--------------- QuickDiag | g3n-h@ckm@n | V3_22.10.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 07/03/2018 14:17:35 Updated 22/10/2017 | 08.35 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [jean- (Administrator)] - [DESKTOP-37KC94K] (S-1-5-21-4265624635-2019933758-61733912-1001) System: Microsoft Windows 10 Famille - - (10.0.16299) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1709) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics 8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009 CoreTemp : ? Celsius ----------| Extended ---------- | SoundDevice HD Webcam C310 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_081B&MI_02\6&4D0A220&1&0002 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001 WsAudio_Device - Status: OK - Manufacturer: WsAudio_Device - PNPDeviceID: ROOT\MEDIA\0003 ---------- | Video AMD Radeon HD 7310 Graphics - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184 Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25400 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34864 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84480 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33296 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28672 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 - Manufacturer: Logitech Inc. - Status: OK ---------- | CPU CPU #1 value:75 % CPU #2 value:93 % Total Overall CPU Usage value:84 % ---------- | Network Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 AnchorFree TAP-Windows Adapter V9 - Ethernet 802.3 - AnchorFree TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000 Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH ---------- | Memory RAM = Total (MB) : 3748 | Free (MB) : 2084 Pagefile = Total (MB) : 4665 | Free (MB) : 2983 Virtual = Total (MB) : 4194 | Free (MB) : 3902 Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron - PartNumber: 8JTF51264AZ-1G6E1 - S/N: DEA02E9 ---------- | SID Users Administrateur : [S-1-5-21-4265624635-2019933758-61733912-500] DefaultAccount : [S-1-5-21-4265624635-2019933758-61733912-503] Invité : [S-1-5-21-4265624635-2019933758-61733912-501] jean- : [S-1-5-21-4265624635-2019933758-61733912-1001] WDAGUtilityAccount : [S-1-5-21-4265624635-2019933758-61733912-504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] AMD FUEL : [S-1-5-21-4265624635-2019933758-61733912-1002] SQLServer2005SQLBrowserUser$DESKTOP-37KC94K : [S-1-5-21-4265624635-2019933758-61733912-1003] MSSQL$ADK : [S-1-5-80-4287524181-3401991209-718407576-1481970793-3068686015] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 211.76 Go | Free : 46.64 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 674.74 Go | Free : 77.83 Go -> NTFS [SATA] E:\ -> [Fixed] | [makeupdirector 3] | Total : 29.12 Go | Free : 28.97 Go -> NTFS [SATA] G:\ -> [Removable] | [UBUNTU MATE] | Total : 14.42 Go | Free : 7.13 Go -> FAT32 [USB] H:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 2 Go -> FAT32 [USB] I:\ -> [Removable] | [w10 windows2go] | Total : 57.66 Go | Free : 23.72 Go -> NTFS [USB] J:\ -> [Removable] | [FOLD-ISARDU] | Total : 14.9 Go | Free : 11.87 Go -> FAT32 [USB] K:\ -> [Removable] | [GSP1RMCULFREO_FR_DVD] | Total : 14.55 Go | Free : 12.14 Go -> NTFS [USB] L:\ -> [Removable] | [SFCE XFCE] | Total : 115.66 Go | Free : 112.63 Go -> FAT32 [USB] M:\ -> [Removable] | [FLASHAIR SD] | Total : 14.41 Go | Free : 13.35 Go -> FAT32 [USB] N:\ -> [Fixed] | [recovery image power2go 12] | Total : 14.18 Go | Free : 14.14 Go -> NTFS [SATA] O:\ -> [Fixed] | [wd MY passport 3TO] | Total : 2794.49 Go | Free : 281.82 Go -> NTFS [USB] P:\ -> [Removable] | [COMPANION] | Total : 30.03 Go | Free : 3.15 Go -> NTFS [USB] R:\ -> [Removable] | [FRAMA SALIX] | Total : 1.86 Go | Free : 1.83 Go -> FAT [USB] S:\ -> [Removable] | [samsung fit] | Total : 119.5 Go | Free : 118.38 Go -> NTFS [USB] T:\ -> [CDROM] | [DTVP30] | Total : 0.02 Go | Free : 0 Go -> CDFS [USB] X:\ -> [Fixed] | [LFS Hyper part 2] | Total : 929.42 Go | Free : 146.24 Go -> NTFS [USB] Disk Usage Information [15 total Physical Disks] Physical Drive #0 [C:, D:, N:, E:] : Read:32,268 bytes/sec, Written:677,639 bytes/sec Max Read:32,268 bytes/sec, Max Write:677,639 bytes/sec Physical Drive #1 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [O:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [X:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [P:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [L:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #6 [M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #7 [Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #8 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #9 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, U:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, S:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:32,268 bytes/sec, Write Maximum:677,639 bytes/sec DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_1100\1313260000000030&0 DeviceID: \\.\PHYSICALDRIVE14 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1.00\05077900000000F6&0 DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_FT01\000000000001&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0 DeviceID: \\.\PHYSICALDRIVE13 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE_FIT&REV_1100\0363316010027335&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 7 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA_FIT&REV_1.00\4C530001050902110312&0 DeviceID: \\.\PHYSICALDRIVE9 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\001A4D5E84E6B05079526B2F&0 DeviceID: \\.\PHYSICALDRIVE10 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_&PROD_FIXMESTICK&REV_8.07\4869B7004BE43CLL02797&0 DeviceID: \\.\PHYSICALDRIVE11 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DTVAULTPRIVACY30&REV_CLVX\000FFEC697CDB0A0B000DF8F&0 DeviceID: \\.\PHYSICALDRIVE12 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\7&368B17D4&0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\07014791E2C22032&0 DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_FT01\000000000001&1 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1100\0116000000008682&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - External hard disk media - 4 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_ELEMENTS_10A8&REV_1042\57584A314541334C48454537&0 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.16299.15 (© Microsoft Corporation. Tous droits réservés.) GC : 64.0.3282.186 (Copyright 2017 Google Inc. All rights reserved.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 28.0.0.161 FlashPlayer Plugin : 28.0.0.161 ---------- | Security AV : Panda Dome Disabled AS : Panda Dome Disabled AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 02/03/2018 12:32:16] FW : Panda Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 668 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.16299.15) = C:\Windows\System32\smss.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 916 | [Owner : Système | Parent : 900() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 564 | [Owner : Système | Parent : 900() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.16299.15) = C:\Windows\System32\wininit.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 616 | [Owner : Système | Parent : 544() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe [29/09/2017 14:41:43] CPU Usage:4 % --> Command Line : 976 | [Owner : Système | Parent : 544() | 10.06 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.16299.192) = C:\Windows\System32\winlogon.exe [26/02/2018 18:06:14] CPU Usage:0 % --> Command Line : 1208 | [Owner : Système | Parent : 564(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.16299.192) = C:\Windows\System32\services.exe [26/02/2018 18:09:24] CPU Usage:0 % --> Command Line : 1220 | [Owner : Système | Parent : 564(wininit.exe) | 16.22 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.16299.15) = C:\Windows\System32\lsass.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1316 | [Owner : UMFD-0 | Parent : 564(wininit.exe) | 4.49 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.192) = C:\Windows\System32\fontdrvhost.exe [26/02/2018 18:07:31] CPU Usage:0 % --> Command Line : 1324 | [Owner : UMFD-1 | Parent : 976(winlogon.exe) | 37.52 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.192) = C:\Windows\System32\fontdrvhost.exe [26/02/2018 18:07:31] CPU Usage:0 % --> Command Line : 1336 | [Owner : Système | Parent : 1208(services.exe) | 3.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1400 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 8.7 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe [29/09/2017 14:41:51] CPU Usage:0 % --> Command Line : 1412 | [Owner : Système | Parent : 1208(services.exe) | 22.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1500 | [Owner : SERVICE RÉSEAU | Parent : 1208(services.exe) | 10.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1560 | [Owner : Système | Parent : 1208(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1624 | [Owner : DWM-1 | Parent : 976(winlogon.exe) | 43.7 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.16299.15) = C:\Windows\System32\dwm.exe [29/09/2017 14:41:41] CPU Usage:0 % --> Command Line : 1692 | [Owner : Système | Parent : 1208(services.exe) | 7.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1724 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 6.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1760 | [Owner : Système | Parent : 1208(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1848 | [Owner : Système | Parent : 1208(services.exe) | 15.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1888 | [Owner : Système | Parent : 1208(services.exe) | 6.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1916 | [Owner : Système | Parent : 1208(services.exe) | 11.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1940 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 20.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2044 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 7.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 828 | [Owner : Système | Parent : 1208(services.exe) | 9.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1076 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 7.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 1664 | [Owner : SERVICE RÉSEAU | Parent : 1208(services.exe) | 11.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2072 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 8.91 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe [29/09/2017 14:41:51] CPU Usage:0 % --> Command Line : 2104 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 8.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2144 | [Owner : SERVICE RÉSEAU | Parent : 1208(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2232 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 9.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2380 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 19.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2440 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 7.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2532 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 8.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2544 | [Owner : Système | Parent : 1208(services.exe) | 28.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2556 | [Owner : Système | Parent : 1208(services.exe) | 6.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2676 | [Owner : Système | Parent : 1208(services.exe) | 9.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2704 | [Owner : Système | Parent : 1208(services.exe) | 8.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2712 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 7.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2828 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 12.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2924 | [Owner : Système | Parent : 1208(services.exe) | 15.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3040 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 6.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3056 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 12.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2696 | [Owner : Système | Parent : 1208(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2420 | [Owner : Système | Parent : 1208(services.exe) | 12.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2948 | [Owner : Système | Parent : 1208(services.exe) | 13.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3124 | [Owner : Système | Parent : 1208(services.exe) | 14.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3148 | [Owner : Système | Parent : 1208(services.exe) | 16.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3224 | [Owner : Système | Parent : 1208(services.exe) | 16.61 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.16299.192) = C:\Windows\System32\spoolsv.exe [26/02/2018 18:04:22] CPU Usage:0 % --> Command Line : 3320 | [Owner : SERVICE RÉSEAU | Parent : 1208(services.exe) | 8.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3592 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3680 | [Owner : SERVICE RÉSEAU | Parent : 1208(services.exe) | 14.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:27 % --> Command Line : 3704 | [Owner : Système | Parent : 1208(services.exe) | 6.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3720 | [Owner : Système | Parent : 1208(services.exe) | 29.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3740 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 15.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3792 | [Owner : Système | Parent : 1208(services.exe) | 7.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3800 | [Owner : Système | Parent : 1208(services.exe) | 17.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3824 | [Owner : Système | Parent : 1208(services.exe) | 7.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3864 | [Owner : Système | Parent : 1208(services.exe) | 9.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3884 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 6.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3952 | [Owner : Système | Parent : 1208(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16299.248) = C:\Windows\System32\SecurityHealthService.exe [26/02/2018 18:07:14] CPU Usage:0 % --> Command Line : 3980 | [Owner : Système | Parent : 1208(services.exe) | 14.95 Mo] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2011.110.5058.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [15/05/2014 14:51:18] CPU Usage:0 % --> Command Line : 3996 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 9.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4008 | [Owner : Système | Parent : 1208(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4028 | [Owner : Système | Parent : 1208(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.12.17007.18022) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe [05/03/2018 16:49:20] CPU Usage:53 % --> Command Line : 4084 | [Owner : Système | Parent : 1208(services.exe) | 20.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2256 | [Owner : Système | Parent : 1208(services.exe) | 28.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3812 | [Owner : SERVICE LOCAL | Parent : 3704(svchost.exe) | 9.03 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.16299.15) = C:\Windows\System32\dasHost.exe [29/09/2017 14:41:33] CPU Usage:0 % --> Command Line : 4232 | [Owner : Système | Parent : 1208(services.exe) | 13.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4244 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 5.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4708 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 7.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 4416 | [Owner : MSSQL$ADK | Parent : 1208(services.exe) | 65.82 Mo] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe [24/09/2016 01:18:12] CPU Usage:0 % --> Command Line : 5140 | [Owner : jean- | Parent : 828(svchost.exe) | 22.04 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe [29/09/2017 14:41:31] CPU Usage:0 % --> Command Line : 5152 | [Owner : jean- | Parent : 1208(services.exe) | 24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5176 | [Owner : jean- | Parent : 1208(services.exe) | 32.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5280 | [Owner : jean- | Parent : 1848(svchost.exe) | 15.94 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe [29/09/2017 14:42:01] CPU Usage:0 % --> Command Line : 5300 | [Owner : Système | Parent : 1208(services.exe) | 14.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5368 | [Owner : Système | Parent : 1848(svchost.exe) | 0.24 Mo] - (.Google Inc. - Programme d'installation de Google.) - (1.3.26.9) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/02/2018 14:19:23] CPU Usage:0 % --> Command Line : 5504 | [Owner : Système | Parent : 1208(services.exe) | 8.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5644 | [Owner : jean- | Parent : 5504(svchost.exe) | 14.13 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\Windows\System32\ctfmon.exe [29/09/2017 14:42:00] CPU Usage:0 % --> Command Line : 5860 | [Owner : jean- | Parent : 5840() | 111.12 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.248) = C:\Windows\explorer.exe [26/02/2018 18:09:20] CPU Usage:0 % --> Command Line : 1872 | [Owner : jean- | Parent : 1412(svchost.exe) | 90.06 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.15) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [29/09/2017 14:41:18] CPU Usage:0 % --> Command Line : 5924 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.12.17007.18022) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe [05/03/2018 16:49:21] CPU Usage:0 % --> Command Line : 4860 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 18.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 6464 | [Owner : jean- | Parent : 5860(explorer.exe) | 7.14 Mo] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe [04/09/2016 14:23:39] CPU Usage:0 % --> Command Line : 6996 | [Owner : jean- | Parent : 1412(svchost.exe) | 10.49 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.16299.15) = C:\Windows\System32\SettingSyncHost.exe [29/09/2017 14:41:26] CPU Usage:0 % --> Command Line : 3388 | [Owner : jean- | Parent : 1412(svchost.exe) | 97.04 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.248) = C:\Windows\explorer.exe [26/02/2018 18:09:20] CPU Usage:0 % --> Command Line : 6704 | [Owner : jean- | Parent : 3388(explorer.exe) | 13.98 Mo] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (10.7.1.340) = C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe [30/01/2018 14:02:46] CPU Usage:0 % --> Command Line : 6708 | [Owner : Système | Parent : 1208(services.exe) | 28.45 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.16299.248) = C:\Windows\System32\SearchIndexer.exe [26/02/2018 18:06:26] CPU Usage:0 % --> Command Line : 6376 | [Owner : Système | Parent : 1208(services.exe) | 6.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 6860 | [Owner : Système | Parent : 1208(services.exe) | 8.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 3988 | [Owner : SERVICE LOCAL | Parent : 2828(svchost.exe) | 12.94 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows .) - (10.0.16299.248) = C:\Windows\System32\audiodg.exe [26/02/2018 18:10:25] CPU Usage:0 % --> Command Line : 7100 | [Owner : jean- | Parent : 6368() | 25.04 Mo] - (.PortableApps.com - PortableApps.com Platform.) - (14.4.3.0) = R:\PortableApps\PortableApps.com\PortableAppsPlatform.exe [01/02/2018 21:38:46] CPU Usage:0 % --> Command Line : 1704 | [Owner : jean- | Parent : 7100(PortableAppsPlatform.exe) | 20.67 Mo] - (.PortableApps.com - PortableApps.com Updater.) - (14.4.3.0) = R:\PortableApps\PortableApps.com\PortableAppsUpdater.exe [01/02/2018 21:41:24] CPU Usage:0 % --> Command Line : 5324 | [Owner : jean- | Parent : 3388(explorer.exe) | 43.46 Mo] - (.SosVirus - QuickDiag.) - (22.10.17.1) = R:\quickdiag_3_22.10.17.1.exe [07/03/2018 13:57:33] CPU Usage:0 % --> Command Line : 1392 | [Owner : jean- | Parent : 1208(services.exe) | 20.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 5148 | [Owner : SERVICE LOCAL | Parent : 1208(services.exe) | 10.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe [29/09/2017 14:41:43] CPU Usage:0 % --> Command Line : 2836 | [Owner : jean- | Parent : 3388(explorer.exe) | 17.25 Mo] - (.PortableApps.com - PortableApps.com Platform.) - (14.4.3.0) = C:\Users\jean-\Documents\PortableApps.com_Platform_Setup_14.4.3.paf.exe [07/03/2018 13:42:14] CPU Usage:0 % --> Command Line : 5884 | [Owner : jean- | Parent : 3388(explorer.exe) | 48.3 Mo] - (.CyberLink - CyberLink Downloader.) - (3.0.0.1006) = C:\Users\jean-\Documents\CyberLink_AudioDirector_Downloader.exe [07/03/2018 13:54:50] CPU Usage:0 % --> Command Line : 7140 | [Owner : jean- | Parent : 4672() | 25.02 Mo] - (.PortableApps.com - PortableApps.com Platform.) - (14.4.3.0) = K:\PortableApps\PortableApps.com\PortableAppsPlatform.exe [01/02/2018 21:38:46] CPU Usage:0 % --> Command Line : 5236 | [Owner : Système | Parent : 1412(svchost.exe) | 8.98 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\System32\wbem\WmiPrvSE.exe [26/02/2018 18:04:21] CPU Usage:0 % --> Command Line : 2392 | [Owner : jean- | Parent : 7140(PortableAppsPlatform.exe) | 24.22 Mo] - (.PortableApps.com - PortableApps.com Updater.) - (14.4.3.0) = K:\PortableApps\PortableApps.com\PortableAppsUpdater.exe [01/02/2018 21:41:24] CPU Usage:12 % --> Command Line : 1268 | [Owner : jean- | Parent : 3388(explorer.exe) | 13.89 Mo] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe [29/09/2017 14:41:56] CPU Usage:0 % --> Command Line : 3564 | [Owner : SERVICE RÉSEAU | Parent : 1412(svchost.exe) | 10.15 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [26/02/2018 18:03:52] CPU Usage:0 % --> Command Line : ---------- | MD5 [MD5.A77D56422C38C1F8A00D95D2D5B1675E] - [26/02/2018 18:09:20] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3812.79 Ko] - (10.0.16299.248) : C:\WINDOWS\Explorer.exe [MD5.E08FE2DE3DDD22123247D49A11B4F53D] - [29/09/2017 14:41:33] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [266.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\cmd.exe [MD5.4E043FE41901F1EA1B0FCCEF3C077C56] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.27 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\csrss.exe [MD5.5D94FA288F4BB230FE77BC67DE506257] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. All rights reserved. - COM Surrogate.) - [20.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\dllhost.exe [MD5.222A8E8EA615529B5025DE5782830AF1] - [29/09/2017 14:42:04] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [686.1 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Kernel32.dll [MD5.94E06D509D50807774F35BEE3163E806] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. All rights reserved. - Local Security Authority Process.) - [56.62 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\lsass.exe [MD5.79BDBB684629A526CCD958F06B9D6FAD] - [29/09/2017 14:41:44] - (.© Microsoft Corporation. All rights reserved. - Distributed COM Services.) - [1091 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rpcss.dll [MD5.731A783A36A8E69A6434D19D98B12A09] - [29/09/2017 14:41:58] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [69.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rundll32.exe [MD5.AB75687641C9ADBE22336EC3C496909C] - [26/02/2018 18:09:24] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [601.34 Ko] - (10.0.16299.192) : C:\WINDOWS\System32\services.exe [MD5.440684C4F823AAE2CC587363F9C477A6] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [47.55 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\svchost.exe [MD5.0370364D4D8846B6CF316ABBB2EDB083] - [14/12/2017 02:38:58] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1595.98 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\user32.dll [MD5.755ED4FDBD7D6C3980610E26E527E2F5] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\userinit.exe [MD5.BF3E1D9B2360C6BE4CC3094CD2DDC617] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [351.16 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Wininit.exe [MD5.D0926E8FC082646487BD159538F4D9F5] - [26/02/2018 18:06:14] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [699 Ko] - (10.0.16299.192) : C:\WINDOWS\System32\Winlogon.exe [MD5.AD7B46330B55170ED706043DE88AC1A9] - [26/02/2018 18:05:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [599.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.6191B9B2EE0E8CB957C683B9B341CC86] - [29/09/2017 14:41:03] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [27.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.D180C7FB83CB30387EFF061B49E323E6] - [29/09/2017 14:41:03] - (.© Microsoft Corporation. All rights reserved. - ATAPI Driver Extension.) - [189.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.9E82A95D77AC78C84BA75FF896B060BF] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. All rights reserved. - CD-ROM File System Driver.) - [91 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.6D83565C1652E80447EDEA6947FA89D7] - [29/09/2017 14:41:02] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [156 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.9910E9CFF5ECDCB225F82E72CE9DE459] - [29/09/2017 14:41:44] - (.© Microsoft Corporation. All rights reserved. - DFS Namespace Client Driver.) - [147.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.99A34FD1F6431A10D8C3BB50E170D0F2] - [29/09/2017 14:40:59] - (.© Microsoft Corporation. All rights reserved. - High Definition Audio Bus Driver.) - [84 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.56FF074E50F9042FD2856AB3418F4B18] - [29/09/2017 14:41:08] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.7BEC2AF23F586EFF0DB4DBF4331B0C70] - [29/09/2017 14:41:33] - (.© Microsoft Corporation. All rights reserved. - IP Network Address Translator.) - [209 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.71729B1EE949E1B092CB5CB75CC63715] - [26/02/2018 18:10:23] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [482.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.EC74F146BCA0586DF835027D56B6A68D] - [26/02/2018 18:09:56] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1247.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.7FC54F2AF5EC52C7AC05AD90FFC757E6] - [26/02/2018 18:04:31] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [309.5 Ko] - (10.0.16299.192) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.B6FDEBE8F640E9173AD2BA3F9C014195] - [26/02/2018 18:09:56] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2338.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.2E07EC2C1622F5E7B535D62DCD61F3AB] - [29/09/2017 14:41:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [96.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.E0220BB6580D34001D4D1D133052DAA4] - [29/09/2017 14:41:58] - (.© Microsoft Corporation. All rights reserved. - RAS L2TP mini-port/call-manager driver.) - [104 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.DF83769C92527DB50653F8FB57D001FF] - [29/09/2017 14:42:31] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [178.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.CEB50240703E69F552116C7E9F0E0910] - [26/02/2018 18:06:13] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2708.4 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.571D82ABAC428D902ACA0CF60373C039] - [29/09/2017 14:41:43] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [118.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.5B27846CF4B1C21AFB3A35A8336BA02F] - [14/12/2017 02:39:01] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [391.9 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.www.startisback.com.-.OldNewExplorer shell enhancements.) - (1.1.8.2) -- C:\skinpack\OldNewExplorer64.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\inputhost.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\WINDOWS\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\WINDOWS\SYSTEM32\atidxx64.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\Polaris Office\Office8\Binary\SyncOverlay\X64\0FileIconSyncOn64.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\Polaris Office\Office8\Binary\SyncOverlay\X64\1FileIconSyncAlert64.dll (.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (.SpiderOakONE.-.SpiderOakONE shell extension.) - (1.0.0.0) -- C:\Program Files\SpiderOakONE\shell_extension.dll (.Python Software Foundation.-.Python Core.) - (2.7.11150.1013) -- C:\Program Files\SpiderOakONE\PYTHON27.DLL (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32api.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\pywintypes27.dll (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\pythoncom27.dll (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32trace.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32security.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.shell.shell.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32evtlog.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32file.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32pipe.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32event.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32process.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32gui.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.propsys.propsys.pyd (.Rebit, Inc..-.Rebit Pro Shell Extension.) - (6.1.3001.14947) -- C:\PROGRA~1\Rebit\REBITP~1\Rebit-Pro-Shell.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll (.Rebit, Inc..-.Rebit Pro Translations.) - (6.1.3001.14947) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll (..-..) - (0.0.0.0) -- : 3388 (.www.startisback.com.-.OldNewExplorer shell enhancements.) - (1.1.8.2) -- C:\skinpack\OldNewExplorer64.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\Polaris Office\Office8\Binary\SyncOverlay\X64\0FileIconSyncOn64.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\Polaris Office\Office8\Binary\SyncOverlay\X64\1FileIconSyncAlert64.dll (.Disc Soft Ltd.-.DAEMON Tools Lite.) - (10.7.1.340) -- C:\Program Files\DAEMON Tools Lite\DTShl64.dll (.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (.SpiderOakONE.-.SpiderOakONE shell extension.) - (1.0.0.0) -- C:\Program Files\SpiderOakONE\shell_extension.dll (.Python Software Foundation.-.Python Core.) - (2.7.11150.1013) -- C:\Program Files\SpiderOakONE\PYTHON27.DLL (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32api.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\pywintypes27.dll (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\pythoncom27.dll (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32trace.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32security.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.shell.shell.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32evtlog.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32file.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32pipe.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32event.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32process.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32gui.pyd (..-..) - (2.7.218.7) -- C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.propsys.propsys.pyd (.Rebit, Inc..-.Rebit Pro Shell Extension.) - (6.1.3001.14947) -- C:\PROGRA~1\Rebit\REBITP~1\Rebit-Pro-Shell.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll (.Rebit, Inc..-.Rebit Pro Translations.) - (6.1.3001.14947) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.19.3.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM64\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM64\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM64\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM64\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM64\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU desktop - (desktop.ini [Startup]) - User: DESKTOP-37KC94K\jean- CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\...\Run]) - User: DESKTOP-37KC94K\jean- OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-80-4287524181-3401991209-718407576-1481970793-3068686015\SOFTWARE\...\Run]) - User: NT SERVICE\MSSQL$ADK desktop - (desktop.ini [Common Startup]) - User: Public [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "DAEMON Tools Pro Agent"=0x03000000F795B3572305D201 "EPLTarget\P0000000000000000"=0x0300000030E44E2F91B1D301 "OneDrive"=0x020000000000000000000000 "COS"=0x03000000C0B2466C5B0AD201 "KillCopy"=0x030000001076476C5B0AD201 "CleanGeniusTray"=0x020000000000000000000000 "ApowersoftScreenRecorder"=0x020000000000000000000000 "Backup4all 7 Tray Agent"=0x0300000020BD4E2F91B1D301 "EPLTarget\P0000000000000001"=0x0896156E00000000000000000000401F " ISSetupPrerequisistes"=0x02000000000000000000000000000000 "WallpaperHd"=0x03000000400B4F2F91B1D301 "MCShield Monitor"=0x0392D34B30E44E2F91B1D301 "uTorrent"=0x03000000400B4F2F91B1D301 "CCleaner Monitoring"=0x0300000010A0CD93A0B4D301 "Application Restart #0"=0x0300000050324F2F91B1D301 "Application Restart #2"=0x0300000050324F2F91B1D301 "BitTorrent"=0x0300000010A0CD93A0B4D301 "vidnotifier.exe"=0x0300000010A0CD93A0B4D301 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=iexplore\1 "MRUList"=fedcba "b"=msconfig\1 "c"="C:\Users\jean-\Desktop\LFS Hyper-100% Sécurisé-Cewbé-ManageMyBarrow 2 à 6 & UMT Widen 1 à 3 Suite 2018.911.66.108.1\Paragon Partition Manager™ 14 Free.lnk"\1 "d"=C:\Users\jean-\Downloads\Paragon-760-FRU_WinInstallx64_16.14.3_000.exe\1 "e"="C:\Users\jean-\Documents\pm14free_x64_fr (1).exe"\1 "f"="C:\Users\jean-\Desktop\LFS Hyper-100% Sécurisé-Cewbé-ManageMyBarrow 2 à 6 & UMT Widen 1 à 3 Suite 2018.911.66.108.1\Explorer++.lnk"\1 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=EPSON XP-710 Series,winspool,Ne05: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM64\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "Rebit Pro Dashboard"=0x03000000F047956C5B0AD201 "Rebit 5 Dashboard"=0x0300000030AF896C5B0AD201 "RTHDVCPL"=0x0300000090CE4F2F91B1D301 "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"=0x020000000000000000000000 "WinZip UN"=0x020000000000000000000000 "WinZip PreLoader"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "!GetCurrentRollback"=0x04000000020000003100000000000000 "RollbackOnline"=0x06000000020000003100000000000000 "WindowsDefender"=0xA02FA512A02FA51200000000002DA512 "Ashampoo Core Tuner 2"=0x1875E6061875E60600002D0043004100 "StartCCC"=0x03000000B01C502F91B1D301 "KeePass 2 PreLoad"=0x020000000000000000000000 "Adobe ARM"=0x020000000000000000000000 [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StartCCC"=0x060000000000000000000000 "BingDesktop"=0x020000000000000000000000 "EEventManager"=0x030000004055606C5B0AD201 "Wondershare Helper Compact.exe"=0x020000000000000000000000 "MalTray"=0x0300000070CA606C5B0AD201 "Nero BackItUp"=0x03000000B0D0796C5B0AD201 "VMXPLXService"=0x03000000C05AA86C5B0AD201 "YouCam Service7"=0x03000000F004B56C5B0AD201 "Wondershare Helper Compact"=0x020000000000000000000000 "TrueImageMonitor.exe"=0x020000000000000000000000 "SunJavaUpdateSched"=0x03000000001309182DB5D301 "vspdfprsrv.exe"=0x020000000000000000000000 "vdcss"=0x020000000000000000000000 "IseUI"=0x020000000000000000000000 "bdruninstaller"=0x020000000000000000000000 "PSUAMain"=0x0300000080A74F2F91B1D301 "PowerDVD18Agent"=0x020000000000000000000000 "LaunchWUApp"=0x02000000000000000000000000000000 "Ashampoo Core Tuner 2"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 "SecurityHealth"=0x020000000000000000000000 "LWS"=0x0300000030EECD93A0B4D301 "PerfectCam Service"=0x030000004015CE93A0B4D301 "PowerDVD17Agent"=0x03000000503CCE93A0B4D301 [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=1 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D33928A8E92551 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater Avast Emergency Update CCleanerSkipUAC CreateExplorerShellUnelevatedTask DeReporting EPSON XP-710 Series Invitation {A7A48465-8F30-4EBB-B109-FA79C2138ED6} EPSON XP-710 Series Invitation {B7B0E590-2998-4E1D-96A9-D7EB4B617043} EPSON XP-710 Series Invitation {E3C7832B-981C-4D8A-9765-0314DE4144D7} EPSON XP-710 Series Update {A7A48465-8F30-4EBB-B109-FA79C2138ED6} EPSON XP-710 Series Update {B7B0E590-2998-4E1D-96A9-D7EB4B617043} EPSON XP-710 Series Update {E3C7832B-981C-4D8A-9765-0314DE4144D7} GoogleUpdateTaskMachineCore1d3a728d3baed1b GoogleUpdateTaskMachineUA MORE_ChatAppDailyScheduleTask MORE_SIE1 Opera scheduled Autoupdate 1518892065 User_Feed_Synchronization-{3EF053DA-9088-495B-9E19-1A7664ABB844} ---------- | Startings up registry � Folder [HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] : "C:\Users\jean-\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED [HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeePass 2 PreLoad] : "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(6)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(6)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=8 "ServicesPipeTimeout"=120000 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "NoLmHash"=1 "Security Packages"="" "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LimitBlankPasswordUse"=0 "LsaPid"=1220 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "BootExecute"=autocheck autochk * bootdelete "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "AutoChkTimeout"=5 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=a3f2307f-b51a-42db-92f9-9517d95 "GlassSessionId"=1 ---------- | .LNK with Arguments