Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015 Ran by Faty (administrator) on FATY-PC on 13-07-2015 16:53:43 Running from C:\Users\Faty\Desktop Loaded Profiles: Faty (Available Profiles: Faty & Fake) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe () C:\Windows\SysWOW64\AsusService.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotkeyService.exe (ASUS) C:\Program Files (x86)\Asus\CapsHook\CapsHook.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\SHE\SuperHybridEngine.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\Asus\ASUS Ai Charger\AiChargerAP.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Update\Install\{F36D33C2-0B4D-442E-834A-7C2A34468914}\43.0.2357.132_chrome_installer.exe (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe (Google Inc.) C:\Windows\Temp\CR_20E52.tmp\setup.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-07-23] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.) HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6240536 2013-07-22] (Piriform Ltd) HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\Run: [f.lux] => C:\Users\Faty\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\MountPoints2: F - F:\Windows/AutoRun.exe HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\...\MountPoints2: {9d7080dd-2460-11e4-98cd-5404a64fdd0e} - F:\Windows/AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com HKU\S-1-5-21-2052609424-2081244842-1100094558-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-04] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-04] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.10.254 Tcpip\..\Interfaces\{311D2B71-EAF0-4F9E-A649-3400F16C804E}: [DhcpNameServer] 192.168.10.254 Tcpip\..\Interfaces\{446E4FAE-B6B7-43E4-8AF4-B9F903416345}: [DhcpNameServer] 192.168.10.254 FireFox: ======== FF ProfilePath: C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default FF Homepage: https://ixquick.com/fra/ FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-12] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin HKU\S-1-5-21-2052609424-2081244842-1100094558-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.) FF Extension: ColorfulTabs - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-07-12] FF Extension: DownloadHelper - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-31] FF Extension: NoScript - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-12] FF Extension: Adblock Plus - C:\Users\Faty\AppData\Roaming\Mozilla\Firefox\Profiles\tpg9wiri.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-29] Chrome: ======= CHR Profile: C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-31] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31] CHR Extension: (Google Wallet) - C:\Users\Faty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-06]