---------- | AdsFix | g3n-h@ckm@n | V4_23.03.17.4

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 22:34:53 - 23/03/2017

Mis a jour le : 23/03/2017 | 15.20 (GMT) par g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Parckard Bell\Desktop\AdsFix.exe
Boot: Normal boot
[Parckard Bell (Administrator)] - [PARCKARDBELL-PC] -  (France [040C])
SID = S-1-5-21-2852301988-3529085112-163287035-1000 || [506172636b6172642042656c6c205e5e]
PC : Packard Bell - imedia S1300 - To Be Filled By O.E.M.
Processor : X64 - 2712 - AMD Athlon(tm) II X2 215 Processor
Bios : American Megatrends, Inc. - 01/28/2010 - V.P01-A1
CoreTemp : ? C

CPU #1 value:37 %
CPU #2 value:18 %
Total Overall CPU Usage value:28 %

Systeme : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
Memoire RAM = Total (MB) : 4194 | Libre (MB) : 1251
Pagefile = Total (MB) : 8385 | Libre (MB) : 5833
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3979

C:\ -> [Fixed] | [] | Total : 238.94 Go | Free : 195.64 Go -> NTFS [ATA]
D:\ -> [Fixed] | [DATA] | Total : 226.72 Go | Free : 225.34 Go -> NTFS [ATA]
F:\ -> [Fixed] | [Disque local (J:)] | Total : 465.76 Go | Free : 169.65 Go -> NTFS [USB]

Sauvegarde du registre , pour restaurer :  Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [23.03.2017 @ 22_34_50]) ou un element
Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer"

---------- | Mises a jour Windows

Derniere(s) detection(s) : 2017-03-23 06:27:05
Dernieres Telechargees : 2017-03-15 06:49:12
Dernieres installees : 2017-03-16 07:00:08
Prochaine recherche : 2017-03-24 01:30:49

Windows Is Activated

---------- | Navigateurs

IE : 11.0.9600.18616     (© Microsoft Corporation. Tous droits réservés.)
FF : 52.0.1.6284     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 57.0.2987.110     (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

FW : 
WMI : OK
WU: Windows Update Service [Auto(2)] = non en cours
AS: Windows Defender [Manual(3)] = non en cours
FW: Windows FireWall Service [Auto(2)] = en cours
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours

---------- | FlashPlayer

Plugin : 25.0.0.127

---------- | Processes closed

840 | [Owner : Système |Parent : 576(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
864 | [Owner : Système |Parent : 576(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4144) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1296 | [Owner : Système |Parent : 840()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1316 | [Owner : Système |Parent : 840()] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
1544 | [Owner : Système |Parent : 576(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1608 | [Owner : Parckard Bell |Parent : 576(services.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2528 | [Owner : Système |Parent : 576(services.exe)] - (.pdfforge GmbH - PDF Architect 4.) - (1.0.0.0) = C:\Program Files\PDF Architect 4\creator-ws.exe
2564 | [Owner : Système |Parent : 576(services.exe)] - (.Â© pdfforge GmbH. - Manager service.) - (1.0.0.0) = C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
2600 | [Owner : Système |Parent : 576(services.exe)] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
2700 | [Owner : Système |Parent : 576(services.exe)] - (.RealNetworks, Inc. - RealTimes Desktop Service.) - (18.1.7.337) = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
3064 | [Owner : Parckard Bell |Parent : 2024(explorer.exe)] - (.NVIDIA Corporation - NVIDIA Update Backend.) - (10.4.0.4) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
2936 | [Owner : Parckard Bell |Parent : 2024(explorer.exe)] - (.SFX TEAM - SuperCopier 2 (explorer file copy replacement).) - (2.2.0.650) = C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
2760 | [Owner : Parckard Bell |Parent : 2024(explorer.exe)] - (.Microsoft Corporation - Pense-bête.) - (6.1.7600.16385) = C:\Windows\System32\StikyNot.exe
464 | [Owner : Parckard Bell |Parent : 2024(explorer.exe)] - (.FreeDownloadManager.org - Free Download Manager.) - (5.1.23.5672) = C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
3184 | [Owner : Parckard Bell |Parent : 2024(explorer.exe)] - (.RealNetworks, Inc. - RealPlayer with RealTimes.) - (18.1.7.337) = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
3224 | [Owner : Parckard Bell |Parent : 1296()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3632 | [Owner : Parckard Bell |Parent : 3164()] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3656 | [Owner : Parckard Bell |Parent : 3164()] - (.RealNetworks, Inc. - RealNetworks Scheduler.) - (18.1.7.337) = C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
3668 | [Owner : Parckard Bell |Parent : 3164()] - (. - RealDownloader.) - (18.1.7.337) = C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
3156 | [Owner : SERVICE LOCAL |Parent : 272(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
4368 | [Owner : Parckard Bell |Parent : 3668()] - (.RealNetworks, Inc. - Tools for RealDownloader.) - (18.1.7.337) = C:\Program Files (x86)\Real\RealPlayer\RealDownloader\realdownloader264.exe
4612 | [Owner : SERVICE RÉSEAU |Parent : 576(services.exe)] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3540 | [Owner : Parckard Bell |Parent : 4108()] - (.Piriform Ltd - CCleaner.) - (5.28.0.6005) = C:\Program Files\CCleaner\CCleaner64.exe
2764 | [Owner : UpdatusUser |Parent : 576(services.exe)] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - (1.10.8.0) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
4376 | [Owner : Parckard Bell |Parent : 352()] - (.Guillaume Ryder (http://utilfr42.free.fr) - Clavier+.) - (10.7.1.0) = C:\Users\Parckard Bell\AppData\Local\Clavier+\Clavier.exe
5100 | [Owner : Parckard Bell |Parent : 576(services.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2836 | [Owner : Parckard Bell |Parent : 2024(explorer.exe)] - (. - Rainlendar2.) - (2.13.1.0) = C:\Program Files\Rainlendar2\Rainlendar2.exe
4572 | [Owner : Parckard Bell |Parent : 5976()] - (.Google Inc. - Google Chrome.) - (57.0.2987.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1728 | [Owner : SERVICE RÉSEAU |Parent : 576(services.exe)] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe

---------- | Tasks

Suppression : Drerza Center


---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Registre

Suppression : HKLM\SOFTWARE\Classes\FdmSettingsManager : FdmSettingsManager Class     
Suppression : HKLM\SOFTWARE\Classes\FdmSettingsManager.1 : FdmSettingsManager Class     
Suppression : HKLM\SOFTWARE\Classes\CLSID\{00E1C56D-B419-4D7E-8A2A-B8548EA22017} : "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\wincomserver.exe"
Suppression : HKLM\SOFTWARE\Classes\CLSID\{09BC942D-5CE5-4225-82DD-873322EA222A} : "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\wincomserver.exe"
Suppression : HKLM\SOFTWARE\Classes\CLSID\{318B6012-AF38-4AFC-807E-169248B941E2} : "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\wincomserver.exe"
Suppression : HKLM\SOFTWARE\Classes\TypeLib\{04219238-440D-4FED-A5D6-EFD15158CA77} : C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\wincomserver.exe
Suppression : HKLM\SOFTWARE\Classes\Interface\{3A167DB4-406C-4BEC-B9C5-1F74D74B37D6} : {04219238-440D-4FED-A5D6-EFD15158CA77}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{3A167DB4-406C-4BEC-B9C5-1F74D74B37D6} : {04219238-440D-4FED-A5D6-EFD15158CA77}
Suppression : HKLM\SOFTWARE\Classes\Interface\{3D111063-7458-4231-BCCF-60753280A94D} : {04219238-440D-4FED-A5D6-EFD15158CA77}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{3D111063-7458-4231-BCCF-60753280A94D} : {04219238-440D-4FED-A5D6-EFD15158CA77}
Suppression : HKLM\SOFTWARE\Classes\Interface\{BD1D921D-57DA-4080-94C5-7681FADEA48B} : {04219238-440D-4FED-A5D6-EFD15158CA77}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{BD1D921D-57DA-4080-94C5-7681FADEA48B} : {04219238-440D-4FED-A5D6-EFD15158CA77}
Suppression : HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Zylom
Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF} : 1

---------- | Dossiers | Fichiers

Suppression : C:\Users\Parckard Bell\AppData\Local\Phowerseghonadom
Suppression : C:\Users\Parckard Bell\Desktop\Trotux - Forum d'Entraide Informatique (FEI).url     (.-.)     
Suppression : C:\Users\Parckard Bell\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{96BBC430-9900-4299-9F5D-7951AB36EFDF}.ico     (.-.)     

---------- | .LNK


---------- | Ouverture extension inconnue


---------- | Proxy


---------- | Internet Explorer

Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Reparation : [HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Reparation : [HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Reparation : [HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Reparation : [HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Reparation : [HKU\S-1-5-21-2852301988-3529085112-163287035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0

---------- | Yandex



---------- | Google Chrome

Suppression : C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\Web Data     (.-.)     Remis a zero avec succes : SearchURL
Suppression : C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\Preferences     (.-.)     Remis a zero avec succes : Preferences 
Suppression : C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences     (.-.)     Remis a zero avec succes : Preferences 
Suppression : C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\ihpiinojhnfhpdmmacgmpoonphhimkaj =  permissions: [ storage tabs contextMenus nativeMessaging downloads webRequest \u003Call_urls> ]
Suppression : C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]

C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck =  :     Avast SafePrice - safe shopping extension. -     Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki =  :     Avast Browser Security and Web Reputation Plugin. -     Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Parckard Bell\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | Comodo Dragon



---------- | Firefox

Suppression : C:\Users\Parckard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\q71wggdu.default-1485856595294\sessionstore.js     (.-.)     


---------- | SeaMonkey



---------- | Pale moon



---------- | Opera



---------- | Spark



---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


---------- | ADS


Autre rapport


Analyses : 387059 | Modifications : 15 | Suppressions : 26

---------- |EOF| ---------- | 01:37:32 | [16 Ko]