---------- | AdsFix | g3n-h@ckm@n | V4_11.05.17.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 17:41:03 - 11/05/2017 Mis a jour le : 11/05/2017 | 09.00 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\pierr\Desktop\AdsFix.exe Boot: Normal boot [pierr (Administrator)] - [DESKTOP-HTBJIQF] - (France [040C]) SID = S-1-5-21-4262085876-1269374796-3965671065-1001 || [7069657272205e5e] PC : ASUSTeK COMPUTER INC. - G751JY - ASUS-NotebookSKU Processor : X64 - 1995 - Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz Bios : American Megatrends Inc. - 11/02/2015 - V.G751JY.211 CoreTemp : 50 C CPU #1 value:18 % CPU #2 value:6 % CPU #3 value:12 % CPU #4 value:6 % CPU #5 value:6 % CPU #6 value:0 % CPU #7 value:0 % CPU #8 value:12 % Total Overall CPU Usage value:7 % Systeme : Windows 10 Home (64 bits) Core Memoire RAM = Total (MB) : 33502 | Libre (MB) : 31172 Pagefile = Total (MB) : 38483 | Libre (MB) : 36158 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3902 C:\ -> [Fixed] | [] | Total : 106.77 Go | Free : 70.03 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [GAMING] | Total : 214.5 Go | Free : 171.55 Go -> NTFS (SSD) [SATA] G:\ -> [Removable] | [] | Total : 29.8 Go | Free : 1.82 Go -> FAT32 [USB] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [11.05.2017 @ 17_41_02]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Windows Is Activated ---------- | Navigateurs MS-Edge : 11.0.14393.1198 (© Microsoft Corporation. All rights reserved.) ---------- | Security (atcav : 0) AV : Windows Defender Disabled FW : Avast Antivirus Disabled WMI : OK WU: Windows Update Service [Manual(3)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 25.0.0.171 Plugin : 25.0.0.171 ---------- | Processus tues 1416 | [Owner : SERVICE LOCAL |Parent : 1140(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 2700 | [Owner : Système |Parent : 864(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe 2968 | [Owner : Système |Parent : 864(services.exe)] - (.AVAST Software - Avast firewall service.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\afwServ.exe 3108 | [Owner : SERVICE RÉSEAU |Parent : 864(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2202.5912) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe 3144 | [Owner : Système |Parent : 864(services.exe)] - (.Razer Inc. - Razer Chroma SDK REST Server.) - (1.0.4.7) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe 3300 | [Owner : Système |Parent : 864(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 3312 | [Owner : Système |Parent : 864(services.exe)] - (.- GameScannerService.) - (1.0.6.2835) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 3328 | [Owner : Système |Parent : 864(services.exe)] - (.Razer Inc. - Razer Chroma SDK Service.) - (2.0.2.0) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe 5456 | [Owner : pierr |Parent : 864(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 5548 | [Owner : pierr |Parent : 92(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 2136 | [Owner : Système |Parent : 948(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1066) = C:\Windows\System32\fontdrvhost.exe 9008 | [Owner : pierr |Parent : 92(svchost.exe)] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.222) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 9016 | [Owner : pierr |Parent : 92(svchost.exe)] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.222) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 9064 | [Owner : pierr |Parent : 92(svchost.exe)] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.493.1) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 9580 | [Owner : SERVICE LOCAL |Parent : 1140(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 9520 | [Owner : Système |Parent : 864(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 2292 | [Owner : Système |Parent : 9520(NVDisplay.Container.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 11256 | [Owner : pierr |Parent : 2292(NVDisplay.Container.exe)] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8205) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 10112 | [Owner : pierr |Parent : 352(svchost.exe)] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 1692 | [Owner : pierr |Parent : 352(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 7484 | [Owner : pierr |Parent : 352(svchost.exe)] - (.Microsoft Corporation - InstallAgent.) - (10.0.14393.1198) = C:\Windows\System32\InstallAgent.exe 5784 | [Owner : pierr |Parent : 10112()] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.14393.953) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 10712 | [Owner : LogonSessionId_0_4405063 |Parent : 864(services.exe)] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.14393.0) = C:\Windows\System32\msiexec.exe 6140 | [Owner : Système |Parent : 10424()] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.14393.0) = C:\Windows\syswow64\rundll32.exe 4080 | [Owner : pierr |Parent : 6140()] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.14393.0) = C:\Windows\syswow64\rundll32.exe 7708 | [Owner : pierr |Parent : 4080()] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.14393.0) = C:\Windows\syswow64\rundll32.exe 7712 | [Owner : pierr |Parent : 7708()] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.14393.0) = C:\Windows\System32\rundll32.exe 860 | [Owner : |Parent : 864(services.exe)] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (10.0.14393.351) = C:\Windows\System32\sppsvc.exe ---------- | Tasks Suppression : Pherlersh ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Reparation : [HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\http\Shell\Open\Command]~[] : "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1" -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\irc : "C:\Program Files (x86)\Firefox\Firefox.exe" "%1" Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\news : "C:\Program Files (x86)\Firefox\Firefox.exe" "%1" Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\sms : URL:sms "C:\Program Files (x86)\Firefox\Firefox.exe" "%1" Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\urn : "C:\Program Files (x86)\Firefox\Firefox.exe" "%1" Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\avast.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\doubleclick.net Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\fr.yahoo.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\googleads.g.doubleclick.net Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\login.yahoo.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.avast.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yahoo.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\avast.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\doubleclick.net Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\fr.yahoo.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\googleads.g.doubleclick.net Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\login.yahoo.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.avast.com Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yahoo.com Suppression : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]~[SNARE] : SNARE Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Windows\Temp\_ir_sf_temp_0\irsetup.exe] Suppression : [HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\Zoohair\Application\chrome.exe] Suppression : [HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe] Suppression : HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Chromium Suppression : [HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\GoogleUpdaterService.exe : 8736459873644.exe ---------- | Dossiers | Fichiers Suppression : C:\Users\pierr\AppData\Roaming\Profiles ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-21-4262085876-1269374796-3965671065-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex : X ---------- | Google Chrome : X ---------- | SrWare Iron : X ---------- | Comodo Dragon : X ---------- | Firefox : X ---------- | CLIQZ : X ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark (Baidu) : X ---------- | StartMenuInternet Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\shell\open\command]~[] : firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command]~[] : "D:\Firefox\firefox.exe" -safe-mode -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" -safe-mode Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command]~[] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" http://www.ourluckysites.com/?type=sc&ts=1494512980&z=e17223335d188730524c8a2gfz1t1z0w5geo0t7bfe&from=che0812&uid=SamsungXSSDX850XPROX128GB_S24ZNXAH314129T -> "C:\Program Files (x86)\AVAST Software\SZBrowser\Launcher.exe" Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\InstallInfo]~[] : "D:\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal Reparation : [HKLM\SOFTWARE\WOW6432Node\Clients\StartMenuInternet\Firefox.exe\InstallInfo]~[] : "D:\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal ---------- | Javascript ---------- | Firewall ---------- | ADS Autre rapport Analyses : 284986 | Modifications : 10 | Suppressions : 32 ---------- |EOF| ---------- | 18:48:00 | [16 Ko]