfo", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "ClassicStartMenu.exe", "name_parent": "Explorer.EXE", "pid": 5148, "path": "C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe", "command_line": "ClassicStartMenu.exe -startup", "pid_parent": 5092, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "NisSrv.exe", "name_parent": "", "pid": 5588, "path": "C:\\Program Files\\Windows Defender\\NisSrv.exe", "command_line": "", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "SearchIndexer.exe", "name_parent": "", "pid": 5776, "path": "C:\\Windows\\System32\\SearchIndexer.exe", "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "ShellExperienceHost.exe", "name_parent": "svchost.exe", "pid": 5932, "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe", "command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "SearchUI.exe", "name_parent": "svchost.exe", "pid": 5964, "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "RuntimeBroker.exe", "name_parent": "svchost.exe", "pid": 3768, "path": "C:\\Windows\\System32\\RuntimeBroker.exe", "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 6308, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s LicenseManager", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 6336, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s CDPSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "SkypeHost.exe", "name_parent": "svchost.exe", "pid": 6436, "path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\\SkypeHost.exe", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MSASCuiL.exe", "name_parent": "Explorer.EXE", "pid": 6376, "path": "C:\\Program Files\\Windows Defender\\MSASCuiL.exe", "command_line": "\"C:\\Program Files\\Windows Defender\\MSASCuiL.exe\" ", "pid_parent": 5092, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "mbamtray.exe", "name_parent": "Explorer.EXE", "pid": 1488, "path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe", "command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe\" ", "pid_parent": 5092, "path_parent": "C:\\Windows\\explorer.exe", "is_64": false }, { "name": "rundll32.exe", "name_parent": "Explorer.EXE", "pid": 2672, "path": "C:\\Windows\\System32\\rundll32.exe", "command_line": "\"C:\\WINDOWS\\system32\\RunDll32.exe\" \"C:\\Program Files\\HP\\HP DeskJet 3630 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN5BU1HHSG0658;CONNECTION=USB;MONITOR=1;", "pid_parent": 5092, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "hpwuschd2.exe", "name_parent": "", "pid": 3332, "path": "C:\\Program Files (x86)\\HP\\HP Software Update\\hpwuschd2.exe", "command_line": "\"C:\\Program Files (x86)\\HP\\HP Software Update\\hpwuschd2.exe\" ", "pid_parent": 2616, "path_parent": "", "is_64": false }, { "name": "MOM.exe", "name_parent": "", "pid": 5228, "path": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe", "command_line": "\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM\" PriorityLow", "pid_parent": 4768, "path_parent": "", "is_64": true }, { "name": "CCleaner64.exe", "name_parent": "", "pid": 6216, "path": "C:\\Program Files\\CCleaner\\CCleaner64.exe", "command_line": "\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR /uac", "pid_parent": 5508, "path_parent": "", "is_64": true }, { "name": "CCC.exe", "name_parent": "MOM.exe", "pid": 7080, "path": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe", "command_line": "\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe\" 0", "pid_parent": 5228, "path_parent": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3720, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s wscsvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 4640, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "ApplicationFrameHost.exe", "name_parent": "svchost.exe", "pid": 6836, "path": "C:\\Windows\\System32\\ApplicationFrameHost.exe", "command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1960, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s lfsvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "dllhost.exe", "name_parent": "svchost.exe", "pid": 7244, "path": "C:\\Windows\\System32\\dllhost.exe", "command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 5404, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 2740, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s SensorService", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 7872, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "SystemSettings.exe", "name_parent": "svchost.exe", "pid": 8312, "path": "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe", "command_line": "\"C:\\WINDOWS\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3936, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService -s WinHttpAutoProxySvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 976, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 5644, "path": "c:\\Windows\\System32\\svchost.exe", "command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s StorSvc", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "MicrosoftEdge.exe", "name_parent": "svchost.exe", "pid": 7420, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe\" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "browser_broker.exe", "name_parent": "svchost.exe", "pid": 2600, "path": "C:\\Windows\\System32\\browser_broker.exe", "command_line": "C:\\WINDOWS\\system32\\browser_broker.exe -Embedding", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 3880, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 5312, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 4544, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "smartscreen.exe", "name_parent": "svchost.exe", "pid": 5204, "path": "C:\\Windows\\System32\\smartscreen.exe", "command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 9116, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 5848, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1732, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "audiodg.exe", "name_parent": "svchost.exe", "pid": 4500, "path": "C:\\Windows\\System32\\audiodg.exe", "command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x4ec", "pid_parent": 2252, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 3544, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 7428, "path": "", "command_line": "", "pid_parent": 776, "path_parent": "", "is_64": false }, { "name": "DataExchangeHost.exe", "name_parent": "svchost.exe", "pid": 7704, "path": "C:\\Windows\\System32\\DataExchangeHost.exe", "command_line": "C:\\Windows\\System32\\DataExchangeHost.exe -Embedding", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 832, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost", "pid_parent": 776, "path_parent": "", "is_64": true }, { "name": "SearchProtocolHost.exe", "name_parent": "SearchIndexer.exe", "pid": 7788, "path": "C:\\Windows\\System32\\SearchProtocolHost.exe", "command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe27_ Global\\UsGthrCtrlFltPipeMssGthrPipe27 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ", "pid_parent": 5776, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": true }, { "name": "SearchFilterHost.exe", "name_parent": "SearchIndexer.exe", "pid": 9192, "path": "C:\\Windows\\System32\\SearchFilterHost.exe", "command_line": "\"C:\\WINDOWS\\system32\\SearchFilterHost.exe\" 0 688 692 700 8192 696 ", "pid_parent": 5776, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": true }, { "name": "backgroundTaskHost.exe", "name_parent": "svchost.exe", "pid": 5708, "path": "C:\\Windows\\System32\\backgroundTaskHost.exe", "command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "RogueKiller64.exe", "name_parent": "", "pid": 8392, "path": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe", "command_line": "\"C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ", "pid_parent": 4512, "path_parent": "", "is_64": true }, { "name": "MicrosoftEdgeCP.exe", "name_parent": "svchost.exe", "pid": 6392, "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca", "pid_parent": 936, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "SearchProtocolHost.exe", "name_parent": "SearchIndexer.exe", "pid": 1500, "path": "C:\\Windows\\System32\\SearchProtocolHost.exe", "command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe_S-1-5-21-2798650966-3917502356-1212340295-100128_ Global\\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2798650966-3917502356-1212340295-100128 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" \"1\"", "pid_parent": 5776, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": true } ] }, "results": { "processes": [], "modules": [], "services": [], "registry": [], "tasks": [], "filesystem": [], "wmi": [], "hosts": { "is_too_big": false, "lines": [] }, "antirootkit": { "is_driver_loaded": true, "driver_error": 0, "results": [] }, "web_browsers": [], "disk": { "results": [], "mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00WN4A0 +++++\n--- User ---\n[MBR] 0086f36f0b7bc8b257f89fc226376c3d\n[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB\n1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB\n2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB\n3 - Basic data partition | Offset (sectors): 1159168 | Size: 953303 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n" } } }