---------- | AdsFix | g3n-h@ckm@n | V6_06.03.19.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 18:19:26 - 12/04/2019 Mis a jour le : 06/03/2019 | 08:40 (GMT) par g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Rémi\Desktop\AdsFix.exe Boot: Normal boot [Rémi (Administrator)] - [PCGAMER] - (FRANCE [040C]) SID = S-1-5-21-1938095753-3088353426-674136165-1001 || [52c3a96d69205e5e] PC : ASUSTeK COMPUTER INC. - H81M-K - All Processor : X64 - 3193 - Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz Bios : American Megatrends Inc. - 02/22/2016 - V.1104 CoreTemp : 29.8 C CPU #1 value:12 % CPU #2 value:12 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:6 % Systeme : Windows 10 Enterprise (64 bits) Enterprise Memoire RAM = Total (MB) : 8322 | Libre (MB) : 4682 Pagefile = Total (MB) : 15138 | Libre (MB) : 8805 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3889 C:\ -> [Fixed] | [] | Total : 111.24 Go | Free : 57.42 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [Disque de sauvegarde] | Total : 1863.01 Go | Free : 910.7 Go -> NTFS [SATA] E:\ -> [Fixed] | [] | Total : 111.79 Go | Free : 62.04 Go -> NTFS (SSD) [SATA] H:\ -> [Fixed] | [Disque BOX SFR] | Total : 465.76 Go | Free : 267 Go -> NTFS [SATA] Sauvegarde du registre , pour restaurer : Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [12.04.2019 @ 18_19_25]) ou un element Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows - Activation - Licence W.A.T : :) Test 1 : Windows Activated Test 2 : Windows Activated Licence Volume ---------- | Navigateurs IE : 11.0.17763.1 (© Microsoft Corporation. Tous droits réservés.) FF : 66.0.2.7024 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 73.0.3683.103 (Copyright 2018 Google Inc. All rights reserved.) MS-Edge : 11.0.17763.437 (© Microsoft Corporation. All rights reserved.) ---------- | Security FW : WMI : OK WU: Windows Update Service [Manual(3)] = non en cours AS: Windows Defender [Auto(2)] = en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ActiveX : 32.0.0.171 Plugin : 32.0.0.171 ---------- | Processes closed 3104 | [Owner : Système | Parent : 728 (services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 3144 | [Owner : Système | Parent : 728 (services.exe)] - (.- HuaweiHiSuiteService.) - (2.0.0.42) = C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 3152 | [Owner : Système | Parent : 728 (services.exe)] - (.ICEpower - ICEpower ICEsound APO service.) - (1.0.0.39) = C:\Windows\System32\ICEsoundService64.exe 3184 | [Owner : Système | Parent : 728 (services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11328.20156) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 3300 | [Owner : Système | Parent : 728 (services.exe)] - (.NetSetMan GmbH - NetSetMan Service.) - (2.6.3.0) = C:\Program Files (x86)\NetSetMan\nsmservice.exe 3488 | [Owner : Système | Parent : 728 (services.exe)] - (.-.) - (1.1005.415.2014) = C:\Windows\runSW.exe 3496 | [Owner : Système | Parent : 728 (services.exe)] - (.RemoteMyApp sp. z o.o. - RemotrService.) - (1.3.1438.0) = C:\Program Files (x86)\Remotr\RemotrService.exe 3512 | [Owner : Système | Parent : 728 (services.exe)] - (.Realtek - RtlService MFC Application.) - (700.1008.1223.2013) = C:\Program Files (x86)\TRENDnet\TEW-809UB AC1900 Wireless USB Adapter\RtlService.exe 3620 | [Owner : Système | Parent : 728 (services.exe)] - (.Reason Software Company Inc. - Unchecky Service.) - (1.2.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe 3736 | [Owner : SERVICE LOCAL | Parent : 728 (services.exe)] - (.Electronic Arts - OriginWebHelperService.) - (10.5.36.23506) = D:\Origin\OriginWebHelperService.exe 6176 | [Owner : Rémi | Parent : 728 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17763.1) = C:\Windows\System32\svchost.exe 6228 | [Owner : Rémi | Parent : 728 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17763.1) = C:\Windows\System32\svchost.exe 7068 | [Owner : Rémi | Parent : 728 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17763.1) = C:\Windows\System32\svchost.exe 8848 | [Owner : Rémi | Parent : 728 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17763.1) = C:\Windows\System32\svchost.exe 3416 | [Owner : Rémi | Parent : 8956 (RuntimeBroker.exe)] - (.Mozilla Corporation - Firefox.) - (66.0.2.7024) = C:\Users\Rémi\AppData\Local\Mozilla Firefox\firefox.exe 9272 | [Owner : Rémi | Parent : 3416 (firefox.exe)] - (.Mozilla Corporation - Firefox.) - (66.0.2.7024) = C:\Users\Rémi\AppData\Local\Mozilla Firefox\firefox.exe 9680 | [Owner : Rémi | Parent : 3416 ()] - (.Mozilla Corporation - Firefox.) - (66.0.2.7024) = C:\Users\Rémi\AppData\Local\Mozilla Firefox\firefox.exe 9332 | [Owner : Rémi | Parent : 12192 ()] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.201.9) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3700 | [Owner : Système | Parent : 3496 ()] - (.RemoteMyApp sp. z o.o. - RemotrServer.) - (1.3.1438.0) = C:\Program Files (x86)\Remotr\RemotrServer.exe 7252 | [Owner : Rémi | Parent : 8728 ()] - (.Dashlane, Inc. - Dashlane.) - (6.1914.0.19480) = C:\Users\Rémi\AppData\Roaming\Dashlane\Dashlane.exe 6032 | [Owner : Rémi | Parent : 7252 (Dashlane.exe)] - (.Dashlane, Inc. - Dashlane Plugin Agent.) - (6.1914.0.19480) = C:\Users\Rémi\AppData\Roaming\Dashlane\DashlanePlugin.exe ---------- | Tasks Suppression : BlueStacksHelper ---------- | Services Restaure : BROWSER ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot Reparation : [HKLM | Minimal\WudfSvc] : -> Service Reparation : [HKLM | Minimal\vga.sys] : -> Driver Reparation : [HKLM | Minimal\vgasave.sys] : -> Driver ¤ Reparation : [HKLM | Network\WudfSvc] : -> Service Reparation : [HKLM | Network\vga.sys] : -> Driver Reparation : [HKLM | Network\vgasave.sys] : -> Driver ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKLM\SOFTWARE\Classes\.ccf : JDownloader2 2 Suppression : HKLM\SOFTWARE\Classes\.CETRAINER : CheatEngine Suppression : HKLM\SOFTWARE\Classes\.CT : CheatEngine Suppression : HKLM\SOFTWARE\Classes\.dlc : JDownloader2 Suppression : HKLM\SOFTWARE\Classes\.jdc : JDownloader2 1 Suppression : HKLM\SOFTWARE\Classes\.meta4 : JDownloader2 5 Suppression : HKLM\SOFTWARE\Classes\.nzb : JDownloader2 6 Suppression : HKLM\SOFTWARE\Classes\.rsdf : JDownloader2 3 Suppression : HKLM\SOFTWARE\Classes\JDownloader2 : JDownloader Link Container "C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe" "%1" Suppression : HKLM\SOFTWARE\Classes\JDownloader2 2 : Cryptload Link Container "C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe" "%1" Suppression : HKLM\SOFTWARE\Classes\JDownloader2 4 : Metalinks "C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe" "%1" Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\.metalink : JDownloader2 4 Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\JDownloader2 1 : JDownloader Linkbackup Format "C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe" "%1" Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\JDownloader2 5 : Meta4 Metalinks "C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe" "%1" Suppression : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer Suppression : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe] Suppression : HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Chromium Suppression : HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\AppWork Suppression : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20FRA.DLL] [X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\FM20.DLL] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_thread-vc120-mt-1_56.dll] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\jansson.dll] [X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\tier0-pinv.dll] [X] ---------- | Dossiers | Fichiers Reboot : C:\Users\Rémi\AppData\Local\JDownloader 2.0 Suppression : C:\Users\Rémi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader Suppression : C:\Users\Rémi\AppData\Local\{C1B608E1-E6DC-4F31-A3A5-28BC038226EF} (.-.) Suppression : C:\Users\Rémi\Desktop\JDownloader 2.lnk (.-.) Suppression : C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.exe (Copyright AppWork GmbH.-.JDownloader) JDownloader2.exe Suppression : C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.vmoptions (.-.) Suppression : C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2.vmoptions.backup_1 (.-.) Suppression : C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2Update.exe (Copyright AppWork GmbH.-.JDownloader Update) JDownloader2Update.exe Suppression : C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2Update.vmoptions (.-.) Suppression : C:\Users\Rémi\AppData\Local\JDownloader 2.0\JDownloader2Update.vmoptions.backup_1 (.-.) Suppression : C:\Users\Rémi\AppData\Local\imw.ini (.-.) Suppression : C:\Users\Rémi\AppData\Local\dump007.dat (.-.) Suppression : C:\WINDOWS\runSW.exe (Copyright (C) 2012-2014.-.runSW Application) runSW.EXE ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 Reparation : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Reparation : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> Reparation : [HKU\S-1-5-21-1938095753-3088353426-674136165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> Reparation : [HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome Suppression : C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Remis a zero avec succes : SearchURL Suppression : C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Remis a zero avec succes : Preferences Suppression : C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Remis a zero avec succes : Preferences C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Rémi\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Comodo Dragon : X ---------- | Firefox ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark : X ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall Autre rapport Analyses : 193300 | Modifications : 16 | Suppressions : 47 ---------- |EOF| ---------- | 19:34:04 | [16 Ko]