--------------- QuickScript | g3n-h@ckm@n | V3_01.07.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 06/07/2017 13:55:21 Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001) System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics 8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009 CoreTemp : ? Celsius ----------| Script Registry saved : C:\QuickDiag\Save\Registry [06.07.2017 @ 13_55_30] 636 | [Owner : UMFD-1 |Parent : 972(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe 640 | [Owner : UMFD-0 |Parent : 872(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe 1660 | [Owner : SERVICE LOCAL |Parent : 1236(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 1772 | [Owner : Système |Parent : 1000(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe 2980 | [Owner : Système |Parent : 1000(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 3068 | [Owner : Système |Parent : 2980(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 3528 | [Owner : SERVICE LOCAL |Parent : 3404(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe 3600 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe 4260 | [Owner : Système |Parent : 1000(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 4292 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 4300 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe 4392 | [Owner : Système |Parent : 1000(services.exe)] - (. - .) - (8.0.0.8327) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 4444 | [Owner : Système |Parent : 1000(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.3.1745.0) = C:\Program Files\Macrium\Common\MacriumService.exe 5628 | [Owner : MSSQL$ADK |Parent : 1000(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe 2352 | [Owner : Système |Parent : 1448()] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 6620 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6308 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe 2712 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 5720 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 8184 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 7588 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 9028 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe 8008 | [Owner : Jean-Marie |Parent : 8644()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe 8940 | [Owner : Jean-Marie |Parent : 8008()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe 7336 | [Owner : Jean-Marie |Parent : 2452()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Anvsoft\Syncios\adb.exe 8588 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe 7872 | [Owner : Jean-Marie |Parent : 1000(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 8920 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 5144 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe 4932 | [Owner : Jean-Marie |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 8460 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 5152 | [Owner : Jean-Marie |Parent : 8460(OfficeClickToRun.exe)] - (.Microsoft Corporation - AppVShNotify.) - (5.0.10348.0) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe 5604 | [Owner : Jean-Marie |Parent : 8264()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe 10228 | [Owner : Système |Parent : 1000(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.1.1.666) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe 7324 | [Owner : Système |Parent : 1596(svchost.exe)] - (.Microsoft Corporation - Windows Problem Reporting.) - (10.0.15063.0) = C:\Windows\System32\wermgr.exe 3724 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Moonchild Productions - Pale Moon web browser.) - (27.3.0.6321) = C:\Program Files\Pale Moon\palemoon.exe 5504 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.296) = C:\Windows\System32\InstallAgent.exe 9596 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.296) = C:\Windows\System32\InstallAgentUserBroker.exe 8488 | [Owner : Système |Parent : 1000(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe 6768 | [Owner : SERVICE LOCAL |Parent : 1000(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe 9056 | [Owner : Système |Parent : 1000(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\extservice.exe 10068 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Paragon Software - Graphic user interface for Paragon ExtFS for Windows mounter.) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\ExtFS for Windows\Paragon ExtFS for Windows.exe 656 | [Owner : SERVICE RÉSEAU |Parent : 7388()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MpCmdRun.exe 3792 | [Owner : Jean-Marie |Parent : 5932(explorer.exe)] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe 332 | [Owner : Jean-Marie |Parent : 616(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.0) = C:\Windows\System32\smartscreen.exe 5272 | [Owner : Jean-Marie |Parent : 7788(quickdiag_3_01.07.17.1(2).exe)] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.15063.0) = C:\Windows\System32\cmd.exe 8252 | [Owner : Jean-Marie |Parent : 5272()] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe 2888 | [Owner : Jean-Marie |Parent : 5272()] - (.SteelWerX - Freeware implementation of XCACLS.) - (1.0.2.0) = C:\QuickDiag\smss.exe -------------- | Listing : D:\ -------------- | Recurse Listing : D:\ C:\Users\Jean-Marie\Documents\Vuze Downloads Moved Successfully C:\Program Files (x86)\ASP Not Found ! C:\Program Files (x86)\PC Clean Plus Not Found ! C:\Program Files (x86)\pccleanplus Not Found ! C:\Program Files (x86)\UTILILAB Moved Successfully C:\Program Files (x86)\WinZip Malware Protector Not Found ! C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap Moved Successfully -------------- | IP Trace All Connexions actives Proto Adresse locale Adresse distante tat TCP 127.0.0.1:20158 127.0.0.1:53002 ESTABLISHED [EaseUSEverySyncCache.exe] TCP 127.0.0.1:20158 127.0.0.1:53003 ESTABLISHED [EaseUSEverySyncCache.exe] TCP 127.0.0.1:53002 127.0.0.1:20158 ESTABLISHED [explorer.exe] TCP 127.0.0.1:53003 127.0.0.1:20158 ESTABLISHED [Explorer.EXE] TCP 192.168.1.13:49717 lon14:http ESTABLISHED [avastsvc.exe] TCP 192.168.1.13:52157 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52158 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52160 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52166 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52167 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52168 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52172 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52173 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52174 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52175 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52176 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52177 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52642 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52643 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52645 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52647 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52649 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52650 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52651 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52652 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52676 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52678 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52731 par10s29-in-f2:https TIME_WAIT TCP 192.168.1.13:52733 par10s29-in-f2:https TIME_WAIT TCP 192.168.1.13:52898 a84-53-132-56:http TIME_WAIT TCP 192.168.1.13:52904 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52905 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52906 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52907 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52908 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52909 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52910 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52911 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52912 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52913 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52914 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52915 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52916 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52917 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52918 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52919 13.107.4.50:http ESTABLISHED DoSvc [svchost.exe] TCP 192.168.1.13:52953 52.94.218.7:https TIME_WAIT TCP 192.168.1.13:52960 69.172.216.55:https TIME_WAIT TCP 192.168.1.13:52963 69.172.216.55:https TIME_WAIT TCP 192.168.1.13:52984 69.172.216.55:https TIME_WAIT TCP 192.168.1.13:52985 69.172.216.111:https TIME_WAIT TCP 192.168.1.13:53018 104.244.46.231:https TIME_WAIT TCP 192.168.1.13:53019 a184-24-198-121:https ESTABLISHED WpnUserService_2ccad4 [svchost.exe] TCP 192.168.1.13:53026 edge-star-mini-shv-01-amt2:https ESTABLISHED WpnUserService_2ccad4 [svchost.exe] TCP 192.168.1.13:55062 msnbot-65-52-108-196:https ESTABLISHED WpnService [svchost.exe] TCP 192.168.1.13:63487 r-147-58-45-5:http CLOSE_WAIT [avastsvc.exe] -------------- | FileSearch : Petya