Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2015 Ran by sophie (administrator) on PRINTEMPS (26-07-2015 21:40:32) Running from C:\Users\sophie\Desktop Loaded Profiles: sophie (Available Profiles: sophie) Platform: Microsoft Windows 7 Professionnel Service Pack 1 (X86) Language: Français (France) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\5B2216A0-1437772043-11D9-A2AD-001636FB3EC0\hnsaFFD5.tmp () C:\Program Files\5B2216A0-1437772043-11D9-A2AD-001636FB3EC0\jnszE4E8.tmp (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe () C:\Program Files\Product Deals\tmpBB83.tmp (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\RapidMediaConverter\RapidMediaConverterApp.exe () C:\Program Files\Product Deals\bin\utilProductDeals.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\Program Files\Product Deals\updateProductDeals.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe () C:\Program Files\Product Deals\bin\ProductDeals.PurBrowse.exe () C:\Program Files\Product Deals\bin\ProductDeals.BrowserAdapter.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Cinema PlusV24.07) C:\Program Files\CinemaPlus-4.2vV24.07\09cc8bd5-b88a-4c42-9479-0edd6657bb72-1-6.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761946 2006-04-07] (Synaptics, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM\...\Run: [mpck_fr_017010040] => [X] HKLM\...\Run: [Windesk Winsearch] => C:\Program Files\WindeskWinsearch\Windesk Winsearch.exe HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-25] (AVAST Software) HKU\S-1-5-21-668859941-3776755467-2018057237-1002\...\Run: [Selection Tools] => "C:\Users\sophie\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup HKU\S-1-5-21-668859941-3776755467-2018057237-1002\...\Run: [GoogleChromeAutoLaunch_C554A9A1044EF0A0EE83607313E4348B] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-21] (Microsoft Corporation) Startup: C:\Users\sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk [2015-07-25] ShortcutTarget: RapidMediaConverterApp.lnk -> C:\Program Files\RapidMediaConverter\RapidMediaConverterApp.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-25] (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-668859941-3776755467-2018057237-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-668859941-3776755467-2018057237-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-668859941-3776755467-2018057237-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1437772777&z=10f6fff9f79576fad46d61egaz2cdmbm6m4o5m5c4z&from=cmi&uid=ST9250410AS_5VGAAJA6&q={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {53D2A61E-B9B1-4444-B177-DBBBD65DCEE0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-668859941-3776755467-2018057237-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST9250410AS_5VGAAJA6&ts=1437765003&type=default&q={searchTerms} BHO: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-25] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{369243A3-15A0-4459-ACAD-512D9DA5C0E1}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{5F92D75F-405D-4098-908D-40B0E5C07612}: [NameServer] 82.163.143.152,82.163.142.154 Tcpip\..\Interfaces\{5F92D75F-405D-4098-908D-40B0E5C07612}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{D807E4DB-A3A9-403E-A07C-BFA4FBEA82C4}: [NameServer] 82.163.143.152,82.163.142.154 Tcpip\..\Interfaces\{D807E4DB-A3A9-403E-A07C-BFA4FBEA82C4}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchUrl: https://fr.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://fr.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://fr.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\searchplugins\bingcom.xml [2015-07-24] FF SearchPlugin: C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\searchplugins\mystartsearch.xml [2015-07-26] FF SearchPlugin: C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\searchplugins\yahoo-avast.xml [2015-07-26] FF Extension: No Name - C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\Extensions\1437772797_xpi [2015-07-24] FF Extension: New Tab by Yahoo - C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-05-28] FF Extension: Product Deals 1.0.1 - C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\Extensions\{33ec41ea-c5a6-4add-92af-1f91084dc817}.xpi [2015-07-26] FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\extensions\defsearchp@gmail.com FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nyu8wmi8.default\extensions\deskCutv2@gmail.com FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-25] Chrome: ======= CHR Profile: C:\Users\sophie\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Product Deals) - C:\Users\sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\liffcepgimcmcbmfdaidoldnmmfiielp [2015-07-25] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-25]