Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 3-07-2019 Exécuté par nathan (06-07-2019 01:31:59) Run:4 Exécuté depuis C:\Users\nathan\Desktop Profils chargés: nathan (Profils disponibles: nathan) Mode d'amorçage: Normal ============================================== fixlist contenu: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5262096 2019-05-22] (IObit Information Technology -> IObit) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [Advanced SystemCare 12] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3422480 2019-05-13] (IObit Information Technology -> IObit) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3514000543-3983533879-240645468-1000\...\Run: [HiddenWildflower] => C:\Windows\rss\csrss.exe [5254144 2019-07-04] () [Fichier non signé] <==== ATTENTION DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\ASC C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000 unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 C:\Windows\system32\drivers\8f00b204e9800998.sys DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{952A3673-DA11-4B34-9B9D-6335EA0D8EDF C:\Windows\System32\Tasks\csrss C:\Windows\rss\csrss.exe DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CloudNet C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|HiddenWildflower DeleteValue: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet DeleteKey: HKCU\SOFTWARE\EpicNet Inc. DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc. C:\Users\nathan\AppData\Roaming\EpicNet Inc unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys C:\Windows\System32\drivers\WinmonProcessMonitor.sys DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BFDDB2EB-EA6C-457B-A784-D5E1972D372F} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{190A9340-AACB-4053-84F5-9960A1286A13} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{BFDDB2EB-EA6C-457B-A784-D5E1972D372F} DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|{190A9340-AACB-4053-84F5-9960A1286A13} Task: {4107081B-99FB-4116-93B9-4D7DD56713CD} - \{248E71BD-FD6D-46BF-889A-874915A90435} -> Pas de fichier C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION Task: {F7E55B26-44E1-46ED-BC51-75E09A93BFBB} - System32\Tasks\ewSXxaflLkNov2 => C:\Windows\system32\wscript.exe "C:\ProgramData\xpekMjRorgkcLnVB\HcCoFUY.wsf" CHR HomePage: Default -> hxxp://www.funnysearching.com/ R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11457840 2019-07-03] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] (Accès refusé) <==== ATTENTION (Accès refusé) S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [0 0000-00-00] () <==== ATTENTION (zéro octet Fichier/Dossier) R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [68424 2019-07-04] (EnigmaSoft Limited -> EnigmaSoft Limited) R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ATTENTION (zéro octet Fichier/Dossier) R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-07-02] (WDKTestCert Admin,131666266076831434 -> ) [Fichier non signé] S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X] U3 MBAMService; pas de ImagePath 2019-07-02 15:59 - 2019-07-02 15:59 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA​ [16] FirewallRules: [{BFDDB2EB-EA6C-457B-A784-D5E1972D372F}] => (Allow) C:\Windows\rss\csrss.exe () [Fichier non signé] FirewallRules: [{190A9340-AACB-4053-84F5-9960A1286A13}] => (Allow) C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Pas de fichier EmptyTemp: ***************** Le Point de restauration a été créé avec succès. Processus fermé avec succès. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter" => non trouvé(e) "HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 12" => non trouvé(e) "HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => non trouvé(e) "HKU\S-1-5-21-3514000543-3983533879-240645468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HiddenWildflower" => non trouvé(e) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e) HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare => supprimé(es) avec succès HKLM\SOFTWARE\Wow6432Node\IObit\ASC => supprimé(es) avec succès "C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000" => non trouvé(e) "C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)