Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015 Ran by max at 2015-02-07 11:11:07 Run:1 Running from C:\Users\max\Desktop Loaded Profiles: max (Available profiles: max) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: HKU\S-1-5-21-1031630780-3175621160-1081558820-1000\...\Run: [Tok-Cirrhatus-1431] => C:\Users\max\AppData\Local\br3885on.exe [49152 2008-05-29] () HKU\S-1-5-21-1031630780-3175621160-1081558820-1000\...\Run: [Tok-Cirrhatus] => [X] Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () Task: {C5486121-A29D-43BA-AEC4-3C7F1F3F62A9} - System32\Tasks\{0081150D-F2CE-4CAB-BFCE-A3206AAAD7E3} => pcalua.exe -a F:\programy\programy.exe -d F:\programy C:\Users\max\AppData\Local\*.bin C:\Users\max\AppData\Local\*.exe C:\Users\max\AppData\Local\*.txt CMD: for /d %f in (C:\Users\max\AppData\Local\*bron*) do rd /s /q "%f" EmptyTemp: ***************** Processes closed successfully. HKU\S-1-5-21-1031630780-3175621160-1081558820-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus-1431 => value deleted successfully. HKU\S-1-5-21-1031630780-3175621160-1081558820-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value deleted successfully. C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5486121-A29D-43BA-AEC4-3C7F1F3F62A9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5486121-A29D-43BA-AEC4-3C7F1F3F62A9}" => Key deleted successfully. C:\Windows\System32\Tasks\{0081150D-F2CE-4CAB-BFCE-A3206AAAD7E3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0081150D-F2CE-4CAB-BFCE-A3206AAAD7E3}" => Key deleted successfully. C:\Users\max\AppData\Local\*.bin => Moved successfully. C:\Users\max\AppData\Local\*.exe => Moved successfully. C:\Users\max\AppData\Local\*.txt => Moved successfully. ========= for /d %f in (C:\Users\max\AppData\Local\*bron*) do rd /s /q "%f" ========= ========= End of CMD: ========= EmptyTemp: => Removed 219.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 11:11:13 ====