---------- | AdsFix | g3n-h@ckm@n | V4_14.10.17.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 15:56:36 - 14/10/2017 Mis a jour le : 14/10/2017 | 10.30 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\brousseau isabelle\Desktop\AdsFix.exe Boot: Normal boot [brousseau isabelle (Administrator)] - [PC-PORTABLE] - (France [040C]) SID = S-1-5-21-955818268-471735480-1976523364-1001 || [62726f7573736561752069736162656c6c65205e5e] PC : Dell Inc. - 0NT0M2 - xxx123x#ABA Processor : X64 - 1397 - Intel(R) Core(TM) i3-2365M CPU @ 1.40GHz Bios : Dell Inc. - 09/26/2012 - V.A02 CoreTemp : ? C CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % Systeme : Windows 10 Home (64 bits) Core Memoire RAM = Total (MB) : 4058 | Libre (MB) : 2156 Pagefile = Total (MB) : 4779 | Libre (MB) : 2931 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3878 C:\ -> [Fixed] | [] | Total : 464.81 Go | Free : 384.91 Go -> NTFS [SATA] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [14.10.2017 @ 15_56_33]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Windows Is Activated ---------- | Navigateurs IE : 11.0.15063.608 (© Microsoft Corporation. Tous droits réservés.) GC : 61.0.3163.100 (Copyright 2016 Google Inc. All rights reserved.) MS-Edge : 11.0.15063.674 (© Microsoft Corporation. All rights reserved.) ---------- | Security (atcav : 3) AV : Malwarebytes Disabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 27.0.0.130 ---------- | Processes closed 2776 | [Owner : |Parent : 920(services.exe)] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 6504 | [Owner : brousseau isabelle |Parent : 920(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6528 | [Owner : brousseau isabelle |Parent : 920(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 7580 | [Owner : brousseau isabelle |Parent : 1836(explorer.exe)] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.9.4) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 7108 | [Owner : brousseau isabelle |Parent : 7928()] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 7024 | [Owner : brousseau isabelle |Parent : 7588()] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.9.4) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 6792 | [Owner : brousseau isabelle |Parent : 7928()] - (.Citrix Systems, Inc. - Citrix Connection Center.) - (14.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\concentr.exe 6280 | [Owner : brousseau isabelle |Parent : 7928()] - (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) - (14.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\redirector.exe 8124 | [Owner : brousseau isabelle |Parent : 6792()] - (.Citrix Systems, Inc. - Citrix Receiver Application.) - (4.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe 2512 | [Owner : brousseau isabelle |Parent : 920(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 8360 | [Owner : brousseau isabelle |Parent : 372(svchost.exe)] - (.Citrix Systems, Inc. - Citrix Connection Manager.) - (14.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe 8368 | [Owner : brousseau isabelle |Parent : 8124()] - (.Citrix Systems, Inc. - Citrix Receiver.) - (4.4.1000.13058) = C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe 8460 | [Owner : brousseau isabelle |Parent : 372(svchost.exe)] - (.Citrix Systems, Inc. - Citrix Authentication Manager.) - (8.0.1000.1123) = C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\ByteFence\Uninstall.exe] Suppression : HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Chromium Suppression : HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Clients\StartMenuInternet\Chromium.YQIPJZWQGRIIJJBEOZC6ELLGF4 Suppression : HKLM\SOFTWARE\Wow6432Node\CloudOPTInfo Suppression : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : HKLM\Software\Classes\Installer\Features\843B1BCDE49CD6D4C80ED7D95AFC66E3 : gm_o_Winexplorerext Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\UNPUXWorker.exe] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Users\BROUSS~1\AppData\Local\Temp\HPDiagnosticAlert\] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\WINDOWS\system32\UNP\] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Users\BROUSS~1\AppData\Local\Temp\HPDiagnosticAlert\strings.xml] [X] Suppression : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]~[Chromium] : 0x03000000EB192223FD68D101 ---------- | Dossiers | Fichiers Suppression : C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk (.-.) (Offsets) Suppression : C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk (.-.) (Offsets) Suppression : C:\Users\brousseau isabelle\Desktop\Chromium.lnk (.-.) (Offsets) Suppression : C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk (.-.) (Offsets) Suppression : C:\Users\brousseau isabelle\AppData\Local\Chromium Suppression : C:\Users\brousseau isabelle\AppData\Local\MiniService Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_abrasivessafety.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_abrasivessafety.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fr.aliexpress.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fr.aliexpress.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.onclickpulse.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.onclickpulse.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_beta.speedtest.net_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_beta.speedtest.net_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.telecharger.01net.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.telecharger.01net.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pwwysydh.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pwwysydh.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppinghoppenot.canalblog.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppinghoppenot.canalblog.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.01net.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.01net.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shouldiremoveit.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shouldiremoveit.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.updatestar.com_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.updatestar.com_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zapmeta.fr_0.localstorage (.-.) Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zapmeta.fr_0.localstorage-journal (.-.) Suppression : C:\Users\brousseau isabelle\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico (.-.) ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Reparation : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x4600000004000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000EB090000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x4600000014000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Remis a zero avec succes : SearchURL Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\jniohepimdbmiagmakfkogjhhdmcmhfl = js: [ data/js/jquery.min.js data/page-mods/utils/chrome-adapter.js data/page-mods/utils/ui.js data/page-mods/utils/cookies.js data/page-mods/nav/analyzer.js data/page-mods/boosters/more-products.js data/page-mods/boosters/more-offers.js data/page-mods/boosters/more-flights.js data/page-mods/boosters/more-coupons.js data/page-mods/boosters/promo-offers.js ] Suppression : C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ] C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\daanglpcpkjjlkhcbladppjphglbigam = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security (BETA) - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Comodo Dragon : X ---------- | Firefox : X ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark C:\Users\brousseau isabelle\AppData\Roaming\Baidu\Spark\profile\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm = :- __MSG_extension_name__ - permissions:[tabsactiveTabwebRequestwebRequestBlockingdownloadswebNavigationbiduhistorystorage\u003Call_urls>contextMenus] - http://th.browser.baidu.com/upgrade/extension.xml ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall Autre rapport C:\AdsFix_04_02_2017_00_42_13.txt[17 Ko] C:\AdsFix_26_11_2016_20_28_47.txt[17 Ko] Analyses : 383386 | Modifications : 8 | Suppressions : 59 ---------- |EOF| ---------- | 20:00:27 | [18 Ko]