---------- | AdsFix | g3n-h@ckm@n | V8.175.21.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Démarrage 17:01:10 - 26/06/2021 Mis a jour le : 24/06/2021 | 21:00 (GMT) par g3n-h@ckm@n Contact : https://www.sosvirus.net Facebook : https://www.facebook.com/AdsFixAntiAdware (French) C:\Users\azarete\Desktop\Adsfix.exe Boot: Normal boot [azarete] - [AZARETE-PC] - (france [040C]) SID = S-1-5-21-3441243421-3598524406-3558366238-1000 System: Microsoft Windows 7 Édition Familiale Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris PC : All Series - ASUS - IdNumber: System Serial Number - UUID: 49D5EF00-D7DA-11DD-9EE4-AC9E17F0512A Motherboard : ASUSTeK COMPUTER INC. - Product: B85-PRO GAMER - SerialNumber: 141134738205382 - Status: OK - Version: Rev 1.xx CoreTemp : 29.8 C ---------- | Physical Memory (MB) Total: 8130 Available: 6454 Cached: 5318 Free:377 ---------- | HDD C:\ -> [Fixed] | [] | Total : 111.69 Go | Free : 25.54 Go -> NTFS (SSD) [SATA] E:\ -> [Fixed] | [1TO] | Total : 931.51 Go | Free : 172.77 Go -> NTFS F:\ -> [Fixed] | [Réservé au système] | Total : 0.1 Go | Free : 0.07 Go -> NTFS (SSD) [SATA] ---------- | Backup Point de restauration créé : RP_AdsFix --------------------- En cas de problème après le scan : Options > Restauration Systeme > Raccourci bureau Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows - Activation - Licence Derniere(s) detection(s) : 2021-06-26 14:09:10 Dernieres Telechargees : 2021-06-26 14:22:14 Dernieres installees : 2021-06-26 14:22:25 Prochaine recherche : 2021-06-27 08:44:29 W.A.T : :) Test 1 : Windows Activated Licence Volume ---------- | Navigateurs IE : 11.0.9600.19597 (© Microsoft Corporation. Tous droits réservés.) ---------- | Security AV : AS : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = en cours AS: Windows Defender [Manual(3)] = non en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ---------- | Processes closed 1664 | [Owner : Système | Parent : 608 (services.exe)] - (.Adobe Inc. - Adobe Acrobat Update Service.) - (1.824.42.176) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1288 | [Owner : SERVICE LOCAL | Parent : 608 (services.exe)] - (.Electronic Arts - OriginWebHelperService.) - (10.5.100.48178) = E:\Origin\OriginWebHelperService.exe 1820 | [Owner : Système | Parent : 608 (services.exe)] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - (2.5.11.0) = C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe 2068 | [Owner : Système | Parent : 608 (services.exe)] - (.Wondershare - Wondershare Passport.) - (3.0.0.306) = C:\Program Files (x86)\Wondershare\WAF3\3.0.0.306\WsAppService3.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : /!\ hijacked Reboot : C:\Windows\Winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll - > C:\Windows\System32\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Chromium Suppression : HKLM\SOFTWARE\VDownloader Suppression : HKU\S-1-5-18\SOFTWARE\Nico Mak Computing Suppression : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\20034399_0 : {0.0.0.00000000}.{ee71a3fa-c9ce-4a13-a945-ea1dc8a28f30}|\Device\HarddiskVolume2\Users\azarete\AppData\Local\Temp\is-NNQ53.tmp\setup.tmp%b{00000000-0000-0000-0000-000000000000} Suppression : HKLM\Software\Classes\Installer\Products\15B6503ED3FF0CB41A4DDEC888EE4871 : (Logiciel de base du périphérique HP ENVY 5000 series) C:\Users\azarete\AppData\Local\Temp\7zS0F32\ Suppression : HKLM\Software\Classes\Installer\Products\2129373C12C3831469703CF1E98A5A41 : (HP EmailSMTP Plugin) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ Suppression : HKLM\Software\Classes\Installer\Products\4D296F39D4C0DEE4B9EF56C7D19595EF : (Intel(R) Rapid Storage Technology) C:\Users\azarete\AppData\Local\Temp\IIFA381.tmp\ Suppression : HKLM\Software\Classes\Installer\Products\71460E5BCA4A52243BE6E7439C61617E : (Intel® Trusted Connect Service Client) C:\Windows\Temp\IIF2\IUS\ Suppression : HKLM\Software\Classes\Installer\Products\7D5239A6474D2B04982CF4767F27C24A : (Logiciel de base du périphérique HP DeskJet 3630 series) C:\Users\azarete\AppData\Local\Temp\7zS2C38\ Suppression : HKLM\Software\Classes\Installer\Products\A1DACCE67DB2C984D834866BA9A28A97 : (HP OneDrive Plugin) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ Suppression : HKLM\Software\Classes\Installer\Products\CC1D39CFB20195B429AD030EED32F26F : (HP FTP Plugin) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ Suppression : HKLM\Software\Classes\Installer\Products\DD9A227CB17452F4E9E7D71D211DCB53 : (HP Dropbox Plugin) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ Suppression : HKLM\Software\Classes\Installer\Products\F9D50560DA3A0CD418918863AB1D39E8 : (HP Google Drive Plugin) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\Installer\Products\7C2BB5FC79547E44794775DA345530D1 : (HP ENVY 5000 series Aide) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\Installer\Products\EDCD85702A05D6D40B52BF2BFB437234 : (HP SharePoint Plugin) C:\Users\azarete\AppData\Local\Temp\7zS0F32\Required\ ---------- | Dossiers | Fichiers Suppression après redémarrage : C:\Program Files\VDownloader Suppression : C:\Program Files (x86)\Temp Suppression : C:\Program Files (x86)\Microsoft\Temp Suppression : C:\Program Files\VDownloader\VDownloader4.exe (Copyright © 2017.-.VDownloader) VDownloader4.exe Suppression : C:\Program Files\VDownloader\VDownloader4.ico (.-.) Suppression : C:\Program Files\VDownloader\VDownloaderUI.Controls.dll (Copyright © 2012.-.VDownloaderUI.Controls) VDownloaderUI.Controls.dll Suppression : C:\Program Files\VDownloader\VDownloaderUI.dll (Copyright ©Vitzo 2009.-.VDownloaderUI) VDownloaderUI.dll Suppression : C:\Program Files\VDownloader\VDownloaderUtility.exe (Copyright © Vitzo 2012.-.Registrator) VDownloaderUtility.exe Suppression après redémarrage : C:\Users\azarete\AppData\Local\VDownloader Suppression après redémarrage : C:\Users\azarete\AppData\Roaming\VDownloader Suppression après redémarrage : C:\ProgramData\UniqueId Suppression : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader Suppression : C:\Users\azarete\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico (.-.) Suppression : C:\Users\azarete\AppData\Local\uts.ini (.-.) Suppression : C:\Users\azarete\AppData\Roaming\PLGComp.ini (.-.) Suppression : C:\Windows\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL (.-.) Suppression après redémarrage : relancer le programme > options > suppression après redémarrage ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Modification : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 Modification : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Modification : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome ---------- | Comodo Dragon : X ---------- | IceDragon : X ---------- | Firefox [azarete | 5xt83vl1.default] Suppression : user_pref("app.update.elevate.attempts", 0); [azarete | 5xt83vl1.default] Suppression : user_pref("security.sandbox.content.tempDirSuffix", "{a7f72800-6ea9-4bb8-9b72-da919f3d27fe}"); ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark : X ---------- | StartMenuInternet Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Clients\StartMenuInternet\OperaStable\Shell\open\command]~[] : "C:\Users\azarete\AppData\Local\Programs\Opera\Launcher.exe" -> "C:\Program Files (x86)\Opera\Launcher.exe" Modification : [HKU\S-1-5-21-3441243421-3598524406-3558366238-1000\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]~[] : "C:\Users\azarete\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser -> "C:\Program Files (x86)\Opera\Launcher.exe" --makedefaultbrowser ---------- | Javascript ---------- | Firewall ---------- | ADS Deleted : C:\ProgramData\Temp:C895616B Autre rapport Analyses : 121818 | Modifications : 12 | Suppressions : 40 ---------- |EOF| ---------- | 17:27:43 | [11 Ko]