---------- | AdsFix | g3n-h@ckm@n | V4_18.10.17.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 20:31:47 - 18/10/2017

Mis a jour le : 18/10/2017 | 10.00 (GMT) par g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\enfers\Desktop\AdsFix.exe
Boot: Normal boot
[enfers (Administrator)] - [ENFERS-PC] -  (france [040C])
SID = S-1-5-21-3297246652-1234983403-2385491008-1000 || [656e66657273205e5e]
PC : HP - 81F0 - X5X78EA#ABF
Processor : X64 - 1995 - Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Bios : Insyde - 05/19/2016 - V.F.09
CoreTemp : 27.8 C

CPU #1 value:18 %
CPU #2 value:6 %
CPU #3 value:12 %
CPU #4 value:0 %
Total Overall CPU Usage value:9 %

Systeme : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
Memoire RAM = Total (MB) : 4113 | Libre (MB) : 1314
Pagefile = Total (MB) : 8224 | Libre (MB) : 5192
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3952

C:\ -> [Fixed] | [] | Total : 931.41 Go | Free : 137.13 Go -> NTFS [SATA]

Sauvegarde du registre , pour restaurer :  Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [18.10.2017 @ 20_31_36]) ou un element
Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer"

---------- | Mises a jour Windows

Derniere(s) detection(s) : 2017-10-18 18:24:16
Dernieres Telechargees : 2017-10-17 18:08:10
Dernieres installees : 2017-10-17 18:20:18

Windows Is Activated

---------- | Navigateurs

IE : 11.0.9600.18817     (© Microsoft Corporation. Tous droits réservés.)
FF : 56.0.0.6478     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

---------- | Security (atcav : 0)

FW : Avast Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = en cours
AS: Windows Defender [Auto(2)] = non en cours
FW: Windows FireWall Service [Auto(2)] = en cours
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours

---------- | FlashPlayer

Plugin : 27.0.0.170

---------- | Processes closed

988 | [Owner :  |Parent : 704(services.exe)] - (.AMD - AMD External Events Service Module.) - (22.19.662.4) = C:\Windows\System32\atiesrxx.exe
1280 | [Owner :  |Parent : 988()] - (.AMD - AMD External Events Client Module.) - (22.19.662.4) = C:\Windows\System32\atieclxx.exe
548 | [Owner : Système |Parent : 704(services.exe)] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware (Corporate).) - (1.80.2.0) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
2072 | [Owner : enfers |Parent : 1608(explorer.exe)] - (.Piriform Ltd - CCleaner.) - (5.35.0.6210) = C:\Program Files\CCleaner\CCleaner64.exe
2156 | [Owner : Système |Parent : 704(services.exe)] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
2236 | [Owner : enfers |Parent : 2156(SynTPEnhService.exe)] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2308 | [Owner : enfers |Parent : 2284()] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2424 | [Owner : enfers |Parent : 1608(explorer.exe)] - (.BitTorrent Inc. - BitTorrent.) - (7.10.0.43917) = C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe
2440 | [Owner : enfers |Parent : 1608(explorer.exe)] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.65.320) = C:\Users\enfers\AppData\Roaming\Spotify\SpotifyWebHelper.exe
2452 | [Owner : enfers |Parent : 2052(mbamservice.exe)] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware (Corporate).) - (1.80.1.0) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3096 | [Owner : enfers |Parent : 3316()] - (.Glarysoft Ltd - Glary Utilities 5.) - (5.85.0.106) = C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
4220 | [Owner : enfers |Parent : 2424()] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.43917) = C:\Users\enfers\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
4240 | [Owner : enfers |Parent : 2424()] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.43917) = C:\Users\enfers\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe

---------- | Tasks

Suppression : GlaryInitialize 5
Suppression : GU5SkipUAC


---------- | Services

Suppression : GUBootStartup : \??\C:\Windows\System32\drivers\GUBootStartup.sys

---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock

Suppression : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries\000000000007 : %SystemRoot%\system32\PrxerNsp.dll
Suppression : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries64\000000000007 : %SystemRoot%\system32\PrxerNsp.dll

---------- | DNS

Reparation : [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8ABEE179-ECDA-4F9D-85F4-37538E8C85BD}]~[NameServer] : 77.234.40.79 -> 

---------- | Registre

Suppression : HKLM\SOFTWARE\Classes\// :
Suppression : HKLM\SOFTWARE\Classes\GU.Encrypted : Glary Utilities Encrypted File     C:\Program Files (x86)\Glary Utilities 5\fileencrypt.exe -d %1
Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\GU.Splitted : Glary Utilities Splitted File     C:\Program Files (x86)\Glary Utilities 5\filesplitter.exe -j %1
Suppression : HKLM\Software\Wow6432Node\Policies\Microsoft\Internet Explorer
Suppression : HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chatango.com
Suppression : HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58B505BE-F589-4E8E-8BF2-B78E078CA8F7} : C:\PROGRA~2\Glary Utilities 5\GridMap.ocx # 
Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7A1C7081-0275-49FB-B76F-B9A66767BB56} : C:\PROGRA~2\Glary Utilities 5\GridMap.ocx # 
Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} : C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll # 
Suppression : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASMANCS
Suppression : HKLM\SOFTWARE\Microsoft\Tracing\wyUpdate_RASAPI32
Suppression : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe]
Suppression : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe]
Suppression : HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Chromium
Suppression : HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Glarysoft
Suppression : HKLM\SOFTWARE\Wow6432Node\Glarysoft
Suppression : HKLM\SOFTWARE\Wow6432Node\IObit
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\msvcr120.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\vccorlib120.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\vcomp120.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc120u.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfcm120u.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc120chs.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc120deu.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc120fra.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc120jpn.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc120rus.dll] [X]
Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1 : (Driver Booster 4.5) "C:\Program Files (x86)\IObit\Driver Booster\4.5.0\unins000.exe" -> C:\Program Files (x86)\IObit\Driver Booster\
Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Glary Utilities 5 : (Glary Utilities 5.85) C:\Program Files (x86)\Glary Utilities 5\uninst.exe

---------- | Dossiers | Fichiers

Reboot : C:\Program Files (x86)\Glary Utilities 5
Suppression : C:\Program Files (x86)\IObit
Suppression : C:\Program Files (x86)\Common Files\IObit
Suppression : C:\Users\enfers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 4.lnk     (.-.)     C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Suppression : C:\Users\enfers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk     (.-.)     C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk     (.-.)     C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Suppression : C:\Users\enfers\Desktop\netoyage PC\Glary Utilities 5.lnk     (.-.)     
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4\Driver Booster 4.lnk     (.-.)     
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4\Désinstaller Driver Booster 4.lnk     (.-.)     
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk     (.-.)     
Suppression : C:\Users\enfers\AppData\LocalLow\IObit
Suppression : C:\Users\enfers\AppData\Roaming\GlarySoft
Suppression : C:\Users\enfers\AppData\Roaming\IObit
Suppression : C:\Users\enfers\AppData\Roaming\SimpleStar
Suppression : C:\Users\enfers\magic tag zob\Crazy Frog
Suppression : C:\Users\enfers\magic tag zob\Genesis
Suppression : C:\Users\enfers\magic tag zob\Les Crazy Skankers
Suppression : C:\ProgramData\GlarySoft
Suppression : C:\ProgramData\IObit
Suppression : C:\ProgramData\ProductData
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
Suppression : C:\Windows\IObit
Suppression : C:\Windows\System32\Config\Systemprofile\AppData\Roaming\IObit

---------- | .LNK


---------- | Ouverture extension inconnue


---------- | Proxy


---------- | Internet Explorer

Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Reparation : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Reparation : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Reparation : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000005802000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A80F6A000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000A203000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A80F6A000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000001A00000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A80F6A000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000C702000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000100000002000000C0A80F6A000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

---------- | Yandex : X

---------- | CLIQZ : X

---------- | Google Chrome : X

---------- | Comodo Dragon : X

---------- | Firefox

[enfers | gydjksqb.default-1505245063118] Remplacement : user_pref("browser.startup.homepage", "https://www.startpage.com/fra/"); -> user_pref("browser.startup.homepage", "https://www.google.com");
[enfers | gydjksqb.default-1505245063118] Suppression : user_pref("media.gmp-widevinecdm.abi", "x86-msvc-x64");
[enfers | gydjksqb.default-1505245063118] Suppression : user_pref("media.gmp-widevinecdm.lastUpdate", 1507227785);
[enfers | gydjksqb.default-1505245063118] Suppression : user_pref("media.gmp-widevinecdm.version", "1.4.8.1008");


---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark : X

---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


Autre rapport


Analyses : 287126 | Modifications : 6 | Suppressions : 69

---------- |EOF| ---------- | 22:06:23 | [15 Ko]