Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Princess (27-09-2016 23:51:55) Run:1 Running from C:\Users\Princess\Desktop Loaded Profiles: Princess (Available Profiles: Princess) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-1756270345-513198411-2719884695-1001\...\MountPoints2: {a8e85abc-171c-11e5-8275-9cd21ef08e20} - "D:\AutoRun.exe" HKU\S-1-5-21-1756270345-513198411-2719884695-1001\...\MountPoints2: {e2a8474e-58d9-11e6-8293-f8a963231bdc} - "D:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1756270345-513198411-2719884695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=fr-fr URLSearchHook: [S-1-5-21-1756270345-513198411-2719884695-1001] ATTENTION => Default URLSearchHook is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FF ProfilePath: C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\l42jjylb.default FF SearchEngineOrder.3: Bing FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=fr-fr FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q= \FFExt\online_banking@kaspersky.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [not found] FF Extension: (Bing Search Engine) - CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=fr-fr CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) S3 catchme; \??\C:\Users\Princess\AppData\Local\Temp\catchme.sys [X] U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1756270345-513198411-2719884695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1756270345-513198411-2719884695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= "HKU\S-1-5-21-1756270345-513198411-2719884695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8e85abc-171c-11e5-8275-9cd21ef08e20}" => key removed successfully HKCR\CLSID\{a8e85abc-171c-11e5-8275-9cd21ef08e20} => key not found. "HKU\S-1-5-21-1756270345-513198411-2719884695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2a8474e-58d9-11e6-8293-f8a963231bdc}" => key removed successfully HKCR\CLSID\{e2a8474e-58d9-11e6-8293-f8a963231bdc} => key not found. HKU\S-1-5-21-1756270345-513198411-2719884695-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully Could not restore Default URLSearchHook. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully "HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully "HKCR\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully "HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3507FA00-ADA2-4A02-99B9-51AD26CA9120} => value removed successfully "HKCR\CLSID\{3507FA00-ADA2-4A02-99B9-51AD26CA9120}" => key removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3507FA00-ADA2-4A02-99B9-51AD26CA9120} => value removed successfully "HKCR\Wow6432Node\CLSID\{3507FA00-ADA2-4A02-99B9-51AD26CA9120}" => key removed successfully "HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c" => key removed successfully "HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully FF ProfilePath: C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\l42jjylb.default => FRST is scripted not to move this directory. Firefox SearchEngineOrder.3 removed successfully Firefox "homepage" removed successfully Firefox "Keyword.URL" removed successfully \FFExt\online_banking@kaspersky.com [not found] => Error: No automatic fix found for this entry. C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com => path removed successfully C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com => path removed successfully FF Extension: (Bing Search Engine) - => not found. Chrome HomePage => removed successfully Chrome DefaultSuggestURL => removed successfully c2cpnrsvc => service removed successfully catchme => service removed successfully klkbdflt2 => service could not remove ========= netsh winsock reset all ========= Le catalogue Winsock a ‚t‚ r‚initialis‚ correctement. Vous devez red‚marrer l'ordinateur afin de finaliser la r‚initialisation. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Configuration IP de Windows Cache de r‚solution DNS vid‚. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23512279 B Java, Flash, Steam htmlcache => 540 B Windows/system/drivers => 6036436 B Edge => 0 B Chrome => 57908251 B Firefox => 4130918 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 217099 B systemprofile32 => 0 B LocalService => 1670 B NetworkService => 9682944 B Princess => 19309812 B RecycleBin => 40855953 B EmptyTemp: => 162.2 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:52:51 ====