---------- | AdsFix | g3n-h@ckm@n | 3_02.08.2016.4 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 06:25:47 - 03/08/2016 Mis a jour le : 02/08/2016 | 18.55 par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Jean-Marie\Desktop\adsfix_3_02.08.2016.4.exe Boot: Normal boot [Jean-Marie (Administrator)] - [100P100_S_FIN] - (France [040C]) SID = S-1-5-21-333624727-3628993747-300940260-1001 || [4a65616e2d4d61726965205e5e] PC : Hewlett-Packard - 2AE3 - D2J52EA#ABF Processor : X64 - 1397 - AMD E1-1200 APU with Radeon(tm) HD Graphics Bios : AMI - 01/25/2013 - V.8.17 CoreTemp : ? C CPU #1 value:0 % CPU #2 value:0 % Total Overall CPU Usage value:0 % Système : Windows 10 Home (64 bits) Core Memoire RAM = Total (MB) : 3748 | Libre (MB) : 2526 Pagefile = Total (MB) : 4157 | Libre (MB) : 2903 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3899 C:\ -> [Fixed] | [OS] | Total : 916.54 Go | Free : 842.21 Go -> NTFS [SATA] D:\ -> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] E:\ -> [Removable] | [] | Total : 3.67 Go | Free : 0.46 Go -> FAT32 [USB] H:\ -> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 51.43 Go -> FAT32 [USB] J:\ -> [Removable] | [HITMANPRO] | Total : 1.86 Go | Free : 1.71 Go -> FAT32 [USB] K:\ -> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 8.51 Go -> FAT32 [USB] L:\ -> [Removable] | [FRAMAKEY SA] | Total : 28.78 Go | Free : 26.11 Go -> FAT32 [USB] M:\ -> [Removable] | [] | Total : 30.02 Go | Free : 2.03 Go -> FAT32 [USB] N:\ -> [CDROM] | [Verbatim] | Total : 0.01 Go | Free : 0 Go -> UDF [USB] R:\ -> [Removable] | [NO NAME] | Total : 59.48 Go | Free : 17.61 Go -> FAT32 [USB] S:\ -> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 867.51 Go -> NTFS [USB] Registre sauvegardé , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [03.08.2016 @ 06_25_46]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows ---------- | Navigateurs IE : 11.0.10586.494 (© Microsoft Corporation. Tous droits réservés.) FF : 47.0.1.6018 (©Firefox and Mozilla Developers; available under the MPL 2 license.) MS-Edge : 11.0.10586.494 (© Microsoft Corporation. All rights reserved.) ---------- | Security (atcav : 0) AV : Ad-Aware Antivirus Disabled AS : Windows Defender Disabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 22.0.0.209 ---------- | Processes closed 7276 | [Owner : Jean-Marie |Parent : 4832()] - (.SosVirus - Process Killer.) - (1.0.0.3) = C:\Users\Jean-Marie\Downloads\processclose_1.0.0.3.exe 5564 | [Owner : SERVICE LOCAL |Parent : 1060(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10586.0) = C:\Windows\System32\WUDFHost.exe 8088 | [Owner : SERVICE LOCAL |Parent : 1060(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 6156 | [Owner : SERVICE LOCAL |Parent : 1060(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 5712 | [Owner : Jean-Marie |Parent : 836(svchost.exe)] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 1352 | [Owner : Système |Parent : 720(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe 5348 | [Owner : Jean-Marie |Parent : 720(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe 3068 | [Owner : Jean-Marie |Parent : 836(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10586.0) = C:\Windows\System32\rundll32.exe 6436 | [Owner : Jean-Marie |Parent : 836(svchost.exe)] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10586.0) = C:\Windows\System32\rundll32.exe 2952 | [Owner : SERVICE RÉSEAU |Parent : 720(services.exe)] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.10586.162) = C:\Program Files\Windows Media Player\wmpnetwk.exe ---------- | Tasks Suppression : Ashampoo Privacy Protector 2015 Weekly Security Scan Suppression : Ashampoo Privacy Protector Weekly Security Scan Suppression : CreateExplorerShellUnelevatedTask ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot Suppression : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 Suppression : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKLM\SOFTWARE\Classes\InProcServer32 : C:\PROGRA~1\Lavasoft\AD-AWA~1\AD-AWA~1\111294~1.920\ADAWAR~1.DLL Suppression : HKLM\SOFTWARE\Classes\WSBrowserAppMgr.ISVCUchrome : Suppression : HKLM\SOFTWARE\Classes\CLSID\{F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} : C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll # Suppression : HKLM\Software\Classes\WOW6432Node\CLSID\{F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} : C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll # Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78A543EB-3A61-4ED3-9F4E-457DD8364A5F} : C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL Suppression : HKLM\SOFTWARE\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6} : # C:\PROGRA~1\Lavasoft\AD-AWA~1\AD-AWA~1\111294~1.920\ADAWAR~1.DLL Suppression : HKLM\SOFTWARE\Classes\Interface\{132436F2-0B58-4D65-8A1F-B84E4075C5F2} : {CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6} Suppression : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[pc-decrapifier.exe] Suppression : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[S:\Ad-Aware Personal Security\Adaware_Installer.exe] Suppression : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceHelper.exe] Suppression : HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\AppDataLow\Software\adawarebp Suppression : HKLM\SOFTWARE\Wow6432Node\Avanquest Suppression : HKLM\SOFTWARE\WOW6432Node\Lavasoft Suppression : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]~[ITBar7Height] : 22 Suppression : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : 1 Suppression : HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}0 Suppression : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4C3E4EDB116A65488CCBB7D74E26C69 : C:\Program Files (x86)\stashimi\stashimi 2016\boost_system-vc90-mt-1_39.dll Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2E4CA1D44D1CA04EB6362C3B86B8586 : C:\Program Files (x86)\stashimi\stashimi 2016\boost_date_time-vc90-mt-1_39.dll Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3B67A90C5A21EA46A6E672E7A8EBEF8 : C:\Program Files (x86)\stashimi\stashimi 2016\lang\crashrpt_lang_de.ini Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF36A926800EDC74986B278CC96B9D28 : C:\Program Files (x86)\stashimi\stashimi 2016\boost_regex-vc90-mt-1_39.dll Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7286306383AF47A4383362CBE4CE3980 : [C:\WINDOWS\Installer\29c4fe8.msi] Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4FC0B50C465945419E3EAE3AD6179A1 : [C:\WINDOWS\Installer\29c5006.msi] Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Memory Optimizer_is1 : (Wise Memory Optimizer 3.32) "C:\Program Files (x86)\Wise\Wise Memory Optimizer\unins000.exe" -> C:\Program Files (x86)\Wise\Wise Memory Optimizer\ ---------- | Dossiers | Fichiers Suppression : C:\Program Files (x86)\Avanquest Suppression : C:\Program Files (x86)\Wise\Wise Memory Optimizer Suppression : C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk (.-.) Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix-It Utilities Professional.lnk (.-.) C:\Program Files (x86)\Avanquest\Fix-It\Fix-It.exe Suppression : C:\Users\Jean-Marie\Desktop\lfs ultra suite\Wise Memory Optimizer.lnk (.-.) Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer\Wise Memory Optimizer.lnk (.-.) Suppression : C:\Users\Public\Desktop\My Software Deals.url (.-.) Suppression : C:\Users\Public\Documents\Avanquest Software Suppression : C:\Users\Jean-Marie\AppData\Local\CrashRpt Suppression : C:\Users\Jean-Marie\AppData\Roaming\Avanquest Suppression : C:\ProgramData\Avanquest Suppression : C:\ProgramData\IObit Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Wise Memory Optimizer Suppression : C:\WINDOWS\Installer\29c5006.msi (.-.) [Package Install] Suppression : C:\WINDOWS\Installer\29c4fe8.msi (.-.) [Package Install] Suppression : C:\ProgramData\install_clap Suppression : C:\WINDOWS\Installer\29c4fed.msi (.-.)-> (AntimalwareEngine - Lavasoft) Suppression : C:\WINDOWS\Installer\29c4ff2.msi (.-.)-> (FirewallEngine - Lavasoft) Suppression : C:\WINDOWS\Installer\29c4ff7.msi (.-.)-> (OnlineThreatsEngine - Lavasoft) Suppression : C:\WINDOWS\Installer\29c4ffc.msi (.-.)-> (AntispamEngine - Lavasoft) Suppression : C:\WINDOWS\Installer\29c5001.msi (.-.)-> (AvcEngine - Lavasoft) Suppression : C:\Users\Jean-Marie\AppData\Roaming\Lavasoft Suppression : C:\Program Files\Common Files\Lavasoft Suppression : C:\ProgramData\Lavasoft Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/ Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/ Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Reparation : [HKU\S-1-5-21-333624727-3628993747-300940260-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex ---------- | Google Chrome ---------- | Chromium ---------- | Comodo Dragon ---------- | Firefox C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\8juc6cio.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} = : WOT - : http://www.mywot.com/ ---------- | SeaMonkey ---------- | Pale moon ---------- | Opera ---------- | Spark ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall ---------- | ADS Autre rapport Analyses : 380650 | Modifications : 10 | Suppressions : 60 ---------- |EOF| ---------- | 11:42:17 | [14 Ko]