---------- | AdsFix | g3n-h@ckm@n | V4_05.12.17.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 18:26:03 - 11/12/2017 update on : 05/12/2017 | 09.40 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\TAHER\Desktop\AdsFix.exe Boot: Normal boot [TAHER (Administrator)] - [TITO] - (r [0401]) SID = S-1-5-21-2422561113-3094125170-2170945475-1001 || [5441484552205e5e] PC : Dell Inc. - - Processor : X64 - 2660 - Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz Bios : Dell Inc. - 11/30/2011 - V.A11 CoreTemp : ? C CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % System : Windows 8.1 Pro (64 bits) Professional RAM memory = Total (MB) : 4053 | Free (MB) : 2999 Pagefile = Total (MB) : 5888 | Free (MB) : 4484 Virtual = Total (MB) : 4194 | Free (MB) : 3898 C:\ -> [Fixed] | [] | Total : 48.73 Go | Free : 21.3 Go -> NTFS [RAID] D:\ -> [Fixed] | [New Volume] | Total : 48.94 Go | Free : 48.84 Go -> NTFS [RAID] E:\ -> [Fixed] | [New Volume] | Total : 292.97 Go | Free : 30.03 Go -> NTFS [RAID] F:\ -> [Fixed] | [New Volume] | Total : 259.18 Go | Free : 5.04 Go -> NTFS [RAID] G:\ -> [Fixed] | [New Volume] | Total : 48.72 Go | Free : 48.62 Go -> NTFS [RAID] Registry saved, to restore : Click on Options & Restore the registry (C:\AdsFix\Save\Registry [11.12.2017 @ 18_25_56]) or an element Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore" ---------- | Windows Updates Last detection : 2017-12-11 16:14:48 Last downloaded : 2017-12-08 07:10:31 Last installation : 2017-12-08 07:12:15 Next search : 2017-12-12 11:23:39 Windows Is Activated ---------- | Browsers IE : 11.0.9600.18817 (© Microsoft Corporation. All rights reserved.) GC : 63.0.3239.84 (Copyright 2016 Google Inc. All rights reserved.) OP : 49.0.2725.47 (Copyright Opera Software 2017) ---------- | Security (atcav : 0) AS : Windows Defender Disabled FW : جدار الحماية الشخصي ESET Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Started AS: Windows Defender [Manual(3)] = Order FW: Windows FireWall Service [Auto(2)] = Started WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started ---------- | FlashPlayer ActiveX : 27.0.0.187 Plugin : 20.0.0.235 Plugin : 20.0.0.267 Plugin : 27.0.0.130 ---------- | Killed processes 880 | [Owner : |Parent : 684(services.exe)] - (.ESET - ESET Service.) - (10.1.235.0) = C:\Program Files\ESET\ESET Smart Security\ekrn.exe 1684 | [Owner : SYSTEM |Parent : 684(services.exe)] - (.Performix LLC - AdGuard for Windows.) - (6.2.437.2171) = C:\Program Files (x86)\Adguard\AdguardSvc.exe 1768 | [Owner : SYSTEM |Parent : 684(services.exe)] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - (8.2.0.1206) = C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe 1860 | [Owner : SYSTEM |Parent : 684(services.exe)] - (.IObit - Uninstall Programs.) - (7.0.0.104) = C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe 3860 | [Owner : TAHER |Parent : 3508()] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.22.1.1) = C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe 3196 | [Owner : TAHER |Parent : 3120()] - (.IObit - UninstallerMonitor.) - (7.0.2.1012) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe 192 | [Owner : TAHER |Parent : 764(svchost.exe)] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.29.1.3) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe ---------- | Tasks ---------- | Services Deleted service : IObitUnSvr : C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts Deleted successfully : ---------- | SafeBoot Repaired : [HKLM | Minimal\vga.sys] : -> Driver Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver ¤ Repaired : [HKLM | Network\vga.sys] : -> Driver Repaired : [HKLM | Network\vgasave.sys] : -> Driver ---------- | Winsock ---------- | DNS ---------- | Registry Deleted successfully : HKLM\SOFTWARE\Classes\TuneUp.TUUtilityTools : TuneUp Utilities Tools Deleted successfully : HKLM\SOFTWARE\Classes\TuneUp.TUUtilityTools.1 : TuneUp Utilities Tools Deleted successfully : HKLM\SOFTWARE\Classes\TuneUp.UtilitiesSvc : TuneUp Utilities Service Deleted successfully : HKLM\SOFTWARE\Classes\TuneUp.UtilitiesSvc.1 : TuneUp Utilities Service Deleted successfully : HKLM\SOFTWARE\Classes\TuneUp.UtilitiesSvcTools.1 : TuneUp Utilities Tools Deleted successfully : HKLM\SOFTWARE\Classes\urn:content-classes:webstartaddress : Web Site Content Source Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\TuneUp.UtilitiesSvcTools : TuneUp Utilities Tools Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{02849255-07CD-4C09-97D7-017DA2AE45AA} Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} : C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll # Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{2509ABBC-871E-42e5-A27B-F7DA394B1897} Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} : C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll # Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{FCA02D56-BF9D-4591-AD41-E59AF763C64A} Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]~[QQLiveService] : QQLiveService Deleted successfully : HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Tencent Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[F:\بعد التسطيب\advanced-systemcare\advanced-systemcare-setup.exe] Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[E:\دورة تصميم كتب اليكترونية\برامج\لتقليل الحجم\PDFCompressor_setup.exe] Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe] Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe] Deleted successfully : HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Glarysoft Deleted successfully : HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\IObit Deleted successfully : HKLM\SOFTWARE\Wow6432Node\IObit Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall : (IObit Uninstaller) "C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe" -> C:\Program Files (x86)\IObit\IObit Uninstaller\ Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]~[GoogleChromeAutoLaunch_DFA0042BDF6D2158D448D45A3D8E0D66] : 0x03000000889EEECA1CF0D001 ---------- | Folders | Files Deleted successfully : C:\Program Files (x86)\Glarysoft Deleted successfully : C:\Program Files (x86)\IObit Deleted successfully : C:\Program Files (x86)\Common Files\IObit Deleted successfully : C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk (.-.) C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe Deleted successfully : C:\Users\Public\Desktop\IObit Uninstaller.lnk (.-.) C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk (.-.) C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk (.-.) Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk (.-.) Deleted successfully : C:\Users\TAHER\AppData\Local\iWesoft\pdfcompressor.exe_Url_vkgnewmm5gaqhsckqqg2ogab2ryhea2g Deleted successfully : C:\Users\TAHER\AppData\LocalLow\IObit Deleted successfully : C:\Users\TAHER\AppData\Roaming\GlarySoft Deleted successfully : C:\Users\TAHER\AppData\Roaming\IObit Deleted successfully : C:\Users\TAHER\Desktop\iobituninstaller.exe (Copyright© 2012-2017 .-.IObit Uninstaller ) Deleted successfully : C:\ProgramData\ALLPlayerRemote Deleted successfully : C:\ProgramData\Glarysoft Deleted successfully : C:\ProgramData\IObit Deleted successfully : C:\ProgramData\ProductData Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller Deleted successfully : C:\Windows\System32\Config\Systemprofile\AppData\Roaming\IObit\Advanced SystemCare V8 Deleted successfully : C:\Windows\IObit Deleted successfully : C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\مهم.lnk (.-.) Deleted successfully : C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tt.lnk (.-.) Deleted successfully : C:\Users\TAHER\AppData\Roaming\coreavc.ini (.-.) Deleted successfully : C:\ProgramData\Yahoo! Deleted successfully : C:\Windows\System32\Config\Systemprofile\AppData\Roaming\IObit ---------- | .LNK ---------- | opening unknown extension ---------- | Proxy ---------- | Internet Explorer Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Repaired : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Repaired : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Repaired : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Repaired : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Repaired : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x4600000067000000010000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000 Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000003B0A000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000002000000C0A801020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000FDC486E975D4DB0014D2CDB90192A22600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000FDC486E975D4DB00B863203638E54C6B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x3C000000010000000100000000000000000000000000000001000000000000000000000000000000000000000000000000000000 Deleted successfully : [HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000000E00000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000002000000C0A801020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000FDC486E975D4DB0014D2CDB90192A22600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000FDC486E975D4DB00B863203638E54C6B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = permissions: [ background clipboardRead clipboardWrite notifications unlimitedStorage ] Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\bkkbcggnhapdmkeljlodobbkopceiche = permissions: [ storage activeTab notifications webRequest webRequestBlocking contextMenus \u003Call_urls> ] Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\fdcgdnkidjaadafnichfpabhfomcebme = permissions: [ *://*/* chrome://favicon/ tabs webRequest webRequestBlocking proxy unlimitedStorage background management storage notifications cookies ] Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\hdokiejnpimakedhajhdlcegeplioahd = optional_permissions: [ cookies nativeMessaging privacy history ] Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\ngpampappnmepgilojfohadhhmbhlaek = permissions: [ \u003Call_urls> tabs cookies contextMenus webNavigation webRequest webRequestBlocking management storage proxy nativeMessaging ] Deleted successfully : C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ] C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb = : __MSG_5636646071825253269__ - __MSG_8969005060131950570__ - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\ipdjnhgkpapgippgcgkfcbpdpcgifncb = : The must-have emoji extension of 2016! The easiest way to search 1-click copy and paste or auto-input emoji anywhere in Chrome. - Emoji Keyboard (2016) by EmojiOne™ - permissions:[tabswebRequestwebRequestBlockinghttps://emojione/*storagewebNavigationwindowscookies\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx ---------- | Comodo Dragon : X ---------- | Firefox [TAHER | 9p5cqg9n.default-1508462493704] Deleted successfully : user_pref("browser.newtabpage.blocked", "{\"4ltnlZ87cLkL0vuw1YE/YQ==\":1,\"eSM4YXZ+CERzJHAqjDuoeg==\":1,\"TaiCEETna1C461oI0TQeiw==\":1,\"pswu6rA9F7b1gyN0qCxeHQ==\":1,\"gcUohdVnR2kGLZEko5tnFA==\":1,\"+mQw/UeNCPBklGq9PD7OjA==\":1,\"NVNUdjHdgr69i23QZUtx8Q==\":1}"); Deleted successfully : C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\extensions\{bee8b1f2-823a-424c-959c-f8f76c8b2306}.xpi (.-.)= {bee8b1f2-823a-424c-959c-f8f76c8b2306}.xpi ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera ---------- | Spark : X ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall Other(s) report(s) Analyzed : 317281 | Modified : 6 | Deleted : 68 ---------- |EOF| ---------- | 21:20:36 | [19 Ko]