Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Exécuté par nathan (06-07-2019 01:31:59) Run:4
Exécuté depuis C:\Users\nathan\Desktop
Profils chargés: nathan (Profils disponibles: nathan)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5262096 2019-05-22] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [Advanced SystemCare 12] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3422480 2019-05-13] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [HiddenWildflower] => C:\Windows\rss\csrss.exe [5254144 2019-07-04] () [Fichier non signé] <==== ATTENTION
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\ASC
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000
unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998
C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
C:\Windows\System32\Tasks\csrss
C:\Windows\rss\csrss.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CloudNet
C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKCU\SOFTWARE\EpicNet Inc.
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc.
C:\Users\nathan\AppData\Roaming\EpicNet Inc
unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{190A9340-AACB-4053-84F5-9960A1286A13}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{190A9340-AACB-4053-84F5-9960A1286A13}
Task: {4107081B-99FB-4116-93B9-4D7DD56713CD} - \{248E71BD-FD6D-46BF-889A-874915A90435} -> Pas de fichier
C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {F7E55B26-44E1-46ED-BC51-75E09A93BFBB} - System32\Tasks\ewSXxaflLkNov2 => C:\Windows\system32\wscript.exe "C:\ProgramData\xpekMjRorgkcLnVB\HcCoFUY.wsf"
CHR HomePage: Default -> hxxp://www.funnysearching.com/
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11457840 2019-07-03] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] (Accès refusé) <==== ATTENTION (Accès refusé)
S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [0 0000-00-00] () <==== ATTENTION (zéro octet Fichier/Dossier)
R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [68424 2019-07-04] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ATTENTION (zéro octet Fichier/Dossier)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-07-02] (WDKTestCert Admin,131666266076831434 -> ) [Fichier non signé]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U3 MBAMService; pas de ImagePath
2019-07-02 15:59 - 2019-07-02 15:59 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA [16]
FirewallRules: [{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}] => (Allow) C:\Windows\rss\csrss.exe () [Fichier non signé]
FirewallRules: [{190A9340-AACB-4053-84F5-9960A1286A13}] => (Allow) C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Pas de fichier
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter" => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 12" => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HiddenWildflower" => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare => supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\IObit\ASC => supprimé(es) avec succès
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000" => non trouvé(e)
"C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé
HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)
Exécuté par nathan (06-07-2019 01:31:59) Run:4
Exécuté depuis C:\Users\nathan\Desktop
Profils chargés: nathan (Profils disponibles: nathan)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5262096 2019-05-22] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [Advanced SystemCare 12] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3422480 2019-05-13] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [HiddenWildflower] => C:\Windows\rss\csrss.exe [5254144 2019-07-04] () [Fichier non signé] <==== ATTENTION
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\ASC
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000
unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998
C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF
C:\Windows\System32\Tasks\csrss
C:\Windows\rss\csrss.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CloudNet
C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower
DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKCU\SOFTWARE\EpicNet Inc.
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc.
C:\Users\nathan\AppData\Roaming\EpicNet Inc
unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{190A9340-AACB-4053-84F5-9960A1286A13}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}
DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{190A9340-AACB-4053-84F5-9960A1286A13}
Task: {4107081B-99FB-4116-93B9-4D7DD56713CD} - \{248E71BD-FD6D-46BF-889A-874915A90435} -> Pas de fichier
C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {F7E55B26-44E1-46ED-BC51-75E09A93BFBB} - System32\Tasks\ewSXxaflLkNov2 => C:\Windows\system32\wscript.exe "C:\ProgramData\xpekMjRorgkcLnVB\HcCoFUY.wsf"
CHR HomePage: Default -> hxxp://www.funnysearching.com/
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11457840 2019-07-03] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] (Accès refusé) <==== ATTENTION (Accès refusé)
S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [0 0000-00-00] () <==== ATTENTION (zéro octet Fichier/Dossier)
R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [68424 2019-07-04] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ATTENTION (zéro octet Fichier/Dossier)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-07-02] (WDKTestCert Admin,131666266076831434 -> ) [Fichier non signé]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U3 MBAMService; pas de ImagePath
2019-07-02 15:59 - 2019-07-02 15:59 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA [16]
FirewallRules: [{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}] => (Allow) C:\Windows\rss\csrss.exe () [Fichier non signé]
FirewallRules: [{190A9340-AACB-4053-84F5-9960A1286A13}] => (Allow) C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Pas de fichier
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter" => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 12" => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => non trouvé(e)
"HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HiddenWildflower" => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare => supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\IObit\ASC => supprimé(es) avec succès
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000" => non trouvé(e)
"C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé
HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)