---------- | AdsFix | g3n-h@ckm@n | V5_22.04.18.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 14:39:43 - 21/04/2018

Mis a jour le : 22/04/2018 | 10.55 (GMT) par g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Julien\Desktop\AdsFix.exe
Boot: Normal boot
[Julien (Administrator)] - [XIONG] -  (FRANCE [040C])
SID = S-1-5-21-3714920687-1367710502-1323822166-1002 || [4a756c69656e205e5e]
PC : ASUSTeK COMPUTER INC. - G10AJ - All
Processor : X64 - 3193 - Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz
Bios : American Megatrends Inc. - 05/15/2014 - V.0303
CoreTemp : 29.8 C

CPU #1 value:3 %
CPU #2 value:100 %
CPU #3 value:3 %
CPU #4 value:0 %
CPU #5 value:0 %
CPU #6 value:3 %
CPU #7 value:0 %
CPU #8 value:3 %
Total Overall CPU Usage value:13 %

Systeme : Windows 8.1 (64 bits) Core 
Memoire RAM = Total (MB) : 8330 | Libre (MB) : 5518
Pagefile = Total (MB) : 10821 | Libre (MB) : 7803
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3920

C:\ -> [Fixed] | [Windows] | Total : 150 Go | Free : 17.87 Go -> NTFS [RAID]
D:\ -> [Fixed] | [Data] | Total : 762.54 Go | Free : 355.39 Go -> NTFS [RAID]

Sauvegarde du registre , pour restaurer :  Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [21.04.2018 @ 14_39_41]) ou un element
Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer"

---------- | Mises a jour Windows

Derniere(s) detection(s) : 2018-04-20 18:24:21
Dernieres Telechargees : 2018-04-20 19:30:32
Dernieres installees : 2018-04-20 19:33:09
Prochaine recherche : 2018-04-21 15:10:42

Windows Is Activated
Windows Is Activated

Partial Key : BBBBB -> MAK - Volume
---------- | Navigateurs

IE : 11.0.9600.18817     (© Microsoft Corporation. Tous droits réservés.)
GC : 65.0.3325.181     (Copyright 2017 Google Inc. All rights reserved.)

---------- | Security (atcav : 3)

AS : Windows Defender Disabled
FW : 
WMI : OK
WU: Windows Update Service [Manual(3)] = en cours
AS: Windows Defender [Manual(3)] = non en cours
FW: Windows FireWall Service [Auto(2)] = en cours
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours

---------- | FlashPlayer

ActiveX : 29.0.0.140
Plugin : 10.3.183.90

---------- | Processes closed

2860 | [Owner : Système |Parent : 856(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2880 | [Owner : Système |Parent : 856(services.exe)] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
2964 | [Owner : Système |Parent : 856(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9226.2082) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1276 | [Owner : Système |Parent : 856(services.exe)] - (.Hi-Rez Studios - HiPatchService.) - (5.1.2.0) = D:\Hi-Rez Studios\HiPatchService.exe
2200 | [Owner : Système |Parent : 856(services.exe)] - (.- HuaweiHiSuiteService.) - (2.0.0.42) = C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2528 | [Owner : Système |Parent : 856(services.exe)] - (.- RichVideo Module.) - (2.0.1.7413) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe
4640 | [Owner : Système |Parent : 856(services.exe)] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
4648 | [Owner : Julien |Parent : 1500(svchost.exe)] - (.- SecureDeleteBackground.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
5104 | [Owner : Julien |Parent : 1500(svchost.exe)] - (.ASUSTeK - Power Manager_background.) - (1.4.0.1) = C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
2868 | [Owner : Julien |Parent : 1500(svchost.exe)] - (.ASUSTeK - ASUS_Manager_Lighting.) - (1.4.0.0) = C:\Program Files (x86)\ASUS\ASUS Manager\Lighting\ASUS_Manager_Lighting.exe
2736 | [Owner : Julien |Parent : 4092(explorer.exe)] - (.IvoSoft - Classic Start Menu.) - (4.0.4.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe
6000 | [Owner : Julien |Parent : 5912()] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.4313.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
6024 | [Owner : Julien |Parent : 5912()] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.171.11) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
6660 | [Owner : Julien |Parent : 5928()] - (.Piriform Ltd - CCleaner.) - (5.19.0.5633) = C:\Program Files\CCleaner\CCleaner64.exe
6756 | [Owner : Julien |Parent : 488()] - (.Node.js - NVIDIA Web Helper Service.) - (6.12.2.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot

Reparation : [HKLM | Minimal\vga.sys] :  -> Driver
Reparation : [HKLM | Minimal\vgasave.sys] :  -> Driver

¤

Reparation : [HKLM | Network\vga.sys] :  -> Driver
Reparation : [HKLM | Network\vgasave.sys] :  -> Driver

---------- | Winsock


---------- | DNS


---------- | Registre

Suppression : HKLM\SOFTWARE\Classes\VisioEventMonitor.CEvtSink : VisioEventMonitor.CEvtSink     
Suppression : HKLM\SOFTWARE\Classes\CLSID\{787EE094-E378-4C48-839A-254595BB49DB} : C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandlerBin.dll # 
Suppression : HKLM\SOFTWARE\Classes\CLSID\{F726B5AE-656D-4266-85C7-7D336AB0131B} : C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll # 
Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E62E8CED-DF9E-4E6D-BC17-7939E3D140EF}
Suppression : HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Chromium
Suppression : HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\undefined
Suppression : HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\DuoDianApp : a3Z8fXdvh25qfHB+Ynp/b3k=
Suppression : HKLM\SOFTWARE\Wow6432Node\DuoDianApp : a3Z8fXdvh25qfHB+Ynp/b3k=
Suppression : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\StartMenuHelper64.dll] [X]

---------- | Dossiers | Fichiers

Suppression : C:\Users\Julien\AppData\Local\CrashRpt
Suppression : C:\Users\Julien\AppData\Local\http___www.julien-manici\Win7LogonBackgroundChange_Url_hm44l1nqm0bnk3dcv1rwfnmanxgfvpzd
Suppression : C:\Users\Julien\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico     (.-.)     
Suppression : C:\Windows\PCCleanupContextMenu
Suppression : C:\Windows\System32\HRUPPROG.EXIT     (.-.)     
Suppression : C:\Users\Julien\AppData\Roaming\ySnvffLRm0.exe     (.-.)     
Suppression : C:\Users\Julien\AppData\Local\BTServer.log     (.-.)     
Suppression : C:\Users\Julien\AppData\Local\MSfree Inc
Suppression : C:\ProgramData\DigitalWave.ApplicationUpdater_files

---------- | .LNK


---------- | Ouverture extension inconnue


---------- | Proxy


---------- | Internet Explorer

Reparation : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/
Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Start Page] : about:blank -> https://www.google.com/
Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Reparation : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Reparation : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Reparation : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Reparation : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000005508000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000300000002000000C0A8380100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A801610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD10173FE93F57FE9E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000CF340000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000000800000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000300000002000000C0A8380100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A801610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD10173FE93F57FE9E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-3714920687-1367710502-1323822166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x4600000076000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

---------- | Yandex : X

---------- | CLIQZ : X

---------- | Google Chrome

Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\Web Data     (.-.)     Remis a zero avec succes : SearchURL
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\Preferences     (.-.)     Remis a zero avec succes : Preferences 
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences     (.-.)     Remis a zero avec succes : Preferences 
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\fabcmochhfpldjekobfaaggijgohadih =  permissions: [ tabs webNavigation nativeMessaging *://*/* ]
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\lcjhokogmfjbhdfnhpgpamfpjjgckejn =  permissions: [ storage notifications tabs http://*/* https://*/* ]
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\nahhmpbckpgdidfnmfkfgiflpjijilce = Search Manager
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\pilplloabdedfmialnfchjomjmpjcoej = Search Manager
Suppression : C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]

C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm =  :     __MSG_extShortDesc__ -    name: uBlock Origin -    short_name: uBlock₀ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg =  : Google & co - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\mlomiejdfkolichcflejclcbmpeaniij =  :     __MSG_short_description__ -    version_name: 8.1.2 - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Julien\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | Comodo Dragon : X

---------- | Firefox : X

---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark : X

---------- | StartMenuInternet

Reparation : [HKLM\SOFTWARE\Clients\StartMenuInternet\IExplore.exe\shell\open\command]~[] : iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

---------- | Javascript


---------- | Firewall


Autre rapport


Analyses : 335192 | Modifications : 8 | Suppressions : 35

---------- |EOF| ---------- | 16:04:52 | [16 Ko]