Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015 Ran by Krzycho at 2015-04-14 07:37:01 Run:1 Running from D:\INSTALKI Loaded Profiles: Krzycho (Available profiles: Krzycho) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {A57136FB-14AA-475C-A6D9-90575A2FB5F6} - System32\Tasks\Update\cryptex => C:\Users\Krzycho\AppData\Local\Temp\ariana.exe [2015-04-08] () <==== ATTENTION Task: {CCDD0FAA-E2D9-43E1-AD37-33F3945F02DC} - System32\Tasks\Update\Google Update => Chrome.exe HKU\S-1-5-21-2253125196-3734906773-2982781718-1000\...\Run: [LightShot] => C:\Users\Krzycho\AppData\Local\Skillbrains\lightshot\Lightshot.exe C:\Program Files (x86)\Temp C:\Users\Krzycho\AppData\Roaming\EF611A56-1B3A-4EC8-9C3F-71D219768C5E C:\Users\Krzycho\AppData\Roaming\Imminent C:\Windows\system32\*.tmp C:\Windows\System32\Tasks\Update DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A57136FB-14AA-475C-A6D9-90575A2FB5F6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A57136FB-14AA-475C-A6D9-90575A2FB5F6}" => Key deleted successfully. C:\Windows\System32\Tasks\Update\cryptex => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\cryptex" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCDD0FAA-E2D9-43E1-AD37-33F3945F02DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDD0FAA-E2D9-43E1-AD37-33F3945F02DC}" => Key deleted successfully. C:\Windows\System32\Tasks\Update\Google Update => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\Google Update" => Key deleted successfully. HKU\S-1-5-21-2253125196-3734906773-2982781718-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LightShot => value deleted successfully. C:\Program Files (x86)\Temp => Moved successfully. C:\Users\Krzycho\AppData\Roaming\EF611A56-1B3A-4EC8-9C3F-71D219768C5E => Moved successfully. C:\Users\Krzycho\AppData\Roaming\Imminent => Moved successfully. C:\Windows\system32\*.tmp => Moved successfully. C:\Windows\System32\Tasks\Update => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update => Key Deleted successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 07:37:10 ====