---------- | AdsFix | g3n-h@ckm@n | V4_31.01.17.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 12:07:57 - 01/02/2017 update on : 31/01/2017 | 17.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Germain\Desktop\AdsFix.exe Boot: Normal boot [Germain (Administrator)] - [GERMAIN-PC] - (France [0409]) SID = S-1-5-21-2196324403-2920740886-392819837-1000 || [4765726d61696e205e5e] PC : Gigabyte Technology Co., Ltd. - B150M-D3H-CF - To be filled by O.E.M. Processor : X64 - 3696 - Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz Bios : American Megatrends Inc. - 03/14/2016 - V.F6 CoreTemp : 29.8 C CPU #1 value:12 % CPU #2 value:18 % CPU #3 value:0 % CPU #4 value:24 % Total Overall CPU Usage value:14 % System : Windows 7 Professional (64 bits) Professional Service Pack 1 RAM memory = Total (MB) : 8320 | Free (MB) : 6608 Pagefile = Total (MB) : 16638 | Free (MB) : 14823 Virtual = Total (MB) : 4194 | Free (MB) : 3995 C:\ -> [Fixed] | [] | Total : 438.96 Go | Free : 240.53 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 492.06 Go | Free : 451.74 Go -> NTFS [SATA] G:\ -> [Removable] | [PHILIPS UFD] | Total : 7.21 Go | Free : 7.21 Go -> FAT32 [USB] Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [01.02.2017 @ 12_07_55]) or an element Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore" ---------- | Windows Updates Last detection : 2017-02-01 11:05:35 Last downloaded : 2017-01-31 14:29:47 Last installation : 2017-01-31 14:30:18 Next search : 2017-02-02 07:55:09 Windows Is Activated ---------- | Browsers IE : 11.0.9600.18538 (© Microsoft Corporation. All rights reserved.) FF : 51.0.1.6234 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 56.0.2924.76 (Copyright 2016 Google Inc. All rights reserved.) ---------- | Security (atcav : 0) AV : AS : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = Order AS: Windows Defender [Auto(2)] = Order FW: Windows FireWall Service [Auto(2)] = Started WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started ---------- | FlashPlayer Plugin : 24.0.0.194 ---------- | Killed processes 1496 | [Owner : Germain |Parent : 664(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 1588 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe 1720 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7571.1343) = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 1896 | [Owner : Germain |Parent : 1856()] - (.Node.js - NVIDIA Web Helper Service.) - (6.7.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe 1908 | [Owner : Germain |Parent : 632(csrss.exe)] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.23572) = C:\Windows\System32\conhost.exe 1124 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (20.7.57.0) = C:\Windows\System32\IPROSetMonitor.exe 1360 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Micro-Star INT'L CO., LTD. - MSI Register Service.) - (1.0.0.4) = C:\MSI\MSIRegister\MSIRegisterService.exe 1552 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Micro-Star INT'L CO., LTD. - MSI Live Update Service.) - (1.0.0.37) = C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe 1832 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2145.2398) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 1280 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 2108 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.NVIDIA Corporation - NVIDIA Wireless Controller Service.) - (3.1.2.31) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe 2156 | [Owner : NETWORK SERVICE |Parent : 664(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2136.3073) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe 2468 | [Owner : SYSTEM |Parent : 1280()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7570) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 3068 | [Owner : Germain |Parent : 1832()] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2145.2398) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe 3360 | [Owner : LOCAL SERVICE |Parent : 992(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 3648 | [Owner : Germain |Parent : 1432(explorer.exe)] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.519.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 3780 | [Owner : Germain |Parent : 3716()] - (.Micro-Star INT'L CO., LTD. - MSI Register.) - (2.0.0.5) = C:\MSI\MSIRegister\MSIRegister.exe 4068 | [Owner : Germain |Parent : 4012()] - (.Piriform Ltd - CCleaner.) - (5.25.0.5902) = C:\Program Files\CCleaner\CCleaner64.exe 3200 | [Owner : Germain |Parent : 796(svchost.exe)] - (.NVIDIA Corporation - NVIDIA Capture Server.) - (3.1.2.31) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe 3660 | [Owner : Germain |Parent : 3200()] - (.NVIDIA Corporation - NVIDIA Share.) - (51.2704.1434.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe 3888 | [Owner : Germain |Parent : 2468()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.7570) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3584 | [Owner : NETWORK SERVICE |Parent : 664(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 3640 | [Owner : Germain |Parent : 3660()] - (.NVIDIA Corporation - NVIDIA Share.) - (51.2704.1434.1) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe 4852 | [Owner : Germain |Parent : 3668()] - (.Intel Corporation - IAStorIcon.) - (14.8.0.1042) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 5528 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Intel Corporation - IAStorDataSvc.) - (14.8.0.1042) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 5612 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1162) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 5676 | [Owner : SYSTEM |Parent : 664(services.exe)] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1162) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 4628 | [Owner : Germain |Parent : 3744()] - (.Intel Corporation - Intel(R) Management and Security Status.) - (11.0.0.1162) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe 3968 | [Owner : NETWORK SERVICE |Parent : 664(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe ---------- | Tasks ---------- | Services Deleted service : ucdrv : \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\ucdrv : \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ucdrv : \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Register Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Classes\.webp : UCHTML Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Classes\UCHTML : UC HTML Document Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Classes\UCHTML.AssocFile.HTM : Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Classes\UCHTML.AssocFile.SHTM : Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Classes\UCHTML.AssocFile.WEBP : Deleted successfully : HKLM\SOFTWARE\Classes\.sds : Spybot2.SDSFile Deleted successfully : HKLM\SOFTWARE\Classes\Spybot2.SDSFile : Spybot script Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\.sdsb : Spybot2.SDSBFile Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2 Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\caster_RASMANCS Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Chromium Deleted successfully : HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\UCBrowser Deleted successfully : HKU\S-1-5-18\SOFTWARE\dbmkdb : 20170105 Deleted successfully : HKLM\SOFTWARE\dbmkdb : 20170105 Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited Deleted successfully : HKLM\SOFTWARE\Wow6432Node\dbmkdb : 20170105 Deleted successfully : [HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] ---------- | Folders | Files Deleted successfully : C:\Program Files\Common Files\AV\Spybot - Search and Destroy Reboot : C:\Program Files (x86)\Spybot - Search & Destroy 2 Reboot : C:\Program Files (x86)\UCBrowser Deleted successfully : C:\Users\Germain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk (.-.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe Deleted successfully : C:\Users\Germain\AppData\Local\Chromium Deleted successfully : C:\Users\Germain\AppData\Local\Refetyghvosy Deleted successfully : C:\ProgramData\Spybot - Search & Destroy Reboot : \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys (.-.) Reboot : \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys (.-.) Reboot : \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys (.-.) Deleted successfully : C:\Users\Germain\AppData\Roaming\Profiles Reboot : C:\Program Files (x86)\UCBrowser ---------- | .LNK ---------- | opening unknown extension ---------- | Proxy ---------- | Internet Explorer Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Repaired : [HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Repaired : [HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Repaired : [HKU\S-1-5-21-2196324403-2920740886-392819837-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex ---------- | Google Chrome Deleted successfully : C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL Deleted successfully : C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ] C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx ---------- | Comodo Dragon ---------- | Firefox Deleted successfully : C:\Users\Germain\AppData\Roaming\Mozilla\Firefox\Profiles\7ixpis8g.default-1483659626475\sessionstore.js (.-.) ---------- | SeaMonkey ---------- | Pale moon ---------- | Opera ---------- | Spark ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ---------- | ADS Other(s) report(s) Analyzed : 300500 | Modified : 4 | Deleted : 34 ---------- |EOF| ---------- | 12:56:34 | [16 Ko]