---------- | AdsFix | g3n-h@ckm@n | V5_24.04.18.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 09:35:16 - 24/04/2018 Mis a jour le : 24/04/2018 | 08.25 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\maryl\Desktop\AdsFix.exe Boot: Normal boot [maryl (Administrator)] - [DESKTOP-F8C5SPR] - (France [040C]) SID = S-1-5-21-2762758690-3479469590-1194244944-1001 || [6d6172796c205e5e] PC : HP - 81A1 - W9T77EA#ABF Processor : X64 - 2400 - Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Bios : American Megatrends Inc. - 06/01/2017 - V.F.46 CoreTemp : 52 C CPU #1 value:15 % CPU #2 value:15 % CPU #3 value:21 % CPU #4 value:15 % Total Overall CPU Usage value:16 % Systeme : Windows 10 Home (64 bits) Core Memoire RAM = Total (MB) : 8263 | Libre (MB) : 3309 Pagefile = Total (MB) : 17176 | Libre (MB) : 10685 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3845 C:\ -> [Fixed] | [Windows] | Total : 225.94 Go | Free : 35.79 Go -> NTFS (SSD) D:\ -> [Fixed] | [RECOVERY] | Total : 11.37 Go | Free : 1.18 Go -> NTFS (SSD) E:\ -> [Removable] | [] | Total : 7.51 Go | Free : 6.56 Go -> FAT32 [SCSI] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [24.04.2018 @ 09_35_10]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows Windows Is Activated Windows Is Activated Possible Fixed Windows Possible Fixed Windows Mak - Volume License ---------- | Navigateurs IE : 11.0.16299.371 (© Microsoft Corporation. Tous droits réservés.) MS-Edge : 11.0.16299.371 (© Microsoft Corporation. All rights reserved.) ---------- | Security (atcav : 0) AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = non en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 29.0.0.140 ---------- | Processes closed 2540 | [Owner : |Parent : 700(services.exe)] - (.AVAST Software - Avast Service.) - (18.3.3860.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 3092 | [Owner : Système |Parent : 700(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 3108 | [Owner : Système |Parent : 700(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 3116 | [Owner : Système |Parent : 700(services.exe)] - (.Apache Software Foundation - Apache HTTP Server.) - (2.4.9.0) = C:\dolibarr\bin\apache\apache2.4.9\bin\httpd.exe 3124 | [Owner : Système |Parent : 700(services.exe)] - (.Conexant Systems, Inc - CxMonSvc.) - (1.0.1.0) = C:\Windows\CxSvc\CxMonSvc.exe 3132 | [Owner : Système |Parent : 700(services.exe)] - (.Conexant Systems, Inc. - Utility Service.) - (2.12.0.0) = C:\Windows\CxSvc\CxUtilSvc.exe 3140 | [Owner : Système |Parent : 700(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe 3148 | [Owner : Système |Parent : 700(services.exe)] - (.-.) - (0.0.0.0) = C:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe 3172 | [Owner : Système |Parent : 700(services.exe)] - (.AVAST Software - Avast Cleanup Service.) - (17.3.4228.0) = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe 3216 | [Owner : Système |Parent : 700(services.exe)] - (.Firebird Project - Firebird SQL Server.) - (2.5.6.27020) = C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe 3232 | [Owner : Système |Parent : 700(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9126.2152) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 3448 | [Owner : SERVICE RÉSEAU |Parent : 700(services.exe)] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Redis\redis-server.exe 3500 | [Owner : Système |Parent : 700(services.exe)] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe 3596 | [Owner : Système |Parent : 700(services.exe)] - (.- SecUPDUtil Service.) - (1.0.0.2) = C:\Windows\SysWOW64\SecUPDUtilSvc.exe 4696 | [Owner : Système |Parent : 700(services.exe)] - (.Firebird Project - Firebird SQL Server.) - (2.5.6.27020) = C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe 5308 | [Owner : Système |Parent : 3116()] - (.Apache Software Foundation - Apache HTTP Server.) - (2.4.9.0) = C:\dolibarr\bin\apache\apache2.4.9\bin\httpd.exe 7648 | [Owner : maryl |Parent : 700(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 7736 | [Owner : maryl |Parent : 700(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 8592 | [Owner : maryl |Parent : 3500()] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 9048 | [Owner : maryl |Parent : 8708()] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 8984 | [Owner : maryl |Parent : 4300(MBAMService.exe)] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1284) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe 4184 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.Conexant - mic tray icon.) - (1.6.0.2) = C:\Program Files\CONEXANT\MicTray\MicTray64.exe 11196 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.Vivaldi Technologies AS - Vivaldi update notifier.) - (1.14.1077.55) = C:\Users\maryl\AppData\Local\Vivaldi\Application\update_notifier.exe 2512 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.Guillaume Ryder (http://utilfr42.free.fr) - Clavier+.) - (10.8.1.0) = C:\Users\maryl\Downloads\Clavier32\Clavier.exe 11512 | [Owner : maryl |Parent : 700(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 13072 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.AVAST Software - Avast Cleanup UI.) - (17.3.4228.0) = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe 13120 | [Owner : maryl |Parent : 13000()] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) - (1.4.7.0) = C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe 13248 | [Owner : maryl |Parent : 13000()] - (.HP - HP Radio Manager.) - (1.1.19.1) = C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe 13288 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.Microsoft Corporation - Send to OneNote Tool.) - (16.0.9126.2152) = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE 4144 | [Owner : maryl |Parent : 13000()] - (.Luis Cobian, CobianSoft - Cobian Backup 11 Gravity.) - (11.2.0.253) = C:\Program Files (x86)\Cobian Backup 11\Cobian.exe 12588 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 - Evernote Clipper.) - (6.6.4.5512) = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe 12616 | [Owner : maryl |Parent : 4144()] - (.Luis Cobian, CobianSoft - Cobian backup 11 Gravity - Interface.) - (11.2.0.582) = C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe 12764 | [Owner : maryl |Parent : 13000()] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 7888 | [Owner : maryl |Parent : 8824(explorer.exe)] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.55) = C:\Users\maryl\AppData\Local\Vivaldi\Application\vivaldi.exe 12700 | [Owner : maryl |Parent : 7888(vivaldi.exe)] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.55) = C:\Users\maryl\AppData\Local\Vivaldi\Application\vivaldi.exe 8812 | [Owner : maryl |Parent : 7888(vivaldi.exe)] - (.Vivaldi Technologies AS - Vivaldi.) - (1.14.1077.55) = C:\Users\maryl\AppData\Local\Vivaldi\Application\vivaldi.exe 13148 | [Owner : maryl |Parent : 8124()] - (.Conexant Systems, Inc. - Bang & Olufsen.) - (3.0.60.0) = C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe 3676 | [Owner : Système |Parent : 700(services.exe)] - (.HP Inc. - HP Touchpoint Analytics Client Service.) - (4.0.2.1439) = C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe 12392 | [Owner : LogonSessionId_0_2063613 |Parent : 700(services.exe)] - (.Nero AG - NeroUpdate.) - (19.0.0.1) = C:\Program Files (x86)\Nero\Update\NASvc.exe 15108 | [Owner : maryl |Parent : 10932()] - (.Amazon.com Inc. - Amazon Drive.) - (5.3.2.189) = C:\Users\maryl\AppData\Local\Amazon Drive\AmazonDrive.exe 15764 | [Owner : Système |Parent : 700(services.exe)] - (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - (1.4.7.0) = C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe 15716 | [Owner : Système |Parent : 1160(svchost.exe)] - (.Google Inc. - Programme d'installation de Google.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ---------- | Tasks Suppression : SkipUAC Défragmentation des lecteurs Suppression : SkipUAC Nettoyage du Registre Suppression : SkipUAC Optimisation des services Windows Suppression : SkipUAC Optimisation du démarrage système Suppression : SkipUAC Suppression des traces laissées sur Internet Suppression : SkipUAC Économie d'énergie ---------- | Services Service : BROWSER : Restaure ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL : # Suppression : HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Summitsoft Suppression : HKU\S-1-5-18\SOFTWARE\AppDataLow\Software\PasswordBox Suppression : HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Chromium Suppression : HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\AppDataLow\Software\PasswordBox Suppression : HKLM\SOFTWARE\Wow6432Node\GlarySoft Suppression : HKU\S-1-5-18\SOFTWARE\Nico Mak Computing Suppression : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\iwmssvc.dll] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\WINDOWS\system32\UNP\] [X] Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Youtube Downloader HD_is1 : (Youtube Downloader HD v. 2.9.9.30) "C:\Program Files (x86)\Youtube Downloader HD\unins000.exe" -> C:\Program Files (x86)\Youtube Downloader HD\ ---------- | Dossiers | Fichiers Suppression : C:\Program Files (x86)\Summitsoft Suppression : C:\Program Files (x86)\Youtube Downloader HD Suppression : C:\Users\maryl\Desktop\Wunderlist.lnk (.-.) (Offsets) Suppression : C:\Users\maryl\Desktop\Youtube Downloader HD.lnk (.-.) Suppression : C:\Users\maryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk (.-.) (Offsets) Suppression : C:\Users\maryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist\Wunderlist.lnk (.-.) Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD\Youtube Downloader HD.lnk (.-.) Suppression : C:\Users\maryl\AppData\Local\CrashRpt Suppression : C:\Users\maryl\AppData\Local\Geckofx Suppression : C:\Users\maryl\AppData\Local\Wunderlist Suppression : C:\Users\maryl\AppData\Roaming\Summitsoft Suppression : C:\Users\maryl\AppData\Roaming\WinCompose Suppression : C:\Users\maryl\AppData\Roaming\Youtube Downloader HD Suppression : C:\Users\maryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist Suppression : C:\ProgramData\GlarySoft Suppression : C:\ProgramData\UniqueId Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD Suppression : C:\Users\maryl\AppData\Local\kdenliverc (.-.) Suppression : C:\Users\maryl\AppData\Local\user-places.xbel (.-.) Suppression : C:\Users\maryl\AppData\Local\user-places.xbel.tbcache (.-.) Suppression : C:\Users\maryl\AppData\Local\rjcapture.rjc (.-.) Suppression : C:\Users\maryl\AppData\Local\RJCapture (Copie).sdf (.-.) Suppression : C:\Users\maryl\AppData\Roaming\SAS7_000.DAT (.-.) Suppression : C:\Users\maryl\AppData\Roaming\pecodec.dll (.-.) Suppression : C:\Users\maryl\AppData\Roaming\licecap.ini (.-.) Suppression : C:\ProgramData\DigitalWave.ApplicationUpdater_files ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Reparation : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x4600000041030000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Suppression : [HKU\S-1-5-21-2762758690-3479469590-1194244944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000000F000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome ---------- | Comodo Dragon : X ---------- | Firefox [maryl | ut3u8rb6.default] Suppression : user_pref("services.sync.clients.syncID", "WDkOviOTSvwC"); Suppression : C:\Users\maryl\AppData\Roaming\Mozilla\Firefox\Profiles\ut3u8rb6.default\extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi (.-.)= jid1-r1tDuNiNb4SEww@jetpack.xpi ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark : X ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall Autre rapport Analyses : 377193 | Modifications : 10 | Suppressions : 65 ---------- |EOF| ---------- | 12:21:41 | [18 Ko]