--------------- QuickScript | g3n-h@ckm@n | V3_01.07.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 04/07/2017 08:14:51

Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001)

System: Microsoft Windows 10 Famille -  - (10.0.15063) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius

----------| Script


Registry saved : C:\QuickDiag\Save\Registry [04.07.2017 @ 08_14_54]

492 | [Owner : UMFD-0 |Parent : 852(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
612 | [Owner : UMFD-1 |Parent : 952(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
1752 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
1800 | [Owner : SERVICE LOCAL |Parent : 1464(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hÃ´te de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
2308 | [Owner : SERVICE LOCAL |Parent : 1464(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hÃ´te de lâinfrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
3008 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
3124 | [Owner : SystÃ¨me |Parent : 3008(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
3608 | [Owner : SERVICE LOCAL |Parent : 3528(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe
4128 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Microsoft Corporation - Application sous-systÃ¨me spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe
4336 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
4396 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (. - .) - (8.0.0.8327) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
4424 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe
4584 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
4600 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe
5740 | [Owner : MSSQL$ADK |Parent : 980(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe
4004 | [Owner : SystÃ¨me |Parent : 2220()] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5920 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
6148 | [Owner : SystÃ¨me |Parent : 5920(OfficeClickToRun.exe)] - (.Microsoft Corporation - AppVShNotify.) - (5.0.10348.0) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
3048 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
200 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
6316 | [Owner : Jean-Marie |Parent : 1584(svchost.exe)] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
6508 | [Owner : Jean-Marie |Parent : 3596()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
5532 | [Owner : Jean-Marie |Parent : 3596()] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe
848 | [Owner : Jean-Marie |Parent : 3596()] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
7184 | [Owner : Jean-Marie |Parent : 7040()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
7660 | [Owner : Jean-Marie |Parent : 7184(SynciosDeviceService.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
4764 | [Owner : Jean-Marie |Parent : 7248()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
1520 | [Owner : Jean-Marie |Parent : 1584(svchost.exe)] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
5848 | [Owner : Jean-Marie |Parent : 980(services.exe)] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
7728 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.296) = C:\Windows\System32\InstallAgent.exe
7240 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.296) = C:\Windows\System32\InstallAgentUserBroker.exe
7084 | [Owner : Jean-Marie |Parent : 7388()] - (. - .) - (12.0.649.11190) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
7504 | [Owner : Jean-Marie |Parent : 5828()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
5940 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
8212 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe
2536 | [Owner : Jean-Marie |Parent : 5828()] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
8344 | [Owner : SystÃ¨me |Parent : 4348(svchost.exe)] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15063.0) = C:\Windows\System32\CompatTelRunner.exe
7940 | [Owner : SystÃ¨me |Parent : 8344(CompatTelRunner.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
8488 | [Owner : Jean-Marie |Parent : 5828()] - (. - ResetBrowser.) - (0.1.1.6) = K:\lfs hyper-jobs janv2016-dtpro-rebit-p2go11\ajustages lfsu100%sf-juin2017-anniv barrow 2-vexe-widen-amine\lfsu100%sf pt Z sigma\browsers pour mult. chances achats downloadcrew\ResetBrowser.exe
6012 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe
6500 | [Owner : SERVICE RÃSEAU |Parent : 9076()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
2096 | [Owner : SystÃ¨me |Parent : 8452(MpCmdRun.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
5876 | [Owner : SERVICE LOCAL |Parent : 980(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe
9048 | [Owner : Jean-Marie |Parent : 2292()] - (.WiseCleaner.com - Wise Hotkey.) - (1.1.8.32) = C:\Program Files\Wise\Wise Hotkey\WiseHotkey.exe
5188 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (.Crystal Rich Ltd - USB Safely Remove assistant service.) - (6.0.8.1261) = C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
6480 | [Owner : Jean-Marie |Parent : 6188(opera.exe)] - (.Crystal Rich Ltd - USB Safely Remove - an enhanced replacement for Windows safe removal tool.) - (6.0.8.1261) = C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
9388 | [Owner : SystÃ¨me |Parent : 980(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\extservice.exe
7740 | [Owner : SERVICE RÃSEAU |Parent : 1336()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
328 | [Owner : Jean-Marie |Parent : 2544()] - (.Paragon Software - Graphic user interface for Paragon ExtFS for Windows mounter.) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\Paragon ExtFS for Windows.exe
6800 | [Owner : Jean-Marie |Parent : 2544()] - (.Moonchild Productions - Pale Moon web browser.) - (27.3.0.6321) = C:\Program Files\Pale Moon\palemoon.exe
3804 | [Owner : Jean-Marie |Parent : 7756()] - (.OrdinarySoft - StartMenuX/StartMenu10.) - (6.0.2.0) = C:\Program Files\Start Menu X\StartMenuX.exe
8644 | [Owner : Jean-Marie |Parent : 2720()] - (. - .) - (0.0.0.0) = K:\lfs hyper-jobs janv2016-dtpro-rebit-p2go11\ajustages lfsu100%sf-juin2017-anniv barrow 2-vexe-widen-amine\lfsu100%sf pt Z sigma\cadeaux rec. lfsu100%sf\SkinPack Imagination.exe
9608 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Processus hÃ´te Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
9532 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - Processus hÃ´te Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe
6240 | [Owner : Jean-Marie |Parent : 592(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.0) = C:\Windows\System32\smartscreen.exe
6676 | [Owner : Jean-Marie |Parent : 3860(explorer.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9784 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera crash-reporter.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera_crashreporter.exe
6380 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9924 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
3408 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6844 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
4304 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6188 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
6016 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9500 | [Owner : Jean-Marie |Parent : 6676(opera.exe)] - (.Opera Software - Opera Internet Browser.) - (46.0.2597.32) = C:\Program Files\Opera\46.0.2597.32\opera.exe
9856 | [Owner : Jean-Marie |Parent : 8300(explorer.exe)] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe
6760 | [Owner : SystÃ¨me |Parent : 1584(svchost.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run Client.) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

-------------- | Listing : E:\


-------------- | Recurse Listing : E:\

C:\Users\Jean-Marie\Documents\Vuze Downloads Moved Successfully
C:\Program Files (x86)\ASP Not Found ! 
C:\Program Files (x86)\PC Clean Plus Not Found ! 
C:\Program Files (x86)\pccleanplus Not Found ! 
C:\Program Files (x86)\WinZip Malware Protector Not Found ! 
C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap Moved Successfully

-------------- | IP Trace All 


Connexions actives

  Proto  Adresse locale         Adresse distante       tat
  TCP    127.0.0.1:20158        127.0.0.1:55967        ESTABLISHED
 [EaseUSEverySyncCache.exe]
  TCP    127.0.0.1:20158        127.0.0.1:55968        ESTABLISHED
 [EaseUSEverySyncCache.exe]
  TCP    127.0.0.1:55967        127.0.0.1:20158        ESTABLISHED
 [explorer.exe]
  TCP    127.0.0.1:55968        127.0.0.1:20158        ESTABLISHED
 [explorer.exe]
  TCP    192.168.1.13:49729     lon25:http             ESTABLISHED
 [avastsvc.exe]
  TCP    192.168.1.13:50085     db5sch101101209:https  ESTABLISHED
  WpnService
 [svchost.exe]
  TCP    192.168.1.13:54263     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55180     r-149-58-45-5:http     CLOSE_WAIT
 [avastsvc.exe]
  TCP    192.168.1.13:55739     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55741     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55742     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55743     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55795     n29-03-09-vip:https    LAST_ACK
 [System]
  TCP    192.168.1.13:55819     wo-in-f113:http        ESTABLISHED
  BITS
 [svchost.exe]
  TCP    192.168.1.13:55852     173.194.135.179:http   LAST_ACK
  BITS
 [svchost.exe]
  TCP    192.168.1.13:55887     192.35.177.195:http    TIME_WAIT
  TCP    192.168.1.13:55928     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55929     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55958     52.164.251.44:https    ESTABLISHED
 Impossible d'obtenir les informations de propritaire
  TCP    192.168.1.13:55972     a104-126-85-80:https   ESTABLISHED
  WpnUserService_129ca09
 [svchost.exe]
  TCP    192.168.1.13:55974     52.232.114.25:https    ESTABLISHED
 [OfficeClickToRun.exe]
  TCP    192.168.1.13:55975     185.60.216.35:https    ESTABLISHED
  WpnUserService_129ca09
 [svchost.exe]
  TCP    192.168.1.13:55976     2.17.152.87:http       ESTABLISHED
 [OfficeClickToRun.exe]
  TCP    192.168.1.13:55977     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55978     13.107.4.50:http       ESTABLISHED
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55979     a84-53-132-48:http     ESTABLISHED
 [OfficeClickToRun.exe]
  TCP    192.168.1.13:55981     173.194.135.179:http   ESTABLISHED
  BITS
 [svchost.exe]
  TCP    192.168.1.13:55982     msnbot-65-52-108-90:https  TIME_WAIT
  TCP    192.168.1.13:55983     13.107.4.50:http       SYN_SENT
  DoSvc
 [svchost.exe]
  TCP    192.168.1.13:55984     13.107.4.50:http       SYN_SENT
  DoSvc
 [svchost.exe]

-------------- | FileSearch : Petya