---------- | AdsFix | g3n-h@ckm@n | V8.200.21.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Démarrage 19:01:11 - 22/07/2021 Mis a jour le : 19/07/2021 | 05:00 (GMT) par g3n-h@ckm@n Contact : https://www.sosvirus.net Facebook : https://www.facebook.com/AdsFixAntiAdware (French) C:\Users\gen-hackman\Desktop\AdsFix.exe Boot: Normal boot [gen-hackman] - [DESKTOP-BA6JU5E] - (qzertyuilmù [040C]) SID = S-1-5-21-2840925384-1423275600-327047609-1001 System: Microsoft Windows 11 Professionnel - - (10.0.22000) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) 21H2 Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris PC : VirtualBox - innotek GmbH - IdNumber: 0 - UUID: 94DE8888-42C0-466E-94FE-7438ADAE35CF Motherboard : Oracle Corporation - Product: VirtualBox - SerialNumber: 0 - Status: OK - Version: 1.2 CoreTemp : ? C ---------- | Physical Memory (MB) Total: 2047 Available: 610 Cached: 494 Free: 200 ---------- | HDD C:\ -> [Fixed] | [] | Total : 49.45 Go | Free : 23.13 Go -> NTFS [SATA] Z:\ -> [Network] | [VBOX_TVM] | Total : 476.31 Go | Free : 369.24 Go -> VBoxSharedFolderFS ---------- | Backup Point de restauration créé : RP_AdsFix --------------------- En cas de problème après le scan : Options > Restauration Systeme Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer" ---------- | Mises a jour Windows - Activation - Licence W.A.T : :( Test 1 : Windows Activated Licence Volume ---------- | Navigateurs IE : 11.0.22000.1 (© Microsoft Corporation. Tous droits réservés.) FF : 90.0.0.7856 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ---------- | Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = en cours AS: Windows Defender [Auto(2)] = en cours FW: Windows FireWall Service [Auto(2)] = en cours WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours ---------- | FlashPlayer ---------- | Processes closed 1396 | [Owner : Système | Parent : 632 (services.exe)] - (.Oracle Corporation - VirtualBox Guest Additions Service.) - (6.1.22.44080) = C:\Windows\System32\VBoxService.exe 2404 | [Owner : Système | Parent : 1620 (svchost.exe)] - (. - .) - (0.0.0.0) = C:\Windows\System32\AggregatorHost.exe 1764 | [Owner : gen-hackman | Parent : 632 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.22000.1) = C:\Windows\System32\svchost.exe 3588 | [Owner : gen-hackman | Parent : 632 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.22000.1) = C:\Windows\System32\svchost.exe 2668 | [Owner : gen-hackman | Parent : 632 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.22000.1) = C:\Windows\System32\svchost.exe 5392 | [Owner : gen-hackman | Parent : 632 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.22000.1) = C:\Windows\System32\svchost.exe 5688 | [Owner : gen-hackman | Parent : 632 (services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.22000.1) = C:\Windows\System32\svchost.exe ---------- | Tasks ---------- | Services Restauration : BROWSER ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot Modification : [HKLM | Minimal\WudfSvc] : -> Service Modification : [HKLM | Minimal\vga.sys] : -> Driver Modification : [HKLM | Minimal\vgasave.sys] : -> Driver ¤ Modification : [HKLM | Network\NlaSvc] : -> Service Modification : [HKLM | Network\WudfSvc] : -> Service Modification : [HKLM | Network\vga.sys] : -> Driver Modification : [HKLM | Network\vgasave.sys] : -> Driver ---------- | Winsock ---------- | DNS ---------- | Registre Suppression : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\gen-hackman\AppData\Local\Microsoft\OneDrive\21.050.0310.0001\FileSyncConfig.exe]---[X] Suppression : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe]---[X] Suppression : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\gen-hackman\Desktop\ACTW10\KMSGalaxy.exe]---[X] Suppression : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\gen-hackman\Desktop\WhatToDoWith.exe]---[X] Suppression : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll]---[X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll]---[X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll]---[X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll]---[X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll]---[X] Suppression : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\vcruntime140.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\concrt140.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\vcamp140.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc140.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfcm140.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc140chs.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc140deu.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc140esn.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc140ita.dll]---[X] Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\mfc140kor.dll]---[X] ---------- | Dossiers | Fichiers Suppression : C:\Windows\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL (.-.) Suppression : C:\Windows\System32\UNP ---------- | .LNK ---------- | Ouverture extension inconnue ---------- | Proxy ---------- | Internet Explorer Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Modification : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Modification : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\Windows\System32\blank.htm Modification : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 Modification : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... -> Modification : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> Modification : [HKU\S-1-5-21-2840925384-1423275600-327047609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... -> ---------- | Yandex : X ---------- | CLIQZ : X ---------- | Google Chrome : X ---------- | Comodo Dragon : X ---------- | IceDragon : X ---------- | Firefox ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark : X ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall ---------- | ADS Autre rapport Analyses : 104650 | Modifications : 14 | Suppressions : 37 ---------- |EOF| ---------- | 19:44:24 | [12 Ko]