Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Faty (administrator) on FATY-PC on 13-07-2015 16:53:43
Running from C:\Users\Faty\Desktop
Loaded Profiles: Faty (Available Profiles: Faty & Fake)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
() C:\Windows\SysWOW64\AsusService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotkeyService.exe
(ASUS) C:\Program Files (x86)\Asus\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\SHE\SuperHybridEngine.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\Asus\ASUS Ai Charger\AiChargerAP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{F36D33C2-0B4D-442E-834A-7C2A34468914}\43.0.2357.132_chrome_installer.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Google Inc.) C:\Windows\Temp\CR_20E52.tmp\setup.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-07-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6240536 2013-07-22] (Piriform Ltd)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\Run: [f.lux] => C:\Users\Faty\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\MountPoints2: F - F:\Windows/AutoRun.exe
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\MountPoints2: {9d7080dd-2460-11e4-98cd-5404a64fdd0e} - F:\Windows/AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{311D2B71-EAF0-4F9E-A649-3400F16C804E}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{446E4FAE-B6B7-43E4-8AF4-B9F903416345}: [DhcpNameServer] 192.168.10.254
FireFox:
========
FF ProfilePath: C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default
FF Homepage: https://ixquick.com/fra/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-12] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-2052609424-2081244842-1100094558-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Extension: ColorfulTabs - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-07-12]
FF Extension: DownloadHelper - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-31]
FF Extension: NoScript - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-12]
FF Extension: Adblock Plus - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-29]
Chrome:
=======
CHR Profile: C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-06]
Ran by Faty (administrator) on FATY-PC on 13-07-2015 16:53:43
Running from C:\Users\Faty\Desktop
Loaded Profiles: Faty (Available Profiles: Faty & Fake)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
() C:\Windows\SysWOW64\AsusService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotkeyService.exe
(ASUS) C:\Program Files (x86)\Asus\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\SHE\SuperHybridEngine.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\Asus\ASUS Ai Charger\AiChargerAP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{F36D33C2-0B4D-442E-834A-7C2A34468914}\43.0.2357.132_chrome_installer.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Google Inc.) C:\Windows\Temp\CR_20E52.tmp\setup.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-07-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6240536 2013-07-22] (Piriform Ltd)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\Run: [f.lux] => C:\Users\Faty\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\MountPoints2: F - F:\Windows/AutoRun.exe
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\MountPoints2: {9d7080dd-2460-11e4-98cd-5404a64fdd0e} - F:\Windows/AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{311D2B71-EAF0-4F9E-A649-3400F16C804E}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{446E4FAE-B6B7-43E4-8AF4-B9F903416345}: [DhcpNameServer] 192.168.10.254
FireFox:
========
FF ProfilePath: C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default
FF Homepage: https://ixquick.com/fra/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-12] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-2052609424-2081244842-1100094558-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Extension: ColorfulTabs - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-07-12]
FF Extension: DownloadHelper - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-31]
FF Extension: NoScript - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-12]
FF Extension: Adblock Plus - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-29]
Chrome:
=======
CHR Profile: C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-06]