Probleme avec chrome://lightning/content/newtab.html
Fermé
enadryle
Messages postés
4
Date d'inscription
dimanche 2 décembre 2012
Statut
Membre
Dernière intervention
2 août 2014
-
Modifié par enadryle le 29/01/2014 à 23:28
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 - 4 févr. 2014 à 20:39
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 - 4 févr. 2014 à 20:39
Bonjour et tout d'abord merci de lire mon message!
J'ai télécharger un petit programme, qui malgré mon application à refuser toute barre de recherche supplémentaires, j'ai du louper une case à décocher quelques part car je me retrouve maintenant avec ceci qui apparait a chaque fois que j'ouvre un nouvel onglet:
chrome://lightning/content/newtab.html
J'ai désactiver les modules complémentaires de mozilla firefox
J'ai désinstaller la toolbar lightingdial depuis le panneau de configuration
J'ai lancé adwcleaner qui n'a rien détecté
Mais j'ai malheureusement toujours ce truc (et je déteste les petits programmes de ce genre qui s'imposent alors ca me torture l'esprit de savoir que j'ai ça sur mon ordi ^^)
Est ce que vous auriez un conseil svp pour savoir comment s'en débarrasser?
Merci beaucoup pour votre attention mesdames et messieurs et surtout passez une bonne soirée!!!
Configuration: PC asus windows 8, mozilla firefox
Voici les rapports de FRST (si j'ai bien compris c'est cela qu'il faut faire)
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Katouchka (administrator) on KAKAHOUÈTE on 29-01-2014 21:18:41
Running from C:\Users\Katouchka\Downloads
Windows 8 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SFR & Celliance) C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCdService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
MountPoints2: {39a0da7b-f912-11e2-be6a-806e6f6e6963} - "E:\Diablo III Setup.exe"
MountPoints2: {d52da36a-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
MountPoints2: {d52da397-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=telemsd&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0BtBtDzy0AtB0EtC0FzztN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P1H1B1Q&cr=455865834&ir=
SearchScopes: HKLM - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {6DBBC830-8AE0-1853-0A5B-573BA526B51C} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP97422F0D-FDF0-4156-895A-4D8AE4CB44A2&q={searchTerms}&SSPV=
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Adblock Plus - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
U2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
U2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
U2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
U2 ServiceSFRABCD; C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [657536 2009-11-06] (SFR & Celliance)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
U2 Update RightSurf; "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" [x]
==================== Drivers (Whitelisted) ====================
U3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
U3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
U0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
U0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:35 - 2014-01-29 20:33 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-23 15:31 - 2014-01-29 00:50 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:28 - 2014-01-23 15:29 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-20 19:41 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-20 19:41 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-20 19:41 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-20 19:41 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-20 19:41 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-20 19:41 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-20 19:41 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-20 19:41 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-20 19:41 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
==================== One Month Modified Files and Folders =======
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 21:11 - 2013-12-26 15:42 - 00000000 ____D C:\AdwCleaner
2014-01-29 21:10 - 2012-08-03 00:06 - 00800978 _____ C:\Windows\system32\perfh00C.dat
2014-01-29 21:10 - 2012-08-03 00:06 - 00155650 _____ C:\Windows\system32\perfc00C.dat
2014-01-29 21:10 - 2012-07-26 08:28 - 01793362 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 21:08 - 2013-10-03 12:32 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-619725900-1591091210-1834313985-1002
2014-01-29 21:03 - 2013-10-03 12:24 - 00000062 _____ C:\Users\Katouchka\AppData\Roaming\sp_data.sys
2014-01-29 21:03 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 21:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-29 21:02 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-29 20:56 - 2013-12-26 15:45 - 00281864 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:55 - 2013-10-03 12:35 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-29 20:55 - 2013-10-03 12:24 - 00001013 _____ C:\Users\Katouchka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:33 - 2014-01-29 20:35 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-29 20:25 - 2013-07-30 13:33 - 01315650 _____ C:\Windows\WindowsUpdate.log
2014-01-29 00:50 - 2014-01-23 15:31 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:29 - 2014-01-23 15:28 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-21 19:31 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-20 23:10 - 2013-10-04 15:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 23:09 - 2013-10-04 15:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-20 23:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 08:33 - 2013-12-04 18:58 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\Katouchka\AppData\Local\Temp\20140129203305.277.exe
C:\Users\Katouchka\AppData\Local\Temp\37019uninstall.exe
C:\Users\Katouchka\AppData\Local\Temp\nsb4D84.exe
C:\Users\Katouchka\AppData\Local\Temp\nsf4B31.exe
C:\Users\Katouchka\AppData\Local\Temp\nsg8B4B.exe
C:\Users\Katouchka\AppData\Local\Temp\nsk8946.exe
C:\Users\Katouchka\AppData\Local\Temp\SPSetup.exe
C:\Users\Katouchka\AppData\Local\Temp\Sqlite3.dll
C:\Users\Katouchka\AppData\Local\Temp\uttCA29.tmp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 23:56
==================== End Of Log ============================
Et addition:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Katouchka (administrator) on KAKAHOUÈTE on 29-01-2014 21:18:41
Running from C:\Users\Katouchka\Downloads
Windows 8 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SFR & Celliance) C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCdService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
MountPoints2: {39a0da7b-f912-11e2-be6a-806e6f6e6963} - "E:\Diablo III Setup.exe"
MountPoints2: {d52da36a-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
MountPoints2: {d52da397-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=telemsd&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0BtBtDzy0AtB0EtC0FzztN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P1H1B1Q&cr=455865834&ir=
SearchScopes: HKLM - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {6DBBC830-8AE0-1853-0A5B-573BA526B51C} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP97422F0D-FDF0-4156-895A-4D8AE4CB44A2&q={searchTerms}&SSPV=
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Adblock Plus - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
U2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
U2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
U2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
U2 ServiceSFRABCD; C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [657536 2009-11-06] (SFR & Celliance)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
U2 Update RightSurf; "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" [x]
==================== Drivers (Whitelisted) ====================
U3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
U3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
U0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
U0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:35 - 2014-01-29 20:33 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-23 15:31 - 2014-01-29 00:50 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:28 - 2014-01-23 15:29 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-20 19:41 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-20 19:41 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-20 19:41 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-20 19:41 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-20 19:41 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-20 19:41 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-20 19:41 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-20 19:41 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-20 19:41 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
==================== One Month Modified Files and Folders =======
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 21:11 - 2013-12-26 15:42 - 00000000 ____D C:\AdwCleaner
2014-01-29 21:10 - 2012-08-03 00:06 - 00800978 _____ C:\Windows\system32\perfh00C.dat
2014-01-29 21:10 - 2012-08-03 00:06 - 00155650 _____ C:\Windows\system32\perfc00C.dat
2014-01-29 21:10 - 2012-07-26 08:28 - 01793362 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 21:08 - 2013-10-03 12:32 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-619725900-1591091210-1834313985-1002
2014-01-29 21:03 - 2013-10-03 12:24 - 00000062 _____ C:\Users\Katouchka\AppData\Roaming\sp_data.sys
2014-01-29 21:03 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 21:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-29 21:02 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-29 20:56 - 2013-12-26 15:45 - 00281864 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:55 - 2013-10-03 12:35 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-29 20:55 - 2013-10-03 12:24 - 00001013 _____ C:\Users\Katouchka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:33 - 2014-01-29 20:35 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-29 20:25 - 2013-07-30 13:33 - 01315650 _____ C:\Windows\WindowsUpdate.log
2014-01-29 00:50 - 2014-01-23 15:31 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:29 - 2014-01-23 15:28 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-21 19:31 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-20 23:10 - 2013-10-04 15:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 23:09 - 2013-10-04 15:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-20 23:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 08:33 - 2013-12-04 18:58 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\Katouchka\AppData\Local\Temp\20140129203305.277.exe
C:\Users\Katouchka\AppData\Local\Temp\37019uninstall.exe
C:\Users\Katouchka\AppData\Local\Temp\nsb4D84.exe
C:\Users\Katouchka\AppData\Local\Temp\nsf4B31.exe
C:\Users\Katouchka\AppData\Local\Temp\nsg8B4B.exe
C:\Users\Katouchka\AppData\Local\Temp\nsk8946.exe
C:\Users\Katouchka\AppData\Local\Temp\SPSetup.exe
C:\Users\Katouchka\AppData\Local\Temp\Sqlite3.dll
C:\Users\Katouchka\AppData\Local\Temp\uttCA29.tmp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 23:56
==================== End Of Log ============================
J'ai télécharger un petit programme, qui malgré mon application à refuser toute barre de recherche supplémentaires, j'ai du louper une case à décocher quelques part car je me retrouve maintenant avec ceci qui apparait a chaque fois que j'ouvre un nouvel onglet:
chrome://lightning/content/newtab.html
J'ai désactiver les modules complémentaires de mozilla firefox
J'ai désinstaller la toolbar lightingdial depuis le panneau de configuration
J'ai lancé adwcleaner qui n'a rien détecté
Mais j'ai malheureusement toujours ce truc (et je déteste les petits programmes de ce genre qui s'imposent alors ca me torture l'esprit de savoir que j'ai ça sur mon ordi ^^)
Est ce que vous auriez un conseil svp pour savoir comment s'en débarrasser?
Merci beaucoup pour votre attention mesdames et messieurs et surtout passez une bonne soirée!!!
Configuration: PC asus windows 8, mozilla firefox
Voici les rapports de FRST (si j'ai bien compris c'est cela qu'il faut faire)
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Katouchka (administrator) on KAKAHOUÈTE on 29-01-2014 21:18:41
Running from C:\Users\Katouchka\Downloads
Windows 8 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SFR & Celliance) C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCdService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
MountPoints2: {39a0da7b-f912-11e2-be6a-806e6f6e6963} - "E:\Diablo III Setup.exe"
MountPoints2: {d52da36a-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
MountPoints2: {d52da397-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=telemsd&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0BtBtDzy0AtB0EtC0FzztN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P1H1B1Q&cr=455865834&ir=
SearchScopes: HKLM - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {6DBBC830-8AE0-1853-0A5B-573BA526B51C} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP97422F0D-FDF0-4156-895A-4D8AE4CB44A2&q={searchTerms}&SSPV=
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Adblock Plus - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
U2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
U2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
U2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
U2 ServiceSFRABCD; C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [657536 2009-11-06] (SFR & Celliance)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
U2 Update RightSurf; "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" [x]
==================== Drivers (Whitelisted) ====================
U3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
U3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
U0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
U0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:35 - 2014-01-29 20:33 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-23 15:31 - 2014-01-29 00:50 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:28 - 2014-01-23 15:29 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-20 19:41 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-20 19:41 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-20 19:41 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-20 19:41 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-20 19:41 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-20 19:41 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-20 19:41 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-20 19:41 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-20 19:41 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
==================== One Month Modified Files and Folders =======
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 21:11 - 2013-12-26 15:42 - 00000000 ____D C:\AdwCleaner
2014-01-29 21:10 - 2012-08-03 00:06 - 00800978 _____ C:\Windows\system32\perfh00C.dat
2014-01-29 21:10 - 2012-08-03 00:06 - 00155650 _____ C:\Windows\system32\perfc00C.dat
2014-01-29 21:10 - 2012-07-26 08:28 - 01793362 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 21:08 - 2013-10-03 12:32 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-619725900-1591091210-1834313985-1002
2014-01-29 21:03 - 2013-10-03 12:24 - 00000062 _____ C:\Users\Katouchka\AppData\Roaming\sp_data.sys
2014-01-29 21:03 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 21:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-29 21:02 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-29 20:56 - 2013-12-26 15:45 - 00281864 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:55 - 2013-10-03 12:35 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-29 20:55 - 2013-10-03 12:24 - 00001013 _____ C:\Users\Katouchka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:33 - 2014-01-29 20:35 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-29 20:25 - 2013-07-30 13:33 - 01315650 _____ C:\Windows\WindowsUpdate.log
2014-01-29 00:50 - 2014-01-23 15:31 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:29 - 2014-01-23 15:28 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-21 19:31 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-20 23:10 - 2013-10-04 15:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 23:09 - 2013-10-04 15:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-20 23:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 08:33 - 2013-12-04 18:58 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\Katouchka\AppData\Local\Temp\20140129203305.277.exe
C:\Users\Katouchka\AppData\Local\Temp\37019uninstall.exe
C:\Users\Katouchka\AppData\Local\Temp\nsb4D84.exe
C:\Users\Katouchka\AppData\Local\Temp\nsf4B31.exe
C:\Users\Katouchka\AppData\Local\Temp\nsg8B4B.exe
C:\Users\Katouchka\AppData\Local\Temp\nsk8946.exe
C:\Users\Katouchka\AppData\Local\Temp\SPSetup.exe
C:\Users\Katouchka\AppData\Local\Temp\Sqlite3.dll
C:\Users\Katouchka\AppData\Local\Temp\uttCA29.tmp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 23:56
==================== End Of Log ============================
Et addition:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Katouchka (administrator) on KAKAHOUÈTE on 29-01-2014 21:18:41
Running from C:\Users\Katouchka\Downloads
Windows 8 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SFR & Celliance) C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCdService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
MountPoints2: {39a0da7b-f912-11e2-be6a-806e6f6e6963} - "E:\Diablo III Setup.exe"
MountPoints2: {d52da36a-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
MountPoints2: {d52da397-3bc9-11e3-be7c-ac220bb209a2} - "F:\SFR.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=telemsd&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0BtBtDzy0AtB0EtC0FzztN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P1H1B1Q&cr=455865834&ir=
SearchScopes: HKLM - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {6DBBC830-8AE0-1853-0A5B-573BA526B51C} URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {23BA96AC-0373-E9AB-365A-2690AF72D5BC} URL = http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP97422F0D-FDF0-4156-895A-4D8AE4CB44A2&q={searchTerms}&SSPV=
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Adblock Plus - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Katouchka\AppData\Roaming\Mozilla\Firefox\Profiles\93u6desn.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
U2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
U2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
U2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
U2 ServiceSFRABCD; C:\Program Files (x86)\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [657536 2009-11-06] (SFR & Celliance)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
U2 Update RightSurf; "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" [x]
==================== Drivers (Whitelisted) ====================
U3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
U3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
U0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
U0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:35 - 2014-01-29 20:33 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-23 15:31 - 2014-01-29 00:50 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:28 - 2014-01-23 15:29 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-20 19:41 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-20 19:41 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-20 19:41 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-20 19:41 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-20 19:41 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-20 19:41 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-20 19:41 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-20 19:41 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-20 19:41 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-20 19:41 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-20 19:40 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-20 19:40 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
==================== One Month Modified Files and Folders =======
2014-01-29 21:18 - 2014-01-29 21:18 - 00012046 _____ C:\Users\Katouchka\Downloads\FRST.txt
2014-01-29 21:18 - 2014-01-29 21:18 - 00000000 ____D C:\FRST
2014-01-29 21:17 - 2014-01-29 21:17 - 02079744 _____ (Farbar) C:\Users\Katouchka\Downloads\FRST64.exe
2014-01-29 21:11 - 2013-12-26 15:42 - 00000000 ____D C:\AdwCleaner
2014-01-29 21:10 - 2012-08-03 00:06 - 00800978 _____ C:\Windows\system32\perfh00C.dat
2014-01-29 21:10 - 2012-08-03 00:06 - 00155650 _____ C:\Windows\system32\perfc00C.dat
2014-01-29 21:10 - 2012-07-26 08:28 - 01793362 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 21:08 - 2013-10-03 12:32 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-619725900-1591091210-1834313985-1002
2014-01-29 21:03 - 2013-10-03 12:24 - 00000062 _____ C:\Users\Katouchka\AppData\Roaming\sp_data.sys
2014-01-29 21:03 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 21:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-29 21:02 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-29 20:56 - 2013-12-26 15:45 - 00281864 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:55 - 2013-10-03 12:35 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-29 20:55 - 2013-10-03 12:24 - 00001013 _____ C:\Users\Katouchka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-29 20:36 - 2014-01-29 20:36 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-29 20:33 - 2014-01-29 20:35 - 00024135 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script.zip
2014-01-29 20:32 - 2014-01-29 20:32 - 00278784 _____ C:\Users\Katouchka\Downloads\Walt-Disney-Script-Font_1.0.exe
2014-01-29 20:25 - 2013-07-30 13:33 - 01315650 _____ C:\Windows\WindowsUpdate.log
2014-01-29 00:50 - 2014-01-23 15:31 - 00000000 ____D C:\Users\Katouchka\AppData\Roaming\vlc
2014-01-23 15:30 - 2014-01-23 15:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-23 15:29 - 2014-01-23 15:28 - 24097311 _____ C:\Users\Katouchka\Downloads\vlc-2.1.2-win32.exe
2014-01-21 19:31 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-20 23:10 - 2013-10-04 15:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 23:09 - 2013-10-04 15:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-20 23:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 08:33 - 2013-12-04 18:58 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 10:17 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\Katouchka\AppData\Local\Temp\20140129203305.277.exe
C:\Users\Katouchka\AppData\Local\Temp\37019uninstall.exe
C:\Users\Katouchka\AppData\Local\Temp\nsb4D84.exe
C:\Users\Katouchka\AppData\Local\Temp\nsf4B31.exe
C:\Users\Katouchka\AppData\Local\Temp\nsg8B4B.exe
C:\Users\Katouchka\AppData\Local\Temp\nsk8946.exe
C:\Users\Katouchka\AppData\Local\Temp\SPSetup.exe
C:\Users\Katouchka\AppData\Local\Temp\Sqlite3.dll
C:\Users\Katouchka\AppData\Local\Temp\uttCA29.tmp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 23:56
==================== End Of Log ============================
A voir également:
- Probleme avec chrome://lightning/content/newtab.html
- Restaurer onglets chrome - Guide
- Chrome cast sur tv - Guide
- Chrome os flex - Guide
- Supprimer bing de chrome - Guide
- Mode sombre chrome - Guide
1 réponse
Marou81
Messages postés
4175
Date d'inscription
mercredi 13 janvier 2010
Statut
Membre
Dernière intervention
18 mars 2014
197
4 févr. 2014 à 20:39
4 févr. 2014 à 20:39
Bonsoir,
Télécharge Junk Removal Tool. Suis ce tuto et poste moi le rapport :
https://forum.security-x.fr/tutoriels-317/tutoriel-junkware-removal-tool
Utilise ce logiciel de désinfection généraliste :
▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.
Reparamètre tes navigateurs WEB :
▶ Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
▶ Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
▶ Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
A+
Télécharge Junk Removal Tool. Suis ce tuto et poste moi le rapport :
https://forum.security-x.fr/tutoriels-317/tutoriel-junkware-removal-tool
Utilise ce logiciel de désinfection généraliste :
▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.
Reparamètre tes navigateurs WEB :
▶ Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
▶ Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
▶ Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
A+
