--------------- QuickScript | g3n-h@ckm@n | V3_01.06.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 05/06/2017 18:33:40 Updated 01/06/2017 | 06.50 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001) System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics 8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009 CoreTemp : ? Celsius ----------| Script Registry saved : C:\QuickDiag\Save\Registry [05.06.2017 @ 18_33_43] 828 | [Owner : UMFD-1 |Parent : 892(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe 788 | [Owner : UMFD-0 |Parent : 776(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe 4488 | [Owner : Système |Parent : 928(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe 4564 | [Owner : Système |Parent : 928(services.exe)] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe 4808 | [Owner : Jean-Marie |Parent : 928(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 8048 | [Owner : Jean-Marie |Parent : 928(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 3080 | [Owner : SERVICE LOCAL |Parent : 6784(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe 8160 | [Owner : Jean-Marie |Parent : 1808(svchost.exe)] - (.Microsoft Corporation - Notification d'emplacement.) - (10.0.15063.0) = C:\Windows\System32\LocationNotificationWindows.exe 7924 | [Owner : Jean-Marie |Parent : 928(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 3932 | [Owner : Système |Parent : 928(services.exe)] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - (2.4.40.217) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 2720 | [Owner : Système |Parent : 928(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe 10036 | [Owner : Système |Parent : 928(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8067.2115) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 10524 | [Owner : Système |Parent : 928(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe 10596 | [Owner : SERVICE LOCAL |Parent : 1448(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 1860 | [Owner : SERVICE LOCAL |Parent : 1448(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 5652 | [Owner : Système |Parent : 4564()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 10380 | [Owner : Système |Parent : 928(services.exe)] - (.SUPERAntiSpyware.com - Core Service.) - (6.0.0.1082) = C:\Program Files\SUPERAntiSpyware\SASCore64.exe 3924 | [Owner : Système |Parent : 928(services.exe)] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.15063.0) = C:\Windows\System32\vds.exe 2608 | [Owner : Système |Parent : 928(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.374.913.2) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 9804 | [Owner : Système |Parent : 928(services.exe)] - (.Safer-Networking Ltd. - Windows Security Center integration..) - (2.3.39.2) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 2540 | [Owner : Système |Parent : 928(services.exe)] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - (2.4.40.77) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 10804 | [Owner : Jean-Marie |Parent : 10740(Taskmgr.exe)] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.2.0.708) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe 10464 | [Owner : Système |Parent : 928(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.2.0.708) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe 5168 | [Owner : Jean-Marie |Parent : 4748()] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe 3868 | [Owner : Jean-Marie |Parent : 10740(Taskmgr.exe)] - (.OldTimer Tools - .) - (3.1.21.0) = M:\lfs hyper - evolutions of barrow, 100% sécurisé & co... variations\lfs ultra & 100% séc. fina. pt X Shock\cadeaux récompense lfsu100%sf\pack 5 - aide forums dualboot cubuntu & deux pc\OTM.exe 4340 | [Owner : Système |Parent : 3752(svchost.exe)] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15063.0) = C:\Windows\System32\CompatTelRunner.exe 4672 | [Owner : Système |Parent : 4340(CompatTelRunner.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe 10432 | [Owner : Jean-Marie |Parent : 632(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe 1580 | [Owner : Jean-Marie |Parent : 632(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe -------------- | Listing : D:\ D:\\overlays D:\\bcm2708-rpi-0-w.dtb D:\\COPYING.linux D:\\LICENCE.broadcom D:\\issue.txt D:\\bcm2708-rpi-b-plus.dtb D:\\bcm2708-rpi-b.dtb D:\\bcm2708-rpi-cm.dtb D:\\bcm2709-rpi-2-b.dtb D:\\bcm2710-rpi-3-b.dtb D:\\bcm2710-rpi-cm3.dtb D:\\bootcode.bin D:\\cmdline.txt D:\\config.txt D:\\fixup.dat D:\\fixup_cd.dat D:\\fixup_db.dat D:\\fixup_x.dat D:\\kernel.img D:\\kernel7.img D:\\start.elf D:\\start_cd.elf D:\\start_db.elf D:\\start_x.elf D:\\LICENSE.oracle D:\\System Volume Information -------------- | Recurse Listing : D:\ D:\overlays D:\bcm2708-rpi-0-w.dtb D:\COPYING.linux D:\LICENCE.broadcom D:\issue.txt D:\bcm2708-rpi-b-plus.dtb D:\bcm2708-rpi-b.dtb D:\bcm2708-rpi-cm.dtb D:\bcm2709-rpi-2-b.dtb D:\bcm2710-rpi-3-b.dtb D:\bcm2710-rpi-cm3.dtb D:\bootcode.bin D:\cmdline.txt D:\config.txt D:\fixup.dat D:\fixup_cd.dat D:\fixup_db.dat D:\fixup_x.dat D:\kernel.img D:\kernel7.img D:\start.elf D:\start_cd.elf D:\start_db.elf D:\start_x.elf D:\LICENSE.oracle D:\System Volume Information D:\overlays\akkordion-iqdacplus.dtbo D:\overlays\README D:\overlays\adau1977-adc.dtbo D:\overlays\ads1015.dtbo D:\overlays\ads7846.dtbo D:\overlays\bmp085_i2c-sensor.dtbo D:\overlays\audremap.dtbo D:\overlays\allo-piano-dac-pcm512x-audio.dtbo D:\overlays\at86rf233.dtbo D:\overlays\audioinjector-wm8731-audio.dtbo D:\overlays\dionaudio-loco.dtbo D:\overlays\dht11.dtbo D:\overlays\hifiberry-dacplus.dtbo D:\overlays\dpi18.dtbo D:\overlays\dpi24.dtbo D:\overlays\dwc-otg.dtbo D:\overlays\dwc2.dtbo D:\overlays\enc28j60-spi2.dtbo D:\overlays\enc28j60.dtbo D:\overlays\gpio-ir.dtbo D:\overlays\gpio-poweroff.dtbo D:\overlays\hifiberry-amp.dtbo D:\overlays\hifiberry-dac.dtbo D:\overlays\hifiberry-digi-pro.dtbo D:\overlays\hifiberry-digi.dtbo D:\overlays\hy28a.dtbo D:\overlays\hy28b.dtbo D:\overlays\i2c-gpio.dtbo D:\overlays\i2c-mux.dtbo D:\overlays\i2c-pwm-pca9685a.dtbo D:\overlays\i2c-rtc.dtbo D:\overlays\i2c-sensor.dtbo D:\overlays\i2c0-bcm2708.dtbo D:\overlays\i2c1-bcm2708.dtbo D:\overlays\i2s-gpio28-31.dtbo D:\overlays\i2s-mmap.dtbo D:\overlays\iqaudio-dac.dtbo D:\overlays\iqaudio-dacplus.dtbo D:\overlays\iqaudio-digi-wm8804-audio.dtbo D:\overlays\justboom-dac.dtbo D:\overlays\justboom-digi.dtbo D:\overlays\lirc-rpi.dtbo D:\overlays\mcp23017.dtbo D:\overlays\mcp23s17.dtbo D:\overlays\mcp2515-can0.dtbo D:\overlays\mcp2515-can1.dtbo D:\overlays\mcp3008.dtbo D:\overlays\mmc.dtbo D:\overlays\mz61581.dtbo D:\overlays\pi3-act-led.dtbo D:\overlays\pi3-disable-bt.dtbo D:\overlays\pi3-disable-wifi.dtbo D:\overlays\pi3-miniuart-bt.dtbo D:\overlays\piscreen.dtbo D:\overlays\piscreen2r.dtbo D:\overlays\pisound.dtbo D:\overlays\pitft22.dtbo D:\overlays\pitft28-capacitive.dtbo D:\overlays\pitft28-resistive.dtbo D:\overlays\pitft35-resistive.dtbo D:\overlays\pps-gpio.dtbo D:\overlays\pwm-2chan.dtbo D:\overlays\pwm.dtbo D:\overlays\qca7000.dtbo D:\overlays\raspidac3.dtbo D:\overlays\rpi-backlight.dtbo D:\overlays\rpi-dac.dtbo D:\overlays\rpi-display.dtbo D:\overlays\rpi-ft5406.dtbo D:\overlays\rpi-proto.dtbo D:\overlays\rpi-sense.dtbo D:\overlays\rra-digidac1-wm8741-audio.dtbo D:\overlays\sc16is750-i2c.dtbo D:\overlays\sc16is752-spi1.dtbo D:\overlays\sdhost.dtbo D:\overlays\sdio-1bit.dtbo D:\overlays\sdio.dtbo D:\overlays\sdtweak.dtbo D:\overlays\smi-dev.dtbo D:\overlays\smi-nand.dtbo D:\overlays\smi.dtbo D:\overlays\spi-gpio35-39.dtbo D:\overlays\spi-rtc.dtbo D:\overlays\spi0-cs.dtbo D:\overlays\spi0-hw-cs.dtbo D:\overlays\spi1-1cs.dtbo D:\overlays\spi1-2cs.dtbo D:\overlays\spi1-3cs.dtbo D:\overlays\spi2-1cs.dtbo D:\overlays\spi2-2cs.dtbo D:\overlays\spi2-3cs.dtbo D:\overlays\tinylcd35.dtbo D:\overlays\uart1.dtbo D:\overlays\vc4-fkms-v3d.dtbo D:\overlays\vc4-kms-v3d.dtbo D:\overlays\vga666.dtbo D:\overlays\w1-gpio-pullup.dtbo D:\overlays\w1-gpio.dtbo D:\overlays\wittypi.dtbo D:\System Volume Information\WPSettings.dat C:\Program Files (x86)\Limewire Not Found ! C:\Program Files (x86)\Smart Privacy Cleaner Not Found ! C:\Program Files\RFA 11 Not Found ! C:\Program Files\Vuze Not Found ! C:\ProgramFiles\RFA 11 Not Found ! C:\ProgramFiles\Vuze Not Found ! C:\Programmes\RFA 11 Not Found ! C:\Programmes\Vuze Not Found ! C:\Users\Jean-Marie\Documents\Limewire Not Found ! C:\Users\Jean-Marie\Documents\Vuze Downloads Not Found ! -------------- | IP Trace All Connexions actives Proto Adresse locale Adresse distante tat TCP 192.168.1.12:9591 fe-self005:https ESTABLISHED [avgsvca.exe] TCP 192.168.1.12:9630 db5sch101100835:https ESTABLISHED WpnService [svchost.exe] TCP 192.168.1.12:11833 lon15:http ESTABLISHED [avgsvc.exe] TCP 192.168.1.12:11844 lon13:http ESTABLISHED [avastsvc.exe] TCP 192.168.1.12:11916 a305he:http CLOSE_WAIT [avgsvca.exe] TCP 192.168.1.12:12033 r-147-58-45-5:http CLOSE_WAIT [avgsvc.exe] TCP 192.168.1.12:12072 r-148-58-45-5:http CLOSE_WAIT [avastsvc.exe] TCP 192.168.1.12:12368 192.35.177.195:http TIME_WAIT TCP 192.168.1.12:12369 a84-53-132-72:http TIME_WAIT TCP 192.168.1.12:12383 2.18.175.142:http TIME_WAIT TCP 192.168.1.12:12386 23.101.30.126:https ESTABLISHED [OfficeClickToRun.exe] -------------- | FileSearch : registry first aid