--------------- QuickDiag | g3n-h@ckm@n | V4_31.08.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 05/09/2018 01:45:17 Updated 31/08/2018 | 22:20 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Afrique centrale - Ouest [nav (Administrator)] - [EAC2016] (S-1-5-21-2393617629-3537631001-1605133833-1001) System: Microsoft Windows 8.1 Professionnel - - (6.3.9600) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> () System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 8.1 Professionnel|C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: eM350 - eMachines - IdNumber: LUNAH0B0450192A0031601 - UUID: A1D04A11-F465-2C91-572C-705AB6F1D286 Processor : X64 - 1663 Mhz - Intel(R) Atom(TM) CPU N450 @ 1.66GHz InsydeH2O Version V1.00 - - Acer - S/N: LUNAH0B0450192A0031601 - V1.00 - ACRSYS - 1 CoreTemp : 45 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_10250349&REV_1000\4&80E8E32&0&0001 ---------- | Video Intel(R) Graphics Media Accelerator 3150 (Microsoft Corporation - WDDM 1.0) - Resolution: 1024x600 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_03491025&REV_00\3&21436425&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456 Intel(R) Graphics Media Accelerator 3150 (Microsoft Corporation - WDDM 1.0) - Resolution: 1024x600 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A012&SUBSYS_03491025&REV_00\3&21436425&0&11 - AdapterCompatibility: Intel Corporation - RAM: Inegrated Video Chipset DeviceName: Intel(R) Graphics Media Accelerator 3150 (Microsoft Corporation - WDDM 1.0) - DriverVersion: 8.14.10.2697 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 32256 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12800 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13824 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29960 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 85504 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22720 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23040 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 48128 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36136 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 69120 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:12 % CPU #2 value:37 % Total Overall CPU Usage value:25 % ---------- | Network Qualcomm Atheros AR8132 PCI-E Fast Ethernet Controller [NDIS 6.30] : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR5B95 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:25 bytes/sec, / RECEIVE Maximum:0 bytes/sec Qualcomm Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_1062&SUBSYS_03491025&REV_C0\4&7F9F810&0&00E0 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR5B95 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_002B&SUBSYS_E016105B&REV_01\4&33FD61B7&0&00E1 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&A1E4017&0&01 Carte virtuelle directe Wi-Fi Microsoft - - - Status: - PnPID : Carte Microsoft ISATAP - - - Status: - PnPID : Miniport WAN (PPPOE) - - - Status: - PnPID : Miniport WAN (PPTP) - - - Status: - PnPID : Miniport WAN (IP) - - - Status: - PnPID : Miniport WAN (IPv6) - - - Status: - PnPID : Miniport WAN (Moniteur réseau) - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 1037 | Free (MB) : 116 Pagefile = Total (MB) : 2807 | Free (MB) : 1783 Virtual = Total (MB) : 2097 | Free (MB) : 1865 Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: Kinston - PartNumber: 414352313238583634443253383030433620 - S/N: 4D37FF4E ---------- | SID Users Administrateur : [S-1-5-21-2393617629-3537631001-1605133833-500] HomeGroupUser$ : [S-1-5-21-2393617629-3537631001-1605133833-1003] Invité : [S-1-5-21-2393617629-3537631001-1605133833-501] nav : [S-1-5-21-2393617629-3537631001-1605133833-1001] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-2393617629-3537631001-1605133833-1002] WinRMRemoteWMIUsers__ : [S-1-5-21-2393617629-3537631001-1605133833-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 49.95 Go | Free : 2.68 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 98.75 Go | Free : 70.25 Go -> NTFS [SATA] E:\ -> [Removable] | [ECA] | Total : 3.74 Go | Free : 3.64 Go -> FAT32 [USB] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:, D:] : Read:502,063 bytes/sec, Written:0 bytes/sec Max Read:502,063 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:502,063 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\5FE91F3A&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_HITACHI&PROD_HTS545016B9A300\4&44D92FE&0&000000 ---------- | Windows updates - Activation - License W.A.T : :) Last detection : 2018-08-08 12:04:25 Downloaded last ones : 2018-08-08 13:15:12 Installed last ones : 2018-08-08 11:40:43 Next search : 2018-08-09 07:44:35 Personal Licence ---------- | Browsers IE : 11.0.9600.18124 (© Microsoft Corporation. Tous droits réservés.) GC : 59.0.3071.115 (Copyright 2016 Google Inc. All rights reserved.) Default : "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "" ---------- | FlashPlayer FlashPlayer ActiveX : 30.0.0.134 FlashPlayer Plugin : 23.0.0.207 ---------- | Security AV : Windows Defender Disabled AS : ESET NOD32 Antivirus 9.0.386.1 Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 264 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe [23/08/2014 00:10:23] CPU Usage:0 % 416 | [Owner : Système | Parent : 408() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe [22/08/2013 07:13:53] CPU Usage:0 % 476 | [Owner : Système | Parent : 408() | 3.49 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.3.9600.18577) = C:\Windows\System32\wininit.exe [15/03/2017 12:14:07] CPU Usage:0 % 528 | [Owner : Système | Parent : 476(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.3.9600.17793) = C:\Windows\System32\services.exe [13/05/2015 18:26:13] CPU Usage:0 % 592 | [Owner : Système | Parent : 476(wininit.exe) | 6.92 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.17415) = C:\Windows\System32\lsass.exe [15/04/2015 22:16:14] CPU Usage:0 % 656 | [Owner : Système | Parent : 528(services.exe) | 6.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 700 | [Owner : SERVICE RÉSEAU | Parent : 528(services.exe) | 5.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 784 | [Owner : Système | Parent : 528(services.exe) | 76.33 Mo] - (.ESET - ESET Service.) - (9.0.385.1) = C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [23/06/2016 14:11:58] CPU Usage:0 % 904 | [Owner : SERVICE LOCAL | Parent : 528(services.exe) | 18.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 928 | [Owner : Système | Parent : 528(services.exe) | 59.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 964 | [Owner : SERVICE LOCAL | Parent : 528(services.exe) | 8.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1016 | [Owner : Système | Parent : 528(services.exe) | 19.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1100 | [Owner : SERVICE RÉSEAU | Parent : 528(services.exe) | 14.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1244 | [Owner : Système | Parent : 528(services.exe) | 9.04 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.3.9600.17415) = C:\Windows\System32\spoolsv.exe [15/04/2015 22:25:14] CPU Usage:0 % 1284 | [Owner : SERVICE LOCAL | Parent : 528(services.exe) | 12.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1388 | [Owner : Système | Parent : 528(services.exe) | 2.9 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.27.2646) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [21/03/2018 02:21:48] CPU Usage:0 % 1420 | [Owner : Système | Parent : 528(services.exe) | 8.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1436 | [Owner : SERVICE LOCAL | Parent : 1016(svchost.exe) | 8.66 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17415) = C:\Windows\System32\dasHost.exe [15/04/2015 22:17:04] CPU Usage:0 % 1548 | [Owner : SERVICE LOCAL | Parent : 528(services.exe) | 5.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1644 | [Owner : Système | Parent : 528(services.exe) | 6.79 Mo] - (. - .) - (0.0.0.0) = C:\ProgramData\wta36723.exe [14/07/2017 00:35:25] CPU Usage:0 % 428 | [Owner : SERVICE LOCAL | Parent : 528(services.exe) | 8.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1820 | [Owner : Système | Parent : 528(services.exe) | 4.15 Mo] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.3.9600.17415) = C:\Windows\servicing\TrustedInstaller.exe [15/04/2015 22:18:52] CPU Usage:0 % 1356 | [Owner : Système | Parent : 656(svchost.exe) | 72.58 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (6.3.9600.17477) = C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe [19/12/2014 22:21:58] CPU Usage:15 % 3344 | [Owner : Système | Parent : 528(services.exe) | 25.02 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9600.18722) = C:\Windows\System32\SearchIndexer.exe [15/06/2017 06:35:02] CPU Usage:0 % 3760 | [Owner : SERVICE RÉSEAU | Parent : 528(services.exe) | 15.21 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.9600.17415) = C:\Program Files\Windows Media Player\wmpnetwk.exe [15/04/2015 22:26:37] CPU Usage:0 % 1716 | [Owner : Système | Parent : 3160() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe [22/08/2013 07:13:53] CPU Usage:0 % 1556 | [Owner : Système | Parent : 3160() | 4.48 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.3.9600.18188) = C:\Windows\System32\winlogon.exe [09/03/2016 18:19:12] CPU Usage:0 % 2860 | [Owner : DWM-2 | Parent : 1556(winlogon.exe) | 36.42 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.3.9600.17415) = C:\Windows\System32\dwm.exe [15/04/2015 22:19:08] CPU Usage:0 % 3648 | [Owner : Système | Parent : 928(svchost.exe) | 4.44 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe [15/04/2015 22:18:21] CPU Usage:0 % 4064 | [Owner : Système | Parent : 528(services.exe) | 4.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 1880 | [Owner : nav | Parent : 928(svchost.exe) | 8.98 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe [15/04/2015 22:18:21] CPU Usage:0 % 3144 | [Owner : nav | Parent : 784(ekrn.exe) | 26.07 Mo] - (.ESET - ESET Main GUI.) - (9.0.385.0) = C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [10/06/2016 15:10:26] CPU Usage:0 % 2060 | [Owner : nav | Parent : 1264(explorer.exe) | 6.39 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.3.9600.18460) = C:\Windows\explorer.exe [11/10/2016 21:59:44] CPU Usage:0 % 3936 | [Owner : nav | Parent : 2060(explorer.exe) | 7.61 Mo] - (.Microsoft Corporation - Run Once Wrapper.) - (6.3.9600.17415) = C:\Windows\System32\runonce.exe [15/04/2015 22:15:23] CPU Usage:0 % 228 | [Owner : nav | Parent : 3936(runonce.exe) | 15.4 Mo] - (. - s.) - (2.2.5.0) = C:\Users\nav\AppData\Local\Temp\14-2373e-555-e51a0-276f6d1acc2aa\VKSRXDWWVI.exe [14/07/2017 00:40:37] CPU Usage:0 % 3324 | [Owner : nav | Parent : 2200() | 19.49 Mo] - (.Microsoft Corporation - Gestionnaire des tâches.) - (6.3.9600.17415) = C:\Windows\System32\Taskmgr.exe [15/04/2015 22:25:54] CPU Usage:15 % 836 | [Owner : Système | Parent : 928(svchost.exe) | 3.62 Mo] - (.Microsoft Corporation - Tâches de fond de la protection du système Microsoft® Windows..) - (6.3.9600.17415) = C:\Windows\System32\SrTasks.exe [15/04/2015 22:15:41] CPU Usage:0 % 3128 | [Owner : Système | Parent : 836(SrTasks.exe) | 2.54 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe [15/04/2015 22:23:59] CPU Usage:0 % 3212 | [Owner : Système | Parent : 928(svchost.exe) | 11.75 Mo] - (.Microsoft Corporation - Windows Update.) - (7.9.9600.18696) = C:\Windows\System32\wuauclt.exe [15/06/2017 06:35:08] CPU Usage:0 % 3644 | [Owner : SERVICE LOCAL | Parent : 928(svchost.exe) | 8.79 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhost.exe [15/04/2015 22:19:04] CPU Usage:0 % 3404 | [Owner : Système | Parent : 928(svchost.exe) | 0.31 Mo] - (.Microsoft Corporation - Consolidateur SQM Windows.) - (6.3.9600.17415) = C:\Windows\System32\wsqmcons.exe [15/04/2015 22:20:51] CPU Usage:0 % 3216 | [Owner : nav | Parent : 928(svchost.exe) | 1.06 Mo] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.824.27.2646) = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [21/03/2018 02:21:48] CPU Usage:0 % 3180 | [Owner : nav | Parent : 656(svchost.exe) | 6.6 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.3.9600.17415) = C:\Windows\System32\rundll32.exe [15/04/2015 22:15:44] CPU Usage:0 % 1264 | [Owner : nav | Parent : 656(svchost.exe) | 50.56 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.3.9600.18460) = C:\Windows\explorer.exe [11/10/2016 21:59:44] CPU Usage:0 % 2792 | [Owner : nav | Parent : 656(svchost.exe) | 6.07 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.3.9600.17415) = C:\Windows\System32\rundll32.exe [15/04/2015 22:15:44] CPU Usage:0 % 2980 | [Owner : nav | Parent : 656(svchost.exe) | 7.41 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.3.9600.17415) = C:\Windows\System32\rundll32.exe [15/04/2015 22:15:44] CPU Usage:0 % 1636 | [Owner : SERVICE LOCAL | Parent : 1016(svchost.exe) | 4.79 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.3.9600.17415) = C:\Windows\System32\WUDFHost.exe [15/04/2015 22:23:16] CPU Usage:0 % 1764 | [Owner : Système | Parent : 656(svchost.exe) | 5.15 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18264) = C:\Windows\System32\wbem\WmiPrvSE.exe [10/05/2016 23:02:55] CPU Usage:0 % 3496 | [Owner : nav | Parent : 1264(explorer.exe) | 35.48 Mo] - (.SosVirus - QuickDiag.) - (31.8.18.1) = E:\QuickDiag.exe [05/09/2018 02:21:10] CPU Usage:0 % 2576 | [Owner : SERVICE RÉSEAU | Parent : 656(svchost.exe) | 11.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18264) = C:\Windows\System32\wbem\WmiPrvSE.exe [10/05/2016 23:02:55] CPU Usage:19 % 2920 | [Owner : Système | Parent : 528(services.exe) | 2.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [15/04/2015 22:16:34] CPU Usage:0 % 2872 | [Owner : nav | Parent : 656(svchost.exe) | 11.39 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.3.9600.17415) = C:\Windows\System32\rundll32.exe [15/04/2015 22:15:44] CPU Usage:0 % 680 | [Owner : Système | Parent : 3344(SearchIndexer.exe) | 3.52 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9600.18722) = C:\Windows\System32\SearchProtocolHost.exe [15/06/2017 06:35:07] CPU Usage:0 % 3708 | [Owner : Système | Parent : 3344(SearchIndexer.exe) | 3.65 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.9600.17415) = C:\Windows\System32\SearchFilterHost.exe [15/04/2015 22:18:25] CPU Usage:0 % 1888 | [Owner : SERVICE LOCAL | Parent : 904(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows .) - (6.3.9600.17415) = C:\Windows\System32\audiodg.exe [14/01/2015 20:21:28] CPU Usage:0 % 3532 | [Owner : nav | Parent : 1264(explorer.exe) | 34.47 Mo] - (.SosVirus - QuickDiag.) - (31.8.18.1) = C:\Users\nav\Desktop\QuickDiag.exe [05/09/2018 01:44:42] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) ---------- | svchost.exe Modules (Microsoft Files Whitelisted) ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Skype - ("C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\...\Run]) - User: EAC2016\nav smoti2.vbs - (C:\Users\nav\AppData\Roaming\smoti2\smoti2.vbs [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\...\Run]) - User: EAC2016\nav Taloce.vbs - (C:\Users\nav\AppData\Roaming\Taloce\Taloce.vbs [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\...\Run]) - User: EAC2016\nav UTANGXPKBG.exe - (C:\Users\nav\AppData\Local\Temp\80-4e5b8-7af-c48ac-13ef3f5141428\UTANGXPKBG.exe m_1 L_1 [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\...\Run]) - User: EAC2016\nav RtHDVCpl - (C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [HKLM\SOFTWARE\...\Run]) - User: Public IgfxTray - (C:\Windows\system32\igfxtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public HotKeysCmds - (C:\Windows\system32\hkcmd.exe [HKLM\SOFTWARE\...\Run]) - User: Public Persistence - (C:\Windows\system32\igfxpers.exe [HKLM\SOFTWARE\...\Run]) - User: Public USB Security - (C:\Program Files\USB Disk Security\USBGuard.exe [HKLM\SOFTWARE\...\Run]) - User: Public MRT - ("C:\Windows\system32\MRT.exe" /R [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\Software\Microsoft\Command Processor] "PathCompletionChar"=9 "EnableExtensions"=1 "CompletionChar"=9 "DefaultColor"=0 [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun "smoti2.vbs"=C:\Users\nav\AppData\Roaming\smoti2\smoti2.vbs [14/07/2017 00:35:58] "Taloce.vbs"=C:\Users\nav\AppData\Roaming\Taloce\Taloce.vbs [14/07/2017 00:40:30] "UTANGXPKBG.exe"=C:\Users\nav\AppData\Local\Temp\80-4e5b8-7af-c48ac-13ef3f5141428\UTANGXPKBG.exe m_1 L_1 [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "PQMMJNBPPV.exe"=C:\Users\nav\AppData\Local\Temp\80-4e5b8-7af-c48ac-13ef3f5141428\PQMMJNBPPV.exe [14/07/2017 00:40:34] [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "Skype"=0x020000000000000000000000 "smoti2.vbs"=0x0300000040D7EE2CCE00D301 "Taloce.vbs"=0x03000000AE6EEF2ECE00D301 "UTANGXPKBG.exe"=0x030000001A6B223CCE00D301 [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=BUREAU\1 "MRUList"=cab "b"=EPSON\1 "c"=PHOTO\1 [HKU\S-1-5-21-2393617629-3537631001-1605133833-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "NullPort"=None "Load"= "UserSelectedDefault"=0 "NetMessage"=no "DosPrint"=no "Documents"= "DebugOptions"=2048 "Programs"=com exe bat pif cmd "Device"=Microsoft XPS Document Writer,winspool,Ne00: [HKLM\Software\Microsoft\Command Processor] "PathCompletionChar"=64 "EnableExtensions"=1 "CompletionChar"=64 "DefaultColor"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s "IgfxTray"=C:\Windows\system32\igfxtray.exe "HotKeysCmds"=C:\Windows\system32\hkcmd.exe "Persistence"=C:\Windows\system32\igfxpers.exe "USB Security"=C:\Program Files\USB Disk Security\USBGuard.exe [18/08/2014 20:48:25] "MRT"="C:\Windows\system32\MRT.exe" /R [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Lahin_Raw_barra_al3eb_b3id_VKSRXDWWVI.exe"="C:\Users\nav\AppData\Local\Temp\14-2373e-555-e51a0-276f6d1acc2aa\VKSRXDWWVI.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "Adobe ARM"=0x020000000000000000000000 "egui"=0x020000000000000000000000 "RtHDVCpl"=0x020000000000000000000000 "HotKeysCmds"=0x03000000FDF4E242CE00D301 "Persistence"=0x03000000866A9E44CE00D301 "IgfxTray"=0x0300000074BF144ECE00D301 "SunJavaUpdateSched"=0x020000000000000000000000 "USB Security"=0x020000000000000000000000 "MRT"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "Spooler"=yes "DeviceNotSelectedTimeout"=15 "TransmissionRetryTimeout"=90 "EnableDwmInputProcessing"=7 "ShutdownWarningDialogTimeout"=4294967295 "USERProcessHandleQuota"=10000 "LoadAppInit_DLLs"=1 "IconServiceLib"=IconCodecService.dll "DesktopHeapLogging"=1 "DdeSendTimeout"=0 "DwmInputUsesIoCompletionPort"=1 "USERPostMessageLimit"=10000 "USERNestedWindowLimit"=50 "AppInit_DLLs"=C:\ProgramData\Utatity\TrippleZamtone.dll "NaturalInputHandler"=Ninput.dll "ThreadUnresponsiveLogTimeout"=500 "GDIProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D2F810C73A1A94 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List Adobe Acrobat Update Task CCleanerSkipUAC CreateChoiceProcessTask GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineCore1d15e45ee825f6a GoogleUpdateTaskMachineUA GoogleUpdateTaskMachineUA1d194da479d181c Optimize Start Menu Cache Files-S-1-5-21-2393617629-3537631001-1605133833-1001 User_Feed_Synchronization-{6758A801-DF0E-4359-9F10-FA05D003D28D} {67A2D7EC-9413-4D95-B9BB-68CC76A1361C} {7B741534-F7BD-4573-96BE-ECDC320E056F} {87AC3102-09C4-4832-9D55-8938BA93A503} {D30755B5-9696-401F-919E-5C5134384F25} ---------- | Startings up registry � Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM "BootDriverFlags"=28 "CurrentUser"=USERNAME "WaitToKillServiceTimeout"=200 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=0 "DirtyShutdownCount"=132 [HKLM\System\CurrentControlSet\Control\lsa] "Bounds"=0x0030000000200000 "auditbasedirectories"=0 "fullprivilegeauditing"=0x00 "crashonauditfail"=0 "auditbaseobjects"=0 "Security Packages"="" [18/08/2014 07:48:27] "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=592 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "GlobalFlag"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapDeCommitFreeBlockThreshold"=0 "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "CriticalSectionTimeout"=2592000 "ProcessorControl"=2 "ExcludeFromKnownDlls"= "HeapSegmentReserve"=0 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "NumberOfInitialSessions"=2 "RunLevelExecute"=WinInit ServiceControlManager "AutoChkTimeout"=1 "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"=C:\Windows\System32\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml [HKLM\System\CurrentControlSet\Control\Terminal Server] "StartRCM"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "TSUserEnabled"=0 "RCDependentServices"=SessionEnv CertPropSvc "SnapshotMonitors"=1 "DelayConMgrTimeout"=0 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "AllowRemoteRPC"=0 "ProductVersion"=5.1 "fDenyTSConnections"=1 "InstanceID"=713617dc-3e32-4d98-b70a-f611bd1 "GlassSessionId"=2 ---------- | .LNK with Arguments