---------- | AdsFix | g3n-h@ckm@n | V3_16.12.2016.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 09:30:00 - 17/12/2016 Mis a jour le : 16/12/2016 | 14.30 par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\dingu\Desktop\AdsFix.exe Boot: Normal boot [dingu (Administrator)] - [DESKTOP-RET2IH4] - (france [040C]) SID = S-1-5-21-782420671-2648317273-1306397052-1002 || [64696e6775205e5e] PC : Packard Bell - imedia S2110 - Processor : X64 - 1397 - AMD E1-1200 APU with Radeon(tm) HD Graphics Bios : American Megatrends Inc. - 08/09/2012 - V.P11-A0 CoreTemp : ? C CPU #1 value:1 % CPU #2 value:1 % Total Overall CPU Usage value:1 % Systeme : Windows 10 Home (64 bits) Core Memoire RAM = Total (MB) : 3902 | Libre (MB) : 2154 Pagefile = Total (MB) : 4557 | Libre (MB) : 2441 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3918 C:\ -> [Fixed] | [Packard Bell] | Total : 223.16 Go | Free : 99.81 Go -> NTFS [SATA] D:\ -> [Fixed] | [DATA] | Total : 224.36 Go | Free : 224.24 Go -> NTFS [SATA] F:\ -> [Removable] | [USB DISK] | Total : 3.61 Go | Free : 0.65 Go -> FAT32 [USB] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [17.12.2016 @ 09_29_57]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows ---------- | Navigateurs IE : 11.0.14393.0 (© Microsoft Corporation. Tous droits réservés.) ---------- | Security (atcav : 0) AM : Malwarebytes' Anti-Malware (2.3.173.0) [Update : 22/11/2016 23:57:53] FW : WMI : OK WU: Windows Update Service [Manual(3)] = non en cours AS: Windows Defender [Auto(2)] = en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 24.0.0.186 ---------- | Processes closed 788 | [Owner : Système |Parent : 596(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1580 | [Owner : Système |Parent : 596(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe 1956 | [Owner : SERVICE LOCAL |Parent : 1000(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 1176 | [Owner : Système |Parent : 596(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2012 | [Owner : Système |Parent : 596(services.exe)] - (.Sony Corporation - Device Information Provider.) - (10.2.1.6240) = C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe 2132 | [Owner : Système |Parent : 596(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MsMpEng.exe 3124 | [Owner : Système |Parent : 788()] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 3092 | [Owner : dingu |Parent : 596(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 3596 | [Owner : dingu |Parent : 1080(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 3688 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 2180 | [Owner : dingu |Parent : 692(svchost.exe)] - (.-.) - (11.10.145.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 1684 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.187) = C:\Windows\System32\SettingSyncHost.exe 3816 | [Owner : dingu |Parent : 1168(explorer.exe)] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.10.14393.187) = C:\Program Files\Windows Defender\MSASCuiL.exe 3608 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 4244 | [Owner : Système |Parent : 716(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.447) = C:\Windows\System32\fontdrvhost.exe 1068 | [Owner : SERVICE RÉSEAU |Parent : 596(services.exe)] - (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) = C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 2584 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - System Settings Broker.) - (10.0.14393.0) = C:\Windows\System32\SystemSettingsBroker.exe 6132 | [Owner : SERVICE LOCAL |Parent : 1000(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 4288 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - Video Application.) - (10.16112.1022.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe 2724 | [Owner : dingu |Parent : 692(svchost.exe)] - (.-.) - (0.0.0.0) = C:\Program Files\WindowsApps\Facebook.Facebook_75.700.56604.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe 3276 | [Owner : dingu |Parent : 1080(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 2296 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - OneNote.) - (16.0.7668.5760) = C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.57601.0_x64__8wekyb3d8bbwe\onenoteim.exe 1148 | [Owner : dingu |Parent : 692(svchost.exe)] - (.-.) - (1.0.1611.18000) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 6504 | [Owner : dingu |Parent : 692(svchost.exe)] - (.- News.) - (0.0.0.0) = C:\Program Files\WindowsApps\Microsoft.BingNews_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe 3272 | [Owner : SERVICE RÉSEAU |Parent : 5184()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MpCmdRun.exe 2484 | [Owner : dingu |Parent : 692(svchost.exe)] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.321) = C:\Windows\System32\smartscreen.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\aliexpress.com Suppression : HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fr.aliexpress.com Suppression : HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.myway.com Suppression : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[SIGN.IE=055310 PConverter.fe9416e71d1f4315884e28182066034f.exe] Suppression : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\Common Files\Ahead\Lib\specialoffer.exe] Suppression : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{021EA543-ADD4-405D-BF66-EB32B393D434} : 1 Suppression : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]~[Chromium] : 0x020000000000000000000000 ---------- | Dossiers | Fichiers Suppression : C:\Users\dingu\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{021EA543-ADD4-405D-BF66-EB32B393D434}.ico (.-.) ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : Preserve -> https://www.google.com/ Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Reparation : [HKU\S-1-5-21-782420671-2648317273-1306397052-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex ---------- | Google Chrome ---------- | Comodo Dragon ---------- | Firefox Suppression : C:\Users\dingu\AppData\Roaming\Mozilla\Firefox\Profiles\gyltgcbK.default\extensions\osb@quicksaver.xpi (.-.)= osb@quicksaver.xpi C:\Users\dingu\AppData\Roaming\Mozilla\Firefox\Profiles\gyltgcbK.default\Extensions\safesearchplus2@avira.com = : Avira SafeSearch Plus - ---------- | SeaMonkey ---------- | Pale moon ---------- | Opera ---------- | Spark ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall ---------- | ADS Autre rapport Analyses : 332408 | Modifications : 9 | Suppressions : 12 ---------- |EOF| ---------- | 15:37:04 | [11 Ko]