---------- | AdsFix | g3n-h@ckm@n | V8.137.21.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start-up 17:01:33 - 24/05/2021 update on : 17/05/2021 | 12.20 (GMT) by g3n-h@ckm@n Contact : https://www.sosvirus.net Facebook : https://www.facebook.com/AdsFixAntiAdware (French) C:\Users\pc\Desktop\AdsFix.exe Boot: Normal boot [pc] - [DESKTOP-IUI5T6N] - (France [0409]) SID = S-1-5-21-120822950-1225855894-879144086-1001 System: Microsoft Windows 10 Home - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> (1803) /!\ => 2009 Time Zone : (UTC+01:00) Brussels, Copenhagen, Madrid, Paris PC : W2pro - PIPO - IdNumber: Default string - UUID: 03000200-0400-0500-0006-000700080009 Motherboard : PIPO - Product: W2pro - SerialNumber: Default string - Status: OK - Version: Default string CoreTemp : 46.6 C ---------- | Physical Memory (MB) Total: 1972 Available: 429 Cached: 304 Free:388 ---------- | HDD C:\ -> [Fixed] | [Windows] | Total : 28.37 Go | Free : 1.01 Go -> NTFS (SSD) [SD] E:\ -> [Removable] | [GOOD RAM] | Total : 58.23 Go | Free : 27.45 Go -> exFAT (SSD) [SD] ---------- | Backup Restorepoint created : RP_AdsFix --------------------- If there is a problem after the scan : Options > System Restore > Desktop Shortcut Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore" ---------- | Windows Updates - Activation - License W.A.T : :) Test 1 : Windows Activated Volume License ---------- | Browsers IE : 11.0.17134.1 (© Microsoft Corporation. All rights reserved.) MS-Edge : 11.0.17134.137 (© Microsoft Corporation. All rights reserved.) ---------- | Security AV : Windows Defender Disabled AS : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Started AS: Windows Defender [Manual(3)] = Order FW: Windows FireWall Service [Auto(2)] = Started WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started ---------- | FlashPlayer ActiveX : 30.0.0.113 ---------- | Killed processes 2732 | [Owner : pc | Parent : 824 (services.exe)] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe 3552 | [Owner : pc | Parent : 3320 ()] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe 3900 | [Owner : SYSTEM | Parent : 824 (services.exe)] - (.Avira Operations GmbH & Co. KG - Avira Protected Antimalware Service.) - (15.0.2103.2080) = C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe 3908 | [Owner : SYSTEM | Parent : 824 (services.exe)] - (.Avira Operations GmbH & Co. KG - VpnService.) - (2.37.4.17510) = C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe 3916 | [Owner : SYSTEM | Parent : 824 (services.exe)] - (.Avira Operations GmbH & Co. KG - Avira Service Host.) - (1.2.155.4877) = C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 3924 | [Owner : SYSTEM | Parent : 824 (services.exe)] - (.Avira Operations GmbH & Co. KG - Avira Optimizer Host.) - (1.2.0.388) = C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe 3932 | [Owner : SYSTEM | Parent : 824 (services.exe)] - (.Avira Operations GmbH & Co. KG - Avira Security.) - (1.1.49.18598) = C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe 3940 | [Owner : SYSTEM | Parent : 824 (services.exe)] - (.Avira Operations GmbH & Co. KG - Avira Updater Service Host.) - (2.0.6.48309) = C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe 8092 | [Owner : pc | Parent : 7824 ()] - (.Winamp SA - Winamp Agent.) - (5.8.0.3660) = C:\Program Files (x86)\Winamp\winampa.exe 8456 | [Owner : pc | Parent : 1236 (svchost.exe)] - (.IObit - iFun Screen Recorder.) - (1.2.0.261) = C:\Program Files (x86)\iFun\iFun Screen Recorder\iScrRec.exe 9584 | [Owner : pc | Parent : 3916 ()] - (.Avira Operations GmbH & Co. KG - Avira.) - (1.2.155.4877) = C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe 10764 | [Owner : pc | Parent : 6572 (browser_broker.exe)] - (.RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - (11.3.0.2585) = C:\Users\pc\Downloads\rfasetup.exe 12804 | [Owner : pc | Parent : 10764 ()] - (.- Setup/Uninstall.) - (51.1052.0.0) = C:\Users\pc\AppData\Local\Temp\is-1JUIT.tmp\rfasetup.tmp 4412 | [Owner : pc | Parent : 12804 (rfasetup.tmp)] - (.RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - (11.3.0.2585) = C:\Users\pc\Downloads\rfasetup.exe 11824 | [Owner : pc | Parent : 4412 ()] - (.- Setup/Uninstall.) - (51.1052.0.0) = C:\Users\pc\AppData\Local\Temp\is-QRK7T.tmp\rfasetup.tmp 6812 | [Owner : pc | Parent : 11824 (rfasetup.tmp)] - (.-.) - (0.0.0.0) = C:\Users\pc\AppData\Local\Temp\is-9O59C.tmp\_isetup\_setup64.tmp 2016 | [Owner : pc | Parent : 11824 ()] - (.RoseCitySoftware - Registry First Aid Agent.) - (11.3.0.2585) = C:\Program Files\RFA 11\rfagent64.exe 12992 | [Owner : pc | Parent : 3696 (explorer.exe)] - (.Avira Operations GmbH & Co. KG - Avira Security.) - (1.1.49.18598) = C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe ---------- | Tasks Deleted successfully : iFun Screen Recorder SkipUAC (pc) Deleted successfully : iFun Screen Recorder Startup Deleted successfully : iFun Screen Recorder UAC Deleted successfully : iFun Screen Recorder Update Deleted successfully : PC Cleaner automatic scan and notifications Deleted successfully : WinThruster automatic scan and notifications ---------- | Services Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\ASO3DiskOptimizer : C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe # [ASO3DiskOptimizer] # C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot Repaired : [HKLM | Minimal\WudfSvc] : -> Service Repaired : [HKLM | Minimal\vga.sys] : -> Driver Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver ¤ Repaired : [HKLM | Network\WudfSvc] : -> Service Repaired : [HKLM | Network\vga.sys] : -> Driver Repaired : [HKLM | Network\vgasave.sys] : -> Driver ---------- | Winsock ---------- | DNS ---------- | Registry Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adaware.com Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pubmatic.com Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adaware.com Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adaware.com Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pubmatic.com Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adaware.com Deleted successfully : HKLM\SOFTWARE\Classes\ASO3_JUMP_LIST :C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe /HandleDocument:%1 Deleted successfully : HKLM\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\SystemSpeedupFilesMenu Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40} : C:\Program Files (x86)\Advanced System Optimizer 3\SecureShell.dll # Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Windows\Temp\RarSFX0\presetup.exe]---[X] Deleted successfully : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\pc\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe]---[X] Deleted successfully : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\pc\Downloads\aso3setup_systweak-default.exe] Deleted successfully : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\pc\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe]---[X] Deleted successfully : HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\KsL Software Deleted successfully : HKLM\Software\Classes\Installer\Products\D909FFF5F88D9B24A95823A8210916C1 : (Avira Software Updater) C:\ProgramData\Avira\Launcher\Temp\deployment0d88aef0-8c2f-400f-8cb6-23f858e23b22\8999ccfd-8a44-488c-810d-4c8b7917fdac\ Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb]---[X] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb]---[X] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb]---[X] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb]---[X] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.tlb]---[X] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb]---[X] Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb]---[X] Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RFA11_is1 : (Registry First Aid 11) "C:\Program Files\RFA 11\unins000.exe" -> C:\Program Files\RFA 11\ Deleted successfully : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]~[rfagent] : "C:\Program Files\RFA 11\rfagent64.exe" ---------- | Folders | Files Deletion after restart : C:\Program Files\RFA 11 Deletion after restart : C:\Users\pc\AppData\LocalLow\IObit Deleted successfully : C:\Users\pc\AppData\Roaming\PC Cleaner Deletion after restart : C:\ProgramData\IObit Deletion after restart : C:\ProgramData\PC Cleaner Deletion after restart : C:\ProgramData\Registry First Aid Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 11 Deleted successfully : C:\Users\pc\Documents\store and stay ad aware fait penser à e. galeyroux anti adrem Deleted successfully : C:\Users\Public\Desktop\Registry First Aid 11.lnk (.-.) Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceSeeker.lnk (.-.) Deletion after restart : restart the program > options > delete after restart ---------- | .LNK ---------- | opening unknown extension ---------- | Proxy ---------- | Internet Explorer Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Repaired : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Repaired : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Repaired : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Repaired : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> Repaired : [HKU\S-1-5-21-120822950-1225855894-879144086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome : X ---------- | Comodo Dragon : X ---------- | IceDragon : X ---------- | Firefox : X ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark : X ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall ---------- | ADS Other(s) report(s) Analyzed : 102909 | Modified : 12 | Deleted : 42 ---------- |EOF| ---------- | 18:25:12 | [15 Ko]