---------- | AdsFix | g3n-h@ckm@n | V4_23.06.17.2

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 19:07:23 - 23/06/2017

Mis a jour le : 23/06/2017 | 07.35 (GMT) par g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Neronova\Desktop\AdsFix.exe
Boot: Normal boot
[Neronova (Administrator)] - [CORSAIR600T] -  (France [040C])
SID = S-1-5-21-2575266510-1233125260-420923651-1000 || [4e65726f6e6f7661205e5e]
PC : MSI - Z87-G45 GAMING (MS-7821) - To be filled by O.E.M.
Processor : X64 - 3400 - Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Bios : American Megatrends Inc. - 08/18/2013 - V.V1.4
CoreTemp : 29.8 C

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

Systeme : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
Memoire RAM = Total (MB) : 8331 | Libre (MB) : 6456
Pagefile = Total (MB) : 16661 | Libre (MB) : 15007
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3959

C:\ -> [Fixed] | [] | Total : 119.24 Go | Free : 26.14 Go -> NTFS (SSD) [SATA]
E:\ -> [Fixed] | [Asus Dvd] | Total : 0.12 Go | Free : 0.06 Go -> NTFS [SATA]
F:\ -> [Fixed] | [Hdd 1 To] | Total : 931.39 Go | Free : 57.31 Go -> NTFS [SATA]

Sauvegarde du registre , pour restaurer :  Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [23.06.2017 @ 19_07_22]) ou un element
Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer"

---------- | Mises a jour Windows

Derniere(s) detection(s) : 2017-06-23 12:08:01
Dernieres Telechargees : 2017-04-22 21:11:00
Dernieres installees : 2017-03-07 21:05:32
Prochaine recherche : 2017-06-24 06:40:08

Windows Is Activated

---------- | Navigateurs

IE : 11.0.9600.18538     (© Microsoft Corporation. Tous droits réservés.)
GC : 58.0.3029.110     (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

FW : 
WMI : OK
WU: Windows Update Service [Auto(2)] = non en cours
AS: Windows Defender [Manual(3)] = non en cours
FW: Windows FireWall Service [Auto(2)] = en cours
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours

---------- | FlashPlayer

Plugin : 26.0.0.131

---------- | Processes closed

928 | [Owner : Système |Parent : 724(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
608 | [Owner : Système |Parent : 928()] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1840 | [Owner : Système |Parent : 724(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.22.5037) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1952 | [Owner : Système |Parent : 724(services.exe)] - (.Hi-Rez Studios - HiPatchService.) - (5.0.6.4) = F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
2028 | [Owner : Système |Parent : 724(services.exe)] - (.MICRO-STAR INTERNATIONAL CO., LTD. - MSI_Trigger_Service.) - (1.0.8.0) = C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
1468 | [Owner : Système |Parent : 724(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1580 | [Owner : SERVICE RÉSEAU |Parent : 724(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
868 | [Owner : Système |Parent : 724(services.exe)] - (.Qualcomm Atheros - Qualcomm Atheros Killer Network Service.) - (1.1.48.1376) = C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
3928 | [Owner : Neronova |Parent : 1468()] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
3276 | [Owner : Neronova |Parent : 3544(explorer.exe)] - (.SteelSeries ApS - SteelSeries Engine.) - (2.9.2014.1) = C:\Program Files (x86)\SteelSeries Engine\SteelSeriesEngine.exe
3900 | [Owner : Neronova |Parent : 3544(explorer.exe)] - (.- NetworkManager.) - (1.1.48.1376) = C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
4544 | [Owner : Neronova |Parent : 608()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8233) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
5876 | [Owner : Neronova |Parent : 5756()] - (.Node.js - NVIDIA Web Helper Service.) - (6.9.5.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Registre

Suppression : HKLM\SOFTWARE\Classes\.sdsb : Spybot2.SDSBFile     
Suppression : HKLM\SOFTWARE\Classes\TypeLib\{6B76D4EA-ADD6-4987-979E-19B7609C0FA2} :  # C:\Program Files (x86)\SteelSeries Engine\SteelSeriesDrivers\BSteelLink.dll
Suppression : HKLM\SOFTWARE\Classes\TypeLib\{ED6BD1F1-0A6B-41C1-A57D-646C63F5A361} : Path
Suppression : HKLM\SOFTWARE\Classes\Interface\{0DA0F734-0EB5-4DCF-B232-8E1677B9B811} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{0DA0F734-0EB5-4DCF-B232-8E1677B9B811} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{24DAC64F-612E-45F0-A2F1-E06CF21CB14B} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{24DAC64F-612E-45F0-A2F1-E06CF21CB14B} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{5AAECFDA-23A8-48A6-8DEC-E17618DB2DE6} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{5AAECFDA-23A8-48A6-8DEC-E17618DB2DE6} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{6D14E4D8-5D6A-4091-8299-E8D444E3603E} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{6D14E4D8-5D6A-4091-8299-E8D444E3603E} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{7B817A4F-58F3-47D4-80A8-D7AA11360AB9} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{7B817A4F-58F3-47D4-80A8-D7AA11360AB9} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{8D936B9E-6437-45F1-90AF-45D1A4F28E92} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{8D936B9E-6437-45F1-90AF-45D1A4F28E92} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{939A6A3F-4B0D-4DB3-8B05-2FFFACFB0AE3} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{939A6A3F-4B0D-4DB3-8B05-2FFFACFB0AE3} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SOFTWARE\Classes\Interface\{B51F3F69-4E20-4D13-A42E-D5648BFA30B9} : {ED6BD1F1-0A6B-41C1-A57D-646C63F5A361}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{B51F3F69-4E20-4D13-A42E-D5648BFA30B9} : {ED6BD1F1-0A6B-41C1-A57D-646C63F5A361}
Suppression : HKLM\SOFTWARE\Classes\Interface\{B5B5F26C-0E7E-4AC2-B975-0633E242B9E4} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\Software\Classes\WOW6432Node\Interface\{B5B5F26C-0E7E-4AC2-B975-0633E242B9E4} : {6B76D4EA-ADD6-4987-979E-19B7609C0FA2}
Suppression : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2
Suppression : HKU\S-1-5-18\SOFTWARE\Safer Networking Limited
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Chromium
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Safer Networking Limited
Suppression : HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Team Cherry : 0x744E66624F3833544B415747727764673939365872773D3D00
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Wargaming.net
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\アトリエかぐや
Suppression : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5dbab0d_0 : {0.0.0.00000000}.{5d2d87d0-9560-4545-84ee-dd5a8bdd36bf}|\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe%b{00000000-0000-0000-0000-000000000000}
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6015eef6_0 : {0.0.0.00000000}.{a99246fa-9a31-4921-997e-02429c8a534b}|\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe%b{00000000-0000-0000-0000-000000000000}
Suppression : HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\702468b4_0 : {0.0.0.00000000}.{a99246fa-9a31-4921-997e-02429c8a534b}|\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe%b{00000000-0000-0000-0000-000000000000}

---------- | Dossiers | Fichiers

Suppression : C:\Program Files (x86)\SteelSeries Engine\WoTMousePlugin.dll     (Copyright ©  2013.-.WoTMousePlugin)     WoTMousePlugin.dll
Suppression : C:\Users\Neronova\AppData\Local\Chromium
Suppression : C:\Users\Neronova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\毎日がＭ！
Suppression : C:\Users\Neronova\Local Settings\{92213538-E4D1-4056-90C2-B9808D7449C5}     (.-.)     
Suppression : C:\Users\Neronova\Local Settings\{F7B0928A-2D57-4E8A-AB9B-80DFFF968169}     (.-.)     
Suppression : C:\ProgramData\Spybot - Search & Destroy
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\毎日がＭ！
Suppression : C:\Users\Neronova\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico     (.-.)     
Suppression : C:\Windows\System32\AI_RecycleBin
Suppression : C:\Users\Neronova\Desktop\毎日がＭ！.lnk     (.-.)     

---------- | .LNK


---------- | Ouverture extension inconnue


---------- | Proxy


---------- | Internet Explorer

Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Reparation : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Reparation : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Reparation : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Reparation : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Reparation : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000003D180000090000000000000000000000000000000400000000000000D0701322291CCF010000000000000000000000000200000017000000000000002620009B000000000000000019002C4F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A80003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000511E0000090000000000000000000000000000000400000000000000805E1D3B221CCF010000000000000000000000000200000017000000000000002620009B000000000000000019002C4F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A80003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000007A020000090000000000000000000000000000000400000000000000D0701322291CCF010000000000000000000000000200000017000000000000002620009B000000000000000019002C4F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A80003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-2575266510-1233125260-420923651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000CF0E0000090000000000000000000000000000000400000000000000805E1D3B221CCF010000000000000000000000000200000017000000000000002620009B000000000000000019002C4F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A80003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

---------- | Yandex : X

---------- | CLIQZ : X

---------- | Google Chrome

Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\Web Data     (.-.)     Remis a zero avec succes : SearchURL
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\Preferences     (.-.)     Remis a zero avec succes : Preferences 
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome SxS\User Data\Default\extensions\cekbombbjhdmmhegkjcnhockgbejnnjd =  SNT
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome SxS\User Data\Default\extensions\edhjnknckokhjoflhmofbhgpiklfdpak =  YoutubeAdblocker
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome SxS\User Data\Default\extensions\lgcpndinhfanlflceibkiajciiloofee =  YTBookMMark
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome SxS\User Data\Default\extensions\nedjejdfkkjgebciefdfofjhmeogiaga =  Saving Smart
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome SxS\User Data\Default\extensions\paclmegablpcjiildbghijoilhgfdpeh =  weBsave
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = js: [ include.postload.js adblock-uiscripts-rightclick_hook.js adblock-notificationoverlay.js ]
Suppression : C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]

C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck =  :     Avast SafePrice - safe shopping extension. -     Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki =  :     Avast Browser Security and Web Reputation Plugin. -     Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Neronova\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

---------- | Comodo Dragon : X

---------- | Firefox : X

---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark : X

---------- | StartMenuInternet

Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\shell\open\command]~[] : "F:\Programmes\firefox.exe" -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command]~[] : "F:\Programmes\firefox.exe" -safe-mode -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" -safe-mode
Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\InstallInfo]~[] : "F:\Programmes\uninstall\helper.exe" /SetAsDefaultAppGlobal -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
Reparation : [HKLM\SOFTWARE\WOW6432Node\Clients\StartMenuInternet\Firefox.exe\InstallInfo]~[] : "F:\Programmes\uninstall\helper.exe" /SetAsDefaultAppGlobal -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

---------- | Javascript


---------- | Firewall


---------- | ADS


Autre rapport


Analyses : 386688 | Modifications : 10 | Suppressions : 58

---------- |EOF| ---------- | 20:22:44 | [19 Ko]