Fix result of Farbar Recovery Scan Tool (x64) Version: 25-07-2020
Ran by Benetlo (25-07-2020 20:39:24) Run:1
Running from C:\Users\Benetlo\Desktop\tel
Loaded Profiles: Benetlo & postgres
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-04-30]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Task: {56DEA79F-4FF9-466F-9A81-8DEF21C46DBE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {605E9E7C-A9EF-4419-AD6D-0CDDD7DAA413} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat
Task: {6F2857EB-E8CA-4031-A6BA-9B0E79EB184C} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe
Task: {B30B7A31-E94A-4459-98F5-9666B593535A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {D43FF6E5-9ED9-4A0C-A6C6-8F5B6451E623} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {E1C2046D-2CF9-4668-AD52-84D1FD2179CA} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {EB603617-734E-4B99-A685-55E60E053F51} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
2020-07-25 18:24 - 2020-07-25 18:24 - 000004150 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_Daily_Benetlo
2020-07-25 18:24 - 2020-07-25 18:24 - 000004004 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_AtLogon
2020-07-25 18:24 - 2020-07-25 18:24 - 000003930 _____ C:\WINDOWS\system32\Tasks\TR_Updater
2020-07-25 18:24 - 2020-07-25 18:24 - 000003786 _____ C:\WINDOWS\system32\Tasks\TR_AntiHijack
2020-07-25 18:24 - 2020-07-25 18:24 - 000001283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk
2020-07-25 18:24 - 2020-07-25 18:24 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk
2020-07-25 18:24 - 2020-07-25 18:24 - 000001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk
2020-07-25 18:24 - 2020-07-25 18:24 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll
ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll
ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [128]
AlternateDataStreams: C:\Users\Benetlo\Desktop\Questionnaire mairie Soen BETTINGER.jpeg.8klu1:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Benetlo\Desktop\Questionnaire mairie Soen BETTINGER.jpeg.8klu1:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-333669769-3932428672-634422777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-333669769-3932428672-634422777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => moved successfully
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{56DEA79F-4FF9-466F-9A81-8DEF21C46DBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56DEA79F-4FF9-466F-9A81-8DEF21C46DBE}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{605E9E7C-A9EF-4419-AD6D-0CDDD7DAA413}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{605E9E7C-A9EF-4419-AD6D-0CDDD7DAA413}" => removed successfully
C:\WINDOWS\System32\Tasks\npcapwatchdog => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\npcapwatchdog" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F2857EB-E8CA-4031-A6BA-9B0E79EB184C}" => not found
"C:\WINDOWS\System32\Tasks\TR_Updater" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_Updater" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B30B7A31-E94A-4459-98F5-9666B593535A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B30B7A31-E94A-4459-98F5-9666B593535A}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D43FF6E5-9ED9-4A0C-A6C6-8F5B6451E623}" => not found
"C:\WINDOWS\System32\Tasks\TR_AntiHijack" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_AntiHijack" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1C2046D-2CF9-4668-AD52-84D1FD2179CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C2046D-2CF9-4668-AD52-84D1FD2179CA}" => removed successfully
C:\WINDOWS\System32\Tasks\DriverToolkit Autorun => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverToolkit Autorun" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB603617-734E-4B99-A685-55E60E053F51}" => not found
"C:\WINDOWS\System32\Tasks\TR_FastScan_AtLogon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_FastScan_AtLogon" => not found
C:\WINDOWS\Tasks\DriverToolkit Autorun.job => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\npf_wifi => removed successfully
npf_wifi => service removed successfully
"C:\WINDOWS\system32\Tasks\TR_FastScan_Daily_Benetlo" => not found
"C:\WINDOWS\system32\Tasks\TR_FastScan_AtLogon" => not found
"C:\WINDOWS\system32\Tasks\TR_Updater" => not found
"C:\WINDOWS\system32\Tasks\TR_AntiHijack" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk" => not found
C:\Program Files (x86)\Trojan Remover => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Trojan Remover => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Trojan Remover => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Trojan Remover => not found
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully
C:\Users\Benetlo\Desktop\Questionnaire mairie Soen BETTINGER.jpeg.8klu1 => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Benetlo\Desktop\Questionnaire mairie Soen BETTINGER.jpeg.8klu1 => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

========= ipconfig /flushdns =========


Configuration IP de Windows

Cache de r‚solution DNS vid‚.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh winsock reset =========


Le catalogue Winsock a ‚t‚ r‚initialis‚ correctement.
Vous devez red‚marrer l'ordinateur afin de finaliser la r‚initialisation.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1638252662 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 2569724 B
Edge => 5477601 B
Chrome => 1267266058 B
Firefox => 0 B
Opera => 73702817 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 20480 B
NetworkService => 491420 B
Benetlo => 480709366 B
postgres => 480709366 B

RecycleBin => 0 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:43:19 ====