---------- | AdsFix | g3n-h@ckm@n | V4_27.06.17.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 13:54:44 - 27/06/2017 Mis a jour le : 27/06/2017 | 11.30 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Jerome\Desktop\AdsFix.exe Boot: Normal boot [Jerome (Administrator)] - [ZAYMAN-ACER] - (france [040C]) SID = S-1-5-21-2321962515-1346927539-524343790-1001 || [4a65726f6d65205e5e] PC : Acer - EA70_HB - Aspire E5-771G_0880_1_07 Processor : X64 - 2600 - Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Bios : Insyde Corp. - 06/04/2014 - V.V1.07 CoreTemp : 72 C CPU #1 value:18 % CPU #2 value:31 % CPU #3 value:50 % CPU #4 value:25 % Total Overall CPU Usage value:31 % Systeme : Windows 8.1 (64 bits) Core Memoire RAM = Total (MB) : 8310 | Libre (MB) : 1501 Pagefile = Total (MB) : 8310 | Libre (MB) : 965 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3912 C:\ -> [Fixed] | [Acer] | Total : 913.47 Go | Free : 151.27 Go -> NTFS [SATA] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [27.06.2017 @ 13_54_40]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Derniere(s) detection(s) : 2017-06-27 04:27:13 Dernieres Telechargees : 2017-06-27 10:26:44 Dernieres installees : 2017-06-16 05:40:48 Prochaine recherche : 2017-06-28 01:06:32 Possible Fixed Windows Windows Is Activated ---------- | Navigateurs IE : 11.0.9600.18124 (© Microsoft Corporation. Tous droits réservés.) GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.) ---------- | Security (atcav : 0) AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 26.0.0.120 Plugin : 26.0.0.131 ---------- | Processes closed 1504 | [Owner : Système |Parent : 836(services.exe)] - (.AVAST Software - Avast Service.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1868 | [Owner : Système |Parent : 836(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.4663) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1948 | [Owner : Système |Parent : 836(services.exe)] - (.Acer Incorporated - CCD Monitor Service.) - (2.1.3007.0) = C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe 2032 | [Owner : Système |Parent : 836(services.exe)] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe 1224 | [Owner : Système |Parent : 1948()] - (.Acer Cloud Technology - AcerCloud Client.) - (0.0.0.0) = C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe 1228 | [Owner : Système |Parent : 836(services.exe)] - (.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben für die Medienbibliothek.) - (2.1.27.0) = C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe 1836 | [Owner : Système |Parent : 836(services.exe)] - (.Acer Incorporate - LMSvc.) - (8.0.8105.0) = C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe 2104 | [Owner : Système |Parent : 836(services.exe)] - (.pdfforge GmbH - PDF Architect 2.) - (2.1.6.19758) = C:\Program Files (x86)\PDF Architect 2\creator-ws.exe 2212 | [Owner : Système |Parent : 836(services.exe)] - (.- RichVideo Module.) - (2.0.0.7413) = C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2392 | [Owner : Système |Parent : 836(services.exe)] - (.Yahoo Inc. - YSearchUtilSvc.) - (1.0.0.108) = C:\Program Files (x86)\Yahoo!\yset\{CD08BA13-BB9F-7143-B6F6-5CE3394CA79A}\YSearchUtilSVC.exe 6956 | [Owner : Système |Parent : 836(services.exe)] - (.TODO: - TODO: .) - (1.0.0.1) = C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe 1016 | [Owner : Système |Parent : 836(services.exe)] - (.Nero AG - NeroUpdate.) - (11.0.31.0) = C:\Program Files (x86)\Nero\Update\NASvc.exe 4084 | [Owner : Système |Parent : 1836()] - (.Acer Incorporate - LMEvent.) - (8.0.8105.0) = C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe 6360 | [Owner : Jerome |Parent : 6560(explorer.exe)] - (.IvoSoft - Classic Start Menu.) - (4.1.0.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe 1768 | [Owner : Jerome |Parent : 1032(svchost.exe)] - (.- ChangeIcon MFC Application.) - (13.0.0.9) = C:\Windows\SysWOW64\UMonit64.exe 3540 | [Owner : Système |Parent : 836(services.exe)] - (.Acer Incorporate - QASvc.) - (1.1.3012.0) = C:\Program Files\Acer\Acer Quick Access\QASvc.exe 2280 | [Owner : Jerome |Parent : 6080()] - (.Acer Incorporate - LMTray.) - (8.0.8105.0) = C:\Program Files\Acer\Acer Launch Manager\LMTray.exe 6672 | [Owner : Système |Parent : 3540()] - (.Acer Incorporate - QAEvent.) - (1.1.3012.0) = C:\Program Files\Acer\Acer Quick Access\QAEvent.exe 1040 | [Owner : Jerome |Parent : 6560(explorer.exe)] - (.Microsoft Corporation - Microsoft Outlook.) - (15.0.4937.1000) = C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE 7000 | [Owner : Jerome |Parent : 6592()] - (.SEIKO EPSON CORPORATION - EEventManager Application.) - (3.2.0.0) = C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe 4524 | [Owner : Jerome |Parent : 6592()] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.131.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 5940 | [Owner : Système |Parent : 836(services.exe)] - (.Acer Incorporated - ePowerSvc.) - (7.0.8104.0) = C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe 8172 | [Owner : SERVICE LOCAL |Parent : 836(services.exe)] - (.Acer Incorporate - RMSvc.) - (1.1.3012.0) = C:\Program Files\Acer\Acer Quick Access\RMSvc.exe 7376 | [Owner : Jerome |Parent : 8060()] - (.Acer Incorporate - QAMsg.) - (1.1.3012.0) = C:\Program Files\Acer\Acer Quick Access\QAMsg.exe 8080 | [Owner : Jerome |Parent : 8060()] - (.Acer Incorporate - Quick Access.) - (1.1.3012.0) = C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe 7796 | [Owner : Système |Parent : 836(services.exe)] - (.acer - UEIPSvc.) - (1.1.3003.0) = C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe 8432 | [Owner : Jerome |Parent : 6560(explorer.exe)] - (.BPMconcept - PackBarre.) - (5.2.3.0) = C:\Program Files (x86)\PackBarre\PackBarre.exe 1156 | [Owner : Jerome |Parent : 1032(svchost.exe)] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.824.21.4663) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---------- | Tasks Suppression : ALU Suppression : ALU_SelfUpgrade Suppression : Launch Manager Suppression : UMonitor Task Suppression : START SKYDRIVE ---------- | Services Service : SLSVC : Restaure ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot Reparation : [HKLM | Minimal\vga.sys] : -> Driver Reparation : [HKLM | Minimal\vgasave.sys] : -> Driver � Reparation : [HKLM | Network\vga.sys] : -> Driver Reparation : [HKLM | Network\vgasave.sys] : -> Driver Suppression : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc Suppression : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001_Classes\MIME\Database\Content Type\application/x-bubbledock Suppression : HKLM\SOFTWARE\Classes\Avq.Sync.Data.DataItem : Avanquest SyncDataItem Class Suppression : HKLM\SOFTWARE\Classes\Avq.Sync.Data.DataItem.1 : Avanquest SyncDataItem Class Suppression : HKLM\SOFTWARE\Classes\Avq.Sync.Data.DataItemCollection.1 : Avanquest SyncDataItemCollection Class Suppression : HKLM\SOFTWARE\Classes\Avq.Sync.SyncSession : Avanquest SyncSession Class Suppression : HKLM\SOFTWARE\Classes\Avq.Sync.SyncSession.1 : Avanquest SyncSession Class Suppression : HKLM\SOFTWARE\Classes\AppID\ColorMedia.EXE : # Suppression : HKLM\SOFTWARE\Classes\AppID\{3CD1E579-DD09-436F-A0BD-C99203A2B8CC} : ColorMedia # Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\Avq.Sync.Data.DataItemCollection : Avanquest SyncDataItemCollection Class Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliexpress.com Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\news24sevenbd.com Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.news24sevenbd.com Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\alibaba.com Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\offer.alibaba.com Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{062BB31C-B386-4A28-A540-46E21CA022C7} : C:\Program Files (x86)\Sony\Sony PC Companion\SyncData.dll Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B078A2D-B481-40E0-AB0D-89756132F43A} : C:\Program Files (x86)\Sony\Sony PC Companion\Synchronization.dll Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8EC50EC4-3B40-41FF-8492-5EE415D7482E} : C:\Program Files (x86)\Sony\Sony PC Companion\SyncData.dll Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\KMSpico\KMSELDI.exe] Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\KMSpico\Service_KMS.exe] Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\PackBarre\PackBarre.exe] Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Chromium Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Visicom Media Suppression : HKLM\SOFTWARE\Wow6432Node\Visicom Media Suppression : HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\BPMconcept Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfcm110.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110cht.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110enu.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110esn.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110ita.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110kor.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\vcamp110.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20FRA.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\enppmon.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\ensppmon.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\PxHlpa64.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\cdralw2k.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\cdr4_xp.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\VEN2232.OLB] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files (x86)\PackBarre\] Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet : (Yahoo Search Set) C:\Program Files (x86)\Yahoo!\yset\{CD08BA13-BB9F-7143-B6F6-5CE3394CA79A}\unset.exe -> C:\Program Files (x86)\Yahoo!\yset\{CD08BA13-BB9F-7143-B6F6-5CE3394CA79A} ---------- | Dossiers | Fichiers Reboot : C:\Program Files (x86)\PackBarre Suppression : C:\Program Files (x86)\Spicci\Geckofx-Core.dll (.-.GeckoFx) Geckofx-Core.dll Suppression : C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\PackBarre (2).lnk (.-.) Suppression : C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre\PackBarre.lnk (.-.) Suppression : C:\Users\Public\Pokki Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb Suppression : C:\Users\Jerome\AppData\Local\BPMconcept\PackBarre.exe_Url_gcy2jafvs4wdqqryzwqhbie3mypw0o33 Suppression : C:\Users\Jerome\AppData\Local\Geckofx Suppression : C:\Users\Jerome\AppData\Local\YSearchUtil Suppression : C:\Users\Jerome\AppData\Roaming\Iobit Suppression : C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fr.aliexpress.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fr.aliexpress.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_is.alibaba.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_is.alibaba.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_login.aliexpress.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_login.aliexpress.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_passport.aliexpress.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_passport.aliexpress.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.booking.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.booking.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_soundcloud.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_soundcloud.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_w.soundcloud.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_w.soundcloud.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.booking.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.booking.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.packbarre.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.packbarre.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_casualshopping.onlc.fr_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_casualshopping.onlc.fr_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_embedftv-a.akamaihd.net_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_embedftv-a.akamaihd.net_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.telecharger.01net.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.telecharger.01net.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fr.igraal.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fr.igraal.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funtabsafesearch.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funtabsafesearch.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.01net.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.01net.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.booking.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.booking.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coupons-promotion.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coupons-promotion.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.effetshopping.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.effetshopping.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.news24sevenbd.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.news24sevenbd.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ruecoupon.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ruecoupon.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico (.-.) Suppression : C:\Windows\System32\AI_RecycleBin Suppression : C:\Users\Jerome\AppData\Local\BTServer.log (.-.) Suppression : C:\Windows\Installer\a31d1ab.msi (.-.)-> (PackBarre - BPMconcept) ---------- | AdsFix | g3n-h@ckm@n | V4_27.06.17.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 17:56:10 - 27/06/2017 Mis a jour le : 27/06/2017 | 11.30 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Jerome\Desktop\AdsFix.exe Boot: Normal boot [Jerome (Administrator)] - [ZAYMAN-ACER] - (france [040C]) SID = S-1-5-21-2321962515-1346927539-524343790-1001 || [4a65726f6d65205e5e] PC : Acer - EA70_HB - Aspire E5-771G_0880_1_07 Processor : X64 - 2600 - Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Bios : Insyde Corp. - 06/04/2014 - V.V1.07 CoreTemp : 72 C CPU #1 value:12 % CPU #2 value:18 % CPU #3 value:6 % CPU #4 value:0 % Total Overall CPU Usage value:9 % Systeme : Windows 8.1 (64 bits) Core Memoire RAM = Total (MB) : 8310 | Libre (MB) : 5986 Pagefile = Total (MB) : 8310 | Libre (MB) : 5805 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3912 C:\ -> [Fixed] | [Acer] | Total : 913.47 Go | Free : 175.81 Go -> NTFS [SATA] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [27.06.2017 @ 17_56_04]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Derniere(s) detection(s) : 2017-06-27 04:27:13 Dernieres Telechargees : 2017-06-27 10:26:44 Dernieres installees : 2017-06-16 05:40:48 Prochaine recherche : 2017-06-28 01:06:32 Possible Fixed Windows Windows Is Activated ---------- | Navigateurs IE : 11.0.9600.18124 (© Microsoft Corporation. Tous droits réservés.) GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.) ---------- | Security (atcav : 0) AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = non en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 26.0.0.120 Plugin : 26.0.0.131 ---------- | Processes closed 1504 | [Owner : Système |Parent : 836(services.exe)] - (.AVAST Software - Avast Service.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 7900 | [Owner : Jerome |Parent : 1032(svchost.exe)] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.824.21.4663) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---------- | Tasks Suppression : ALUAgent ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot � ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110u.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110chs.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110fra.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110rus.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20ENU.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\StartMenuHelper64.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\ensppui.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre\] [X] ---------- | Dossiers | Fichiers ---------- | AdsFix | g3n-h@ckm@n | V4_27.06.17.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 09:37:14 - 28/06/2017 Mis a jour le : 27/06/2017 | 11.30 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Jerome\Desktop\AdsFix.exe Boot: Normal boot [Jerome (Administrator)] - [ZAYMAN-ACER] - (france [040C]) SID = S-1-5-21-2321962515-1346927539-524343790-1001 || [4a65726f6d65205e5e] PC : Acer - EA70_HB - Aspire E5-771G_0880_1_07 Processor : X64 - 2600 - Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Bios : Insyde Corp. - 06/04/2014 - V.V1.07 CoreTemp : 72 C CPU #1 value:0 % CPU #2 value:6 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:1 % Systeme : Windows 8.1 (64 bits) Core Memoire RAM = Total (MB) : 8310 | Libre (MB) : 5886 Pagefile = Total (MB) : 8310 | Libre (MB) : 5688 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3920 C:\ -> [Fixed] | [Acer] | Total : 913.47 Go | Free : 177.3 Go -> NTFS [SATA] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [28.06.2017 @ 09_37_10]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Derniere(s) detection(s) : 2017-06-28 01:08:26 Dernieres Telechargees : 2017-06-27 10:26:44 Dernieres installees : 2017-06-16 05:40:48 Prochaine recherche : 2017-06-28 22:22:36 Possible Fixed Windows Windows Is Activated ---------- | Navigateurs IE : 11.0.9600.18124 (© Microsoft Corporation. Tous droits réservés.) GC : 59.0.3071.115 (Copyright 2016 Google Inc. All rights reserved.) ---------- | Security (atcav : 0) AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = non en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 26.0.0.120 Plugin : 26.0.0.131 ---------- | Processes closed 1504 | [Owner : Système |Parent : 836(services.exe)] - (.AVAST Software - Avast Service.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 9832 | [Owner : Jerome |Parent : 1032(svchost.exe)] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.824.21.4663) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot � ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\PackBarre\PackBarre.exe] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfcm110u.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc110jpn.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\enppui.dll] [X] ---------- | Dossiers | Fichiers Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb Suppression : C:\Users\Jerome\AppData\Local\BPMconcept\PackBarre.exe_Url_gcy2jafvs4wdqqryzwqhbie3mypw0o33 Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.packbarre.com_0.localstorage (.-.) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.packbarre.com_0.localstorage-journal (.-.) Suppression : C:\Users\Jerome\AppData\Roaming\appdataFr25.bin (.-.) Suppression : C:\Users\Jerome\AppData\Roaming\Yahoo. Suppression : C:\Program Files (x86)\Yahoo! Suppression : C:\Windows\System32\Config\Systemprofile\AppData\Local\YSearchUtil Suppression : C:\Users\Jerome\AppData\Local\LAIZV5feOge Suppression : C:\Users\Jerome\AppData\Local\PAn4jQhj1jqU ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : https://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset -> https://www.google.com/ Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000A40E0000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000009F2B0300090000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-2321962515-1346927539-524343790-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000001A000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000 ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome Suppression : HKLM\SOFTWARE\Policies\Google Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Remis a zero avec succes : SearchURL Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\bhmmomiinigofkjcapegjjndpbikblnp = default_title: WOT Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = (Changelog) Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\gpmlkknmhomikheehibdnedjampadffh = image_url: http://zooms.searchalgo.com/search/?category=images&q={searchTerms} Suppression : C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ] C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\boadgeojelhgndaghljhdicfkmllpafd = : __MSG_6392731103614271560__ - Google Cast - 919648714761-b2gcrl9iu82luhiq2dpo7jnecikdnrlf.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\cmedhionkhpnakcndndgjdbohmhepckk = : __MSG_extension_description__ - __MSG_extension_name__ - permissions:[tabsstorageunlimitedStoragewebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx ---------- | Comodo Dragon : X ---------- | Firefox Suppression : C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\5cq85fav.default\extensions\bYtS@O3.net = Suppression : C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\5cq85fav.default\extensions\ekv@jbP1.com = Suppression : C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\5cq85fav.default\extensions\mUs@m.net = ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera ---------- | Spark : X ---------- | StartMenuInternet Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\IExplore.exe\shell\open\command]~[] : iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ---------- | Javascript ---------- | Firewall ---------- | ADS Autre rapport Analyses : 384617 | Modifications : 7 | Suppressions : 32 ---------- |EOF| ---------- | 14:46:33 | [36 Ko]