---------- | AdsFix | g3n-h@ckm@n | V5_24.04.18.2

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 16:16:05 - 24/04/2018

Mis a jour le : 24/04/2018 | 11.50 (GMT) par g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Laurenceau\Desktop\AdsFix.exe
Boot: Normal boot
[Laurenceau (Administrator)] - [LAURENCEAU-HP] -  (France [040C])
SID = S-1-5-21-2603305841-1989612468-1150847816-1001 || [4c617572656e63656175205e5e]
PC : Hewlett-Packard - 184B - B6J89EA#ABF
Processor : X64 - 2695 - AMD A6-4400M APU with Radeon(tm) HD Graphics   
Bios : Insyde - 05/10/2012 - V.F.05
CoreTemp : 55 C

CPU #1 value:7 %
CPU #2 value:13 %
Total Overall CPU Usage value:10 %

Systeme : Windows 10 Home (64 bits) Core 
Memoire RAM = Total (MB) : 3647 | Libre (MB) : 1776
Pagefile = Total (MB) : 10725 | Libre (MB) : 8708
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3849

C:\ -> [Fixed] | [] | Total : 910.9 Go | Free : 806.45 Go -> NTFS [SATA]
D:\ -> [Fixed] | [Recovery] | Total : 20.32 Go | Free : 2.1 Go -> NTFS [SATA]

Sauvegarde du registre , pour restaurer :  Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [24.04.2018 @ 16_15_51]) ou un element
Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer"

---------- | Mises a jour Windows

Windows Is Activated

Mak - Volume License

---------- | Navigateurs

IE : 11.0.16299.15     (© Microsoft Corporation. Tous droits réservés.)
MS-Edge : 11.0.16299.192     (© Microsoft Corporation. All rights reserved.)

---------- | Security (atcav : 0)

AV : Malwarebytes Disabled
FW : 
WMI : OK
WU: Windows Update Service [Manual(3)] = non en cours
AS: Windows Defender [Manual(3)] = non en cours
FW: Windows FireWall Service [Auto(2)] = en cours
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours

---------- | FlashPlayer

ActiveX : 29.0.0.140
Plugin : 29.0.0.140

---------- | Processes closed

1336 | [Owner :  |Parent : 696(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
1376 | [Owner :  |Parent : 1336()] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
1764 | [Owner :  |Parent : 696(services.exe)] - (.Hewlett-Packard Company - HpService.) - (4.2.9.1) = C:\Windows\System32\hpservice.exe
2012 | [Owner :  |Parent : 696(services.exe)] - (.AVAST Software - Avast Service.) - (18.3.3860.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2100 | [Owner : Système |Parent : 696(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2108 | [Owner : Système |Parent : 696(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe
2164 | [Owner : Système |Parent : 696(services.exe)] - (.Autodesk Inc. - Autodesk Desktop App.) - (7.0.6.378) = C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
2172 | [Owner : Système |Parent : 696(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (423.50.204.2) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2352 | [Owner : Système |Parent : 696(services.exe)] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.0.12.98) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
3908 | [Owner : Laurenceau |Parent : 2352()] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.12.98) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3916 | [Owner : Laurenceau |Parent : 696(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe
4304 | [Owner : Laurenceau |Parent : 4008()] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.12.98) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6660 | [Owner : Laurenceau |Parent : 4760(explorer.exe)] - (.Apple Inc. - iCloud Services.) - (66.0.0.53) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
4460 | [Owner : Laurenceau |Parent : 2452()] - (.Piriform Ltd - CCleaner.) - (5.40.115.6411) = C:\Program Files\CCleaner\CCleaner64.exe
7144 | [Owner : Laurenceau |Parent : 792(svchost.exe)] - (.Apple Inc. - Apple Push.) - (2.7.30.72) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Registre

Suppression : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL :  # 
Suppression : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe]
Suppression : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe]
Suppression : HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Chromium
Suppression : HKLM\SOFTWARE\Wow6432Node\adaware
Suppression : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\sftldr.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\UNPUXWorker.exe] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\AcSignIcon.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\AcSignExt.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\AcSignExtRes.dll] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\system32\styleman.cpl] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\WINDOWS\PCHEALTH\] [X]
Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\WINDOWS\system32\UNP\] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\Fonts\LinBiolinum_RB_G.ttf] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\Fonts\SourceCodePro-Bold.ttf] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\Fonts\PT_Serif-Web-Bold.ttf] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\Fonts\Caladea-Bold.ttf] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\WINDOWS\Fonts\LiberationMono-Bold.ttf] [X]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.15.1046.10613\detection.xml] [X]
Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater
Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{69C95694-EEBB-4770-92B3-09FB531AFFDE}_AdAwareUpdater
Suppression : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD9CEBD6-442D-4979-9D1D-E1050F2E272D}_AdAwareUpdater
Suppression : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\acwebbrowser.exe
Suppression : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\AutodeskDesktopApp.exe

---------- | Dossiers | Fichiers

Suppression : C:\Program Files\Common Files\adaware
Suppression : C:\Users\Public\Documents\Avanquest Software
Suppression : C:\Users\Laurenceau\AppData\Local\0d60e6350
Suppression : C:\Users\Laurenceau\AppData\Local\938d77c
Suppression : C:\Users\Laurenceau\AppData\Local\AdAwareDesktop
Suppression : C:\Users\Laurenceau\AppData\LocalLow\Unity\WebPlayer
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(1).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(10).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(11).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(12).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(13).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(14).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(2).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(3).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(4).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(5).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(6).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(7).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(8).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer(9).exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Adaware_Installer.exe     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\webplayer-universal.dmg     (.-.)     
Suppression : C:\Users\Laurenceau\Downloads\Webplayer.exe     (.-.)     
Suppression : C:\ProgramData\Reprise\wupeogjxlctlfudivq`qsp`28hfm     (.-.)     
Suppression : C:\Users\Laurenceau\AppData\Local\{85975558-C3CF-4398-B6CB-B352500FEF7E}     (.-.)     
Suppression : C:\ProgramData\Lavasoft

---------- | .LNK


---------- | Ouverture extension inconnue


---------- | Proxy

Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[ProxyOverride] : *.local;<local> -> *.local

---------- | Internet Explorer

Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm
Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm
Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm
Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm
Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Reparation : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000007617000009000000000000000F0000002A2E6C6F63616C3B3C6C6F63616C3E000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Suppression : [HKU\S-1-5-21-2603305841-1989612468-1150847816-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000000800000009000000000000000F0000002A2E6C6F63616C3B3C6C6F63616C3E000000000000000000000000000000000000000000000000000000000000000000000000

---------- | Yandex : X

---------- | CLIQZ : X

---------- | Google Chrome



---------- | Comodo Dragon : X

---------- | Firefox

[Laurenceau | 363wfb2s.default] Remplacement : user_pref("browser.startup.homepage", "about:home"about:home); -> user_pref("browser.startup.homepage", "https://www.google.com");
[Laurenceau | 3odjzl6y.default-1517230549617] Suppression : user_pref("browser.newtabpage.blocked", "{\"pH+xdSGMIkmxogXaM4fK3g==\":1,\"MMdvClLy5LV1o3ghbw/rdg==\":1,\"NDYhi5sl/WirUnJxau+OYg==\":1,\"TsXiMuoRzhaskBh7P3RkSA==\":1,\"U2Vs9lLCvOUl0n73GaN3vw==\":1}");
[Laurenceau | 3odjzl6y.default-1517230549617] Remplacement : user_pref("browser.startup.homepage", "https://www.20minutes.fr/"); -> user_pref("browser.startup.homepage", "https://www.google.com");


---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark : X

---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


Autre rapport


Analyses : 446843 | Modifications : 30 | Suppressions : 78

---------- |EOF| ---------- | 19:08:58 | [18 Ko]