---------- | AdsFix | g3n-h@ckm@n | V5_02.01.18.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 23:33:43 - 31/01/2018 Mis a jour le : 02/01/2018 | 06.10 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Maestro\Downloads\AdsFix.exe Boot: Normal boot [Maestro (Administrator)] - [MAESTRO-PC] - (belgique [040C]) SID = S-1-5-21-2687808087-1106675009-1755940479-1000 || [4d61657374726f205e5e] PC : Dell Inc. - 0Y2MRG - Processor : X64 - 3392 - Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Bios : Dell Inc. - 10/17/2011 - V.A06 CoreTemp : ? C CPU #1 value:0 % CPU #2 value:6 % CPU #3 value:0 % CPU #4 value:6 % CPU #5 value:0 % CPU #6 value:6 % CPU #7 value:0 % CPU #8 value:6 % Total Overall CPU Usage value:3 % Systeme : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 Memoire RAM = Total (MB) : 8371 | Libre (MB) : 5984 Pagefile = Total (MB) : 16739 | Libre (MB) : 13495 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3961 C:\ -> [Fixed] | [] | Total : 918.22 Go | Free : 591.2 Go -> NTFS [SATA] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [31.01.2018 @ 23_33_35]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Derniere(s) detection(s) : 2018-01-31 13:00:00 Dernieres Telechargees : 2018-01-28 21:29:05 Dernieres installees : 2018-01-28 23:49:23 Prochaine recherche : 2018-02-01 10:00:28 Windows Is Activated ---------- | Navigateurs IE : 11.0.9600.18894 (© Microsoft Corporation. Tous droits réservés.) FF : 58.0.1.6602 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ---------- | Security (atcav : 3) AV : Malwarebytes Disabled AS : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 28.0.0.137 Plugin : 28.0.0.137 ---------- | Processes closed 1784 | [Owner : |Parent : 692(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.24.5926) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1168 | [Owner : |Parent : 692(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.84) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1984 | [Owner : Système |Parent : 692(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 1756 | [Owner : Système |Parent : 692(services.exe)] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - (0.9.4.4078) = C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe 2068 | [Owner : Système |Parent : 692(services.exe)] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) - (0.9.4.4078) = C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe 2372 | [Owner : Système |Parent : 692(services.exe)] - (.Razer Inc. - Razer Chroma SDK Service.) - (1.0.8.3) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe 2932 | [Owner : Système |Parent : 692(services.exe)] - (.- GameScannerService.) - (1.0.6.2835) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2392 | [Owner : Système |Parent : 692(services.exe)] - (.Rsupport Co., Ltd. - Remote View 5.0 Agent.) - (5.2.19.1) = C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe 3088 | [Owner : Système |Parent : 692(services.exe)] - (.Razer Inc - RazerSurround VAD Streaming Service.) - (1.1.63.0) = C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe 4420 | [Owner : Maestro |Parent : 2392()] - (.Rsupport Co., Ltd. - RemoteView Agent Tray Application.) - (5.2.16.1) = C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe 6080 | [Owner : Maestro |Parent : 5800(taskeng.exe)] - (.Samsung Electronics Co. Ltd. - Samsung Magician.) - (5.1.0.1120) = C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe 5864 | [Owner : Maestro |Parent : 1672()] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe 4848 | [Owner : Maestro |Parent : 5308()] - (.- RzStats.Manager.) - (1.2.16.0) = C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 4316 | [Owner : Maestro |Parent : 4848(RzStats.Manager.exe)] - (.Razer, Inc. - RazerIngameEngine.) - (1.0.12.10108) = C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe 7240 | [Owner : Maestro |Parent : 4848(RzStats.Manager.exe)] - (.Razer, Inc. - Razer Chromium Render Process.) - (1.0.12.10108) = C:\Users\Maestro\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe 6572 | [Owner : Système |Parent : 7616()] - (.Rsupport Corporation - Rsupport RSAutoUp Application.) - (3.1.6.1) = C:\Program Files (x86)\Samsung\Remote PC\rsautoup_.exe 6648 | [Owner : Système |Parent : 7572()] - (.Rsupport Corporation - Rsupport RSAutoUp Application.) - (3.1.6.1) = C:\Program Files (x86)\Samsung\Remote PC\rsautoup_.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL : # Suppression : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pcdrcui.exe Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HD-UpdaterService_RASAPI32 Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HD-UpdaterService_RASMANCS Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Windows\TEMP\_ir_sf_temp_0\irsetup.exe] Suppression : HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Chromium Suppression : HKLM\SOFTWARE\PC-Doctor Suppression : HKLM\SOFTWARE\Wow6432Node\PC-Doctor Suppression : HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Nico Mak Computing Suppression : HKLM\SOFTWARE\Nico Mak Computing Suppression : [HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]~[ITBar7Height] : 22 Suppression : [HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]~[ITBar7Height64] : 22 Suppression : [HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E2877D3-2641-4970-B794-A553E295428D} : ScriptInjectionPluginBrowserHelperObject Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E2877D3-2641-4970-B794-A553E295428D} : ScriptInjectionPluginBrowserHelperObject Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\BACSCPL.cpl] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\DRIVERS\npf.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\PxHlpa64.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\cdralw2k.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\cdr4_xp.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\drivers\GEARAspiWDM.sys] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20FRA.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\VBAME.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\beidmdrv64.dll] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\EptMon64.dll] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\MBEptMon.ini] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\THXCfg64.dll] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\THXCfg64.ini] [X] ---------- | Dossiers | Fichiers Suppression : C:\Users\Maestro\AppData\LocalLow\PCDr Suppression : C:\Users\Maestro\AppData\Roaming\PCDr Suppression : C:\ProgramData\PCDr ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/ Reparation : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/ Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/ Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000C5C60000090000000000000000000000000000000400000000000000FB33BD258982CE010000000000000000000000000100000002000000C0A80004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000843400000900000000000000070000002A2E6C6F63616C000000000400000000000000C7F69A139382CE010000000000000000000000000100000002000000C0A80004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000150F0100090000000000000000000000000000000400000000000000FB33BD258982CE010000000000000000000000000100000002000000C0A80004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-2687808087-1106675009-1755940479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000491500000900000000000000070000002A2E6C6F63616C000000000400000000000000C7F69A139382CE010000000000000000000000000100000002000000C0A80004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000040000000900000000000000070000002A2E6C6F63616C000000000400000000000000C7F69A139382CE010000000000000000000000000500000017000000000000002A02278800D408BC6174954F9EA45C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002A02278800D408BCC43294544BA6EAB0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002A02278800D408BCD6BED9FFFE89DE09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A800060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100005EF579FB0CE9108592A6E69A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Remis a zero avec succes : SearchURL Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\fheoggkfdfchfphceeifdbepaooicaho = (Changelog) Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = js: [ include.postload.js adblock-uiscripts-rightclick_hook.js adblock-notificationoverlay.js ] Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk = permissions: [ nativeMessaging storage ] Suppression : C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ] C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx ---------- | Comodo Dragon : X ---------- | Firefox ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark : X ---------- | StartMenuInternet Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]~[] : "C:\Users\Maestro\AppData\Local\Google\Chrome\Application\chrome.exe" -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]~[] : "C:\Users\Maestro\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser Reparation : [HKLM\SOFTWARE\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]~[] : "C:\Users\Maestro\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser ---------- | Javascript ---------- | Firewall Autre rapport Analyses : 413084 | Modifications : 6 | Suppressions : 44 ---------- |EOF| ---------- | 02:01:56 | [18 Ko]