---------- | AdsFix | g3n-h@ckm@n | 3_22.10.2016.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 02:59:53 - 23/10/2016 Mis a jour le : 22/10/2016 | 11.30 par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\David\Desktop\AdsFix.exe Boot: Normal boot [David (Administrator)] - [HERBA] - (france [040C]) SID = S-1-5-21-2437546807-2770811265-860403906-1001 || [4461766964205e5e] PC : ASUSTeK COMPUTER INC. - MAXIMUS VII RANGER - All Processor : X64 - 3707 - Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Bios : American Megatrends Inc. - 04/23/2014 - V.0601 CoreTemp : 29.8 C CPU #1 value:7 % CPU #2 value:0 % CPU #3 value:7 % CPU #4 value:0 % CPU #5 value:0 % CPU #6 value:0 % CPU #7 value:0 % CPU #8 value:0 % Total Overall CPU Usage value:2 % Systeme : Windows 10 Home (64 bits) Core Memoire RAM = Total (MB) : 8330 | Libre (MB) : 5401 Pagefile = Total (MB) : 9641 | Libre (MB) : 6318 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3916 C:\ -> [Fixed] | [] | Total : 232.4 Go | Free : 168.01 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [Données] | Total : 1863.01 Go | Free : 1347.92 Go -> NTFS [SATA] F:\ -> [Fixed] | [Externe] | Total : 1863.01 Go | Free : 1027.85 Go -> NTFS [USB] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [23.10.2016 @ 02_59_53]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows ---------- | Navigateurs IE : 11.0.14393.0 (© Microsoft Corporation. Tous droits réservés.) FF : 49.0.2.6136 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 54.0.2840.71 (Copyright 2016 Google Inc. All rights reserved.) MS-Edge : 11.0.14393.321 (© Microsoft Corporation. All rights reserved.) ---------- | Security (atcav : 0) FW : WMI : OK WU: Windows Update Service [Manual(3)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 23.0.0.185 ---------- | Processes closed 1220 | [Owner : SERVICE LOCAL |Parent : 108(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 1484 | [Owner : SERVICE LOCAL |Parent : 108(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 1732 | [Owner : SERVICE LOCAL |Parent : 108(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 2400 | [Owner : Système |Parent : 844(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.206) = C:\Windows\System32\spoolsv.exe 2640 | [Owner : Système |Parent : 844(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.20.2044) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 2648 | [Owner : Système |Parent : 844(services.exe)] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2656 | [Owner : Système |Parent : 844(services.exe)] - (.NVIDIA Corporation - NVIDIA Wireless Controller Service.) - (3.0.7.34) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe 2760 | [Owner : Système |Parent : 844(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe 2768 | [Owner : Système |Parent : 844(services.exe)] - (.-.) - (8.0.0.8362) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 2776 | [Owner : Système |Parent : 844(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 2856 | [Owner : Système |Parent : 844(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.2118.2499) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 2916 | [Owner : Système |Parent : 844(services.exe)] - (.-.) - (3.0.0.4310) = C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 2936 | [Owner : SERVICE LOCAL |Parent : 844(services.exe)] - (.Electronic Arts - OriginWebHelperService.) - (10.1.1.35466) = C:\Program Files (x86)\Origin\OriginWebHelperService.exe 9656 | [Owner : Système |Parent : 844(services.exe)] - (.Acronis International GmbH - Acronis Mobile Backup Server.) - (1.0.0.1014) = C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe 11496 | [Owner : Système |Parent : 844(services.exe)] - (.-.) - (20.0.0.5554) = C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe 8204 | [Owner : Système |Parent : 844(services.exe)] - (.-.) - (20.0.0.3034) = C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe 11348 | [Owner : Système |Parent : 2776()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7557) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 11336 | [Owner : David |Parent : 844(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 7284 | [Owner : David |Parent : 1060(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 6616 | [Owner : David |Parent : 4588()] - (.Node.js - NVIDIA Web Helper Service.) - (4.4.3.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe 7936 | [Owner : David |Parent : 936(svchost.exe)] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 7024 | [Owner : David |Parent : 11348()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.7557) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 11748 | [Owner : Système |Parent : 6828(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.321) = C:\Windows\System32\fontdrvhost.exe 11248 | [Owner : David |Parent : 8892(explorer.exe)] - (.-.) - (8.0.0.8362) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 8496 | [Owner : David |Parent : 9328()] - (.CMedia - AsusAudioCenter.) - (0.3.0.69) = C:\Program Files\ASUS Xonar D2X Audio\Customapp\AsusAudioCenter.exe 8632 | [Owner : David |Parent : 8892(explorer.exe)] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.369) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 9604 | [Owner : David |Parent : 8892(explorer.exe)] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6517.809) = C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe 8096 | [Owner : David |Parent : 8892(explorer.exe)] - (.Valve Corporation - Steam Client Bootstrapper.) - (3.65.13.80) = D:\Mes jeux\PC\Steam\Steam.exe 7448 | [Owner : David |Parent : 8096(Steam.exe)] - (.Valve Corporation - Steam Client WebHelper.) - (3.65.13.80) = D:\Mes jeux\PC\Steam\bin\cef\cef.winxp\steamwebhelper.exe 7376 | [Owner : Système |Parent : 844(services.exe)] - (.Valve Corporation - Steam Client Service.) - (3.65.13.80) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe 7424 | [Owner : David |Parent : 936(svchost.exe)] - (.NVIDIA Corporation - NVIDIA Capture Server.) - (3.0.7.34) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe 5148 | [Owner : David |Parent : 8892(explorer.exe)] - (.SteelSeries ApS - SteelSeries Engine 3 Core.) - (3.9.1.0) = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe 5468 | [Owner : David |Parent : 3132()] - (.CyberLink - CyberLink MediaLibray Service.) - (10.0.0.1725) = C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe 5672 | [Owner : David |Parent : 7424()] - (.NVIDIA Corporation - NVIDIA Share.) - (51.2704.1434.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe 6380 | [Owner : David |Parent : 5672(NVIDIA Share.exe)] - (.NVIDIA Corporation - NVIDIA Share.) - (51.2704.1434.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe 10912 | [Owner : David |Parent : 3132()] - (.CyberLink Corp. - PowerDVD 15.) - (15.0.32853.5730) = C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe 7496 | [Owner : David |Parent : 3132()] - (.Acronis International GmbH - Acronis TIB Mounter Monitor.) - (5.0.0.2643) = C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe 2900 | [Owner : David |Parent : 3132()] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.111.14) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3476 | [Owner : David |Parent : 936(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MediaEspresso7 Suppression : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[D:\Telechargements\Setup Project64 v2.3-210-g4f0ca48.exe] Suppression : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[D:\Telechargements\ReimageRepair.exe] Suppression : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\Reimage\Reimage Repair\uninst.exe] Suppression : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] ---------- | Dossiers | Fichiers Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb Suppression : C:\ProgramData\DP45977C.lfl (.-.) Suppression : C:\ProgramData\install_clap ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Reparation : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Reparation : [HKU\S-1-5-21-2437546807-2770811265-860403906-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex ---------- | Google Chrome Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Remis a zero avec succes : SearchURL Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = (Changelog) Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\mlomiejdfkolichcflejclcbmpeaniij = matches: [ https://www.ghostery.com/*try-us/download-browser-extension* https://apps.ghostery.com/* https://gcache.ghostery.com/* ] Suppression : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = permissions: [ alarms cast cast.streaming declarativeWebRequest desktopCapture dial gcm http://*/* identity identity.email management mdns mediaRouterPrivate metricsPrivate networkingPrivate processes storage system.cpu settingsPrivate tabCapture tabs webview https://hangouts.google.com/* https://*.google.com/cast/chromecast/home/gsse ] C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp = : __MSG_extension_description__ - ColorZilla - permissions:[tabs\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx ---------- | Comodo Dragon ---------- | Firefox Suppression : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\w2vfkut9.default\sessionstore.js (.-.) ---------- | SeaMonkey ---------- | Pale moon ---------- | Opera ---------- | Spark ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall ---------- | ADS Autre rapport Analyses : 374471 | Modifications : 9 | Suppressions : 18 ---------- |EOF| ---------- | 04:06:15 | [17 Ko]