Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01 Ran by Kasia at 2015-01-29 20:27:30 Run:1 Running from E:\ Loaded Profiles: Kasia (Available profiles: Kasia & dom) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe HKLM\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\bronstab.exe [42065 2006-06-20] () HKLM\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe" [x ] () HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Kasia\AppData\Local\smss.exe [42065 2006-06-20] () HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\...\Policies\Explorer: [NoFolderOptions] 1 Startup: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Empty.pif () HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" C:\Users\dom\AppData\Local\*.bat C:\Users\dom\AppData\Local\*.bin C:\Users\dom\AppData\Local\*.exe C:\Users\dom\AppData\Local\*.txt C:\Users\dom\Documents\Documents.exe C:\Users\Kasia\AppData\Local\*.bat C:\Users\Kasia\AppData\Local\*.bin C:\Users\Kasia\AppData\Local\*.exe C:\Users\Kasia\AppData\Local\*.txt C:\Users\Kasia\Desktop\kasku\programy\*.lnk C:\Users\Kasia\Documents\Documents.exe C:\Windows\eksplorasi.exe C:\Windows\ShellNew\bronstab.exe C:\Windows\system32\dom's Setting.scr C:\Windows\system32\Kasia's Setting.scr CMD: for /d %f in (C:\Users\dom\AppData\Local\*Bron*) do rd /s /q "%f" CMD: for /d %f in (C:\Users\Kasia\AppData\Local\*Bron*) do rd /s /q "%f" Hosts: EmptyTemp: ***************** Processes closed successfully. [1140] C:\Windows\explorer.exe => Process closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus => value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value deleted successfully. HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value deleted successfully. HKU\S-1-5-21-1880997745-2878968255-1170384601-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif => Moved successfully. C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Empty.pif => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. "C:\Users\dom\AppData\Local\*.bat" => File/Directory not found. C:\Users\dom\AppData\Local\*.bin => Moved successfully. C:\Users\dom\AppData\Local\*.exe => Moved successfully. C:\Users\dom\AppData\Local\*.txt => Moved successfully. C:\Users\dom\Documents\Documents.exe => Moved successfully. "C:\Users\Kasia\AppData\Local\*.bat" => File/Directory not found. C:\Users\Kasia\AppData\Local\*.bin => Moved successfully. C:\Users\Kasia\AppData\Local\*.exe => Moved successfully. C:\Users\Kasia\AppData\Local\*.txt => Moved successfully. C:\Users\Kasia\Desktop\kasku\programy\*.lnk => Moved successfully. C:\Users\Kasia\Documents\Documents.exe => Moved successfully. C:\Windows\eksplorasi.exe => Moved successfully. C:\Windows\ShellNew\bronstab.exe => Moved successfully. "C:\Windows\system32\dom's Setting.scr" => File/Directory not found. C:\Windows\system32\Kasia's Setting.scr => Moved successfully. ========= for /d %f in (C:\Users\dom\AppData\Local\*Bron*) do rd /s /q "%f" ========= ========= End of CMD: ========= ========= for /d %f in (C:\Users\Kasia\AppData\Local\*Bron*) do rd /s /q "%f" ========= ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 478.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 20:27:51 ====