snapdo - problem

[kaczmarek]

Prośba o pomoc
problem dotyczy snapdo, mega mi zaśmiecił przeglądarki, nie moge sobie z tym poradzić
linki do logów frst
http://www.wklej.eu/index.php?id=2151ad8177
link do gmer
http://www.wklej.eu/index.php?id=4a752c18df
czy coś jeszcze mogę zrobić


prosze o pomoc heeeelpppp

[mateo8898]

Podaj komplet logów z FRST otl-gmer-i-inne-poradnik-t13967-15.html#p164179 (mają być 3)

[kaczmarek]

no to działamy dalej:)
w linkach wszystkie 3
short
http://www.wklej.eu/index.php?id=f5b16a9a36
addit
http://www.wklej.eu/index.php?id=bc6e3c3454
frst
http://www.wklej.eu/index.php?id=31332f9e87
poszło
i pozdro
marcin

[mateo8898]

1.Odinstaluj shopperz, The Sea App.
2. Wklej do notatnika:

Task: {14D5F6A0-71B5-4E96-AC03-EEE232B129C8} - System32\Tasks\Jadmeyf => C:\PROGRA~1\Mutloa\Etunpo.bat
C:\PROGRA~1\Mutloa
Task: {57FA3F8E-6568-4344-8934-A7809C40C65A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess Brak pliku <==== UWAGA
Task: {5BDED259-CB20-4BD9-A8C2-A5B31E787E0C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig Brak pliku <==== UWAGA
Task: {65963502-B009-43D6-8256-039B4E1442A6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d Brak pliku <==== UWAGA
Task: {9BC4DD81-468F-4E30-8C6C-AEC7B7966C05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d Brak pliku <==== UWAGA
Task: {B3C44A9A-F35C-49EC-B775-B1DE26A9DC6B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent Brak pliku <==== UWAGA
Task: {C397BFB0-80ED-46CD-BE61-33C9031955F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d Brak pliku <==== UWAGA
Task: {C8341FFC-6D41-4088-AF1C-6C374282EA16} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd Brak pliku <==== UWAGA
Task: {C8362C7B-0AD4-405A-BC5E-74C80F3AF94D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent Brak pliku <==== UWAGA
Task: {CC849968-509F-4B98-8B1D-B5D19134FD13} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d Brak pliku <==== UWAGA
Task: {CFB266C2-E7A8-4087-8F95-FFB61CC66BCA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d Brak pliku <==== UWAGA
Task: {D0331040-0FD6-4B09-A888-0DFE50FC22F5} - \Program aktualizacji online produktu Real Player. Brak pliku <==== UWAGA
Task: {FDA23A7A-4459-4D5A-8056-49E6CD501CEA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B Brak pliku <==== UWAGA
Task: {FF1E25FF-835C-4587-A4C0-0A9EA785427B} - \Program aktualizacji online firmy Adobe. Brak pliku <==== UWAGA
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) hxxp://www%2dsearching.com/?prd=set_epf&s=g47ztutbl11aj,09481704-e069-4575-8763-39572adaaac6,
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) %SNP%
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) hxxp://www%2dsearching.com/?prd=set_epf&s=g47ztutbl11aj,09481704-e069-4575-8763-39572adaaac6,
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) hxxp://www%2dsearching.com/?prd=set_epf&s=g47ztutbl11aj,09481704-e069-4575-8763-39572adaaac6,
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) %SNP%
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk C:\Windows\explorer.exe (Microsoft Corporation) "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=G47ztutbl11AJ,09481704-e069-4575-8763-39572adaaac6,"
ShortcutWithArgument: C:\Users\eDiving.pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) hxxp://www%2dsearching.com/?prd=set_epf&s=g47ztutbl11aj,09481704-e069-4575-8763-39572adaaac6,
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286784 2015-10-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [dply_en_015020290] => [X]
HKLM-x32\...\Run: [mbot_en_037050289] => [X]
HKLM-x32\...\Run: [rec_fr_245] => [X]
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [720112 2016-02-24] ()
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\...\Run: [svchost0] => C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe
C:\Program Files (x86)\UCBrowser\
AppInit_DLLs-x32: C:\ProgramData\AppxedtatS\Dripsing.dll => C:\ProgramData\AppxedtatS\Dripsing.dll [257536 2016-04-07] ()
C:\ProgramData\AppxedtatS
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
AutoConfigURL: [S-1-5-21-3882605444-1655736625-3912300315-1001] => hxxp://un-stop.biz/wpad.dat?f9b33de22e4cd4983bfbc8392c43dfac8534823
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0A0C0A0EyEtD0EtC0FzztN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StB0F0E0EzzyC0CtAtGyDtCyC0AtGzztB0FtCtGtCtByByBtG0C0AyEyBtB0E0D0F0DtCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytA0BtC0B0FyCtGzyyDyD0DtGyEtCzzyDtGzyyC0B0BtG0FtAtAyCtAzztB0CyBtA0E0F2QtN0A0LzuyE%26cr%3D1312944823%26a%3Dwbf_kmpswt_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0A0C0A0EyEtD0EtC0FzztN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StB0F0E0EzzyC0CtAtGyDtCyC0AtGzztB0FtCtGtCtByByBtG0C0AyEyBtB0E0D0F0DtCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytA0BtC0B0FyCtGzyyDyD0DtGyEtCzzyDtGzyyC0B0BtG0FtAtAyCtAzztB0CyBtA0E0F2QtN0A0LzuyE%26cr%3D1312944823%26a%3Dwbf_kmpswt_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP5B3Hm8M0zceX9M981DfKSouJoj-5lg2LnpZkMbhP00sSuKSU24jGkb5-cNVaR0DYrGwoef9UdTstt_YGHJEHYXt78KnnL425W6ipdB_bFoA-giMAJNflDHqn7Jgb_Gw0bmWmcBOg43Jw877HYSjxVNufA_GeXCS6GXbN_wMTuxA,,&q={searchTerms}
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP5B3Hm8M0zceX9M981DfKSouJoj-5lg2LnpZkMbhP00sSuKSU24jGkb5-cNVaR0DYrGwoef9UdTstt8d45uSHvcfkOxg_T8FovKA6bHGV2yQSCBiDk9heKH5GvXnVjcnFaO3ktLxgdu7THfIANhKaHzq7rAx7xtAJW7oTi7GEUaQ,,
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0A0C0A0EyEtD0EtC0FzztN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StB0F0E0EzzyC0CtAtGyDtCyC0AtGzztB0FtCtGtCtByByBtG0C0AyEyBtB0E0D0F0DtCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytA0BtC0B0FyCtGzyyDyD0DtGyEtCzzyDtGzyyC0B0BtG0FtAtAyCtAzztB0CyBtA0E0F2QtN0A0LzuyE%26cr%3D1312944823%26a%3Dwbf_kmpswt_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP5B3Hm8M0zceX9M981DfKSouJoj-5lg2LnpZkMbhP00sSuKSU24jGkb5-cNVaR0DYrGwoef9UdTstt_YGHJEHYXt78KnnL425W6ipdB_bFoA-giMAJNflDHqn7Jgb_Gw0bmWmcBOg43Jw877HYSjxVNufA_GeXCS6GXbN_wMTuxA,,&q={searchTerms}
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP5B3Hm8M0zceX9M981DfKSouJoj-5lg2LnpZkMbhP00sSuKSU24jGkb5-cNVaR0DYrGwoef9UdTstt_YGHJEHYXt78KnnL425W6ipdB_bFoA-giMAJNflDHqn7Jgb_Gw0bmWmcBOg43Jw877HYSjxVNufA_GeXCS6GXbN_wMTuxA,,&q={searchTerms}
SearchScopes: HKLM DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0A0C0A0EyEtD0EtC0FzztN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StB0F0E0EzzyC0CtAtGyDtCyC0AtGzztB0FtCtGtCtByByBtG0C0AyEyBtB0E0D0F0DtCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytA0BtC0B0FyCtGzyyDyD0DtGyEtCzzyDtGzyyC0B0BtG0FtAtAyCtAzztB0CyBtA0E0F2QtN0A0LzuyE%26cr%3D1312944823%26a%3Dwbf_kmpswt_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0A0C0A0EyEtD0EtC0FzztN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StB0F0E0EzzyC0CtAtGyDtCyC0AtGzztB0FtCtGtCtByByBtG0C0AyEyBtB0E0D0F0DtCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytA0BtC0B0FyCtGzyyDyD0DtGyEtCzzyDtGzyyC0B0BtG0FtAtAyCtAzztB0CyBtA0E0F2QtN0A0LzuyE%26cr%3D1312944823%26a%3Dwbf_kmpswt_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321538&octid=EB_ORIGINAL_CTID&ISID=M6E3976D3-8FB2-4187-A06A-3189825A0957&SearchSource=58&CUI=&UM=8&UP=SP40667BAC-3C74-493A-BBBF-2BFEE3BE526F&D=040616&q={searchTerms}&SSPV=SP3126TB_sp_ie
SearchScopes: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 {1AC0F2E6-01B7-47E9-9EF8-EE2C6D44BAB5} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G47ztutdk0004,7c4ae393-1f36-4f4e-99e2-4b42ab507f71
SearchScopes: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 {41E96131-B72B-4A5C-B505-3229D1A8C1E5} URL = hxxp://www.trovi.com/Results.aspx?q={searchTerms}&GD=SY1000167&SearchSource=56&UM=2
SearchScopes: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0A0C0A0EyEtD0EtC0FzztN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StB0F0E0EzzyC0CtAtGyDtCyC0AtGzztB0FtCtGtCtByByBtG0C0AyEyBtB0E0D0F0DtCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytA0BtC0B0FyCtGzyyDyD0DtGyEtCzzyDtGzyyC0B0BtG0FtAtAyCtAzztB0CyBtA0E0F2QtN0A0LzuyE%26cr%3D1312944823%26a%3Dwbf_kmpswt_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 {8F1E9317-0220-44FD-844A-BBD1E52E567A} URL = hxxps://fr.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 {A29EF84A-BF9B-4699-9523-72C635FC24EF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN23218753821393629&UM=1
BHO-x32: uTorrentControl_v6 Toolbar {96f454ea-9d38-474f-b504-56193e00c1a5} C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll [2013-10-15] (Conduit Ltd.)
C:\Program Files (x86)\uTorrentControl_v6
Toolbar: HKU\S-1-5-21-3882605444-1655736625-3912300315-1001 Brak nazwy - {96F454EA-9D38-474F-B504-56193E00C1A5} - Brak pliku
FF NewTab: C:\ProgramData\AppxedtatSs\ff.NT
FF Keyword.URL: hxxp://www-searching.com/search.aspx?s=G47ztutbl11AJ,09481704-e069-4575-8763-39572adaaac6,&prd=smw&q=
FF Extension: Checked List 1.0.1 - C:\Users\eDiving.pl\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{2f69129d-a03f-4719-bd98-cdb9d6b0d6cf}.xpi [2016-04-05] [Brak podpisu cyfrowego]
FF Extension: GsearchFinder - C:\Users\eDiving.pl\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-06]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => nie znaleziono
CHR DefaultSearchURL: Default hxxp://www-searching.com/search.aspx?s=G47ztutbl11AJ,09481704-e069-4575-8763-39572adaaac6,&prd=smw&q={searchTerms}
CHR DefaultSearchKeyword: Default www-searching.com
CHR DefaultSuggestURL: Default hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R2 Ojapoti; C:\Users\eDiving.pl\AppData\Roaming\Dhytoobkh\Dhytoobkh.exe [174416 2016-04-07] ()
C:\Users\eDiving.pl\AppData\Roaming\Dhytoobkh
S2 Epyzj; "C:\Users\eDiving.pl\AppData\Roaming\OeofiJogde\Kieroc.exe" -cms [X]
S2 Pikhar; "C:\Users\eDiving.pl\AppData\Roaming\MeqyKhuu\Acettopp.exe" -cms [X]
R1 {2f69129d-a03f-4719-bd98-cdb9d6b0d6cf}Gw64; C:\Windows\System32\drivers\{2f69129d-a03f-4719-bd98-cdb9d6b0d6cf}Gw64.sys [48744 2016-04-06] (StdLib)
EmptyTemp:

Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Napraw. Powstanie plik fixlog.txt, który podajesz na forum.
3. Użyj AdwCleaner http://forum.instalki.pl/frst-otl-gmer-i-inne-poradnik-t13967-15.html#p139531 z opcji Usuń i podaj utworzony log.
4. Podaj nowe logi z FRST.

Kolejność jak podałem.

[kaczmarek]

cześć
podaje fixlog
http://www.wklej.eu/index.php?id=e1cce17f29
teraz adwcleaner
http://www.wklej.eu/index.php?id=53ad80d6d1
i 3 z frst
frst
http://www.wklej.eu/index.php?id=5fc9124b26
Shortcut
http://www.wklej.eu/index.php?id=66b137ca23
Addition
http://www.wklej.eu/index.php?id=f9f297e38b
i jeszcze nie jest dobrze
masakra
wysakujące okna cały czas i to mega, ledwo zrobiłem-wysłałem te logi

[mateo8898]

Nie będzie tak łatwo
1. Wklej do notatnika:

R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-07] ()
2016-04-07 09:31 - 2016-04-06 21:51 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2f69129d-a03f-4719-bd98-cdb9d6b0d6cf}Gw64.sys
2016-04-07 09:30 - 2016-04-07 09:30 - 00000000 ____D C:\Users\eDiving.pl\AppData\Local\tuto_monetize_120160406
2016-04-07 09:25 - 2016-04-07 09:29 - 00000000 ____D C:\Users\eDiving.pl\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-07 09:24 - 2016-04-08 00:22 - 00000000 ____D C:\Users\eDiving.pl\AppData\Local\Tempfolder
2016-04-07 09:24 - 2016-04-07 09:24 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys

Plik zapisujesz pod nazwą fixlist.txt i umieść na pendrive razem z FRST.
2. Uruchom FRST spod WinRE http://www.fixitpc.pl/topic/4414-diagno ... h-windows/
Kliknij FIX (napraw), na pendrive powstanie plik fixlog.txt, podajesz go na forum.
Następnie nowe logi z FRST (robione już "normalnie")

[kaczmarek]

kolejny raz cześć, zaczyna powoli działać
ale do końca to widzę daleko
podaje fixlog z uruchamiania spod WinRE
http://www.wklej.eu/index.php?id=16762e8666
i normalne
shortcut
http://www.wklej.eu/index.php?id=e07d1c194c
addition
http://www.wklej.eu/index.php?id=a096234bf1
frst
http://www.wklej.eu/index.php?id=8a2449bd4c

trochę zajęło, bo musiałem wczytać się co to znaczy uruchomić spod WinRE
i zrobić dysk na usb, ale nauka w las nie idzie

[mateo8898]

Odinstaluj Torch Music. Następnie wklej do notatnika:

Task: C:\WINDOWS\Tasks\SGKGIUYGPCDESEEY.job => C:\ProgramData\Service1104\Service1104.exe C:\ProgramData\Service1104eDiving\eDiving.pl <==== UWAGA
C:\ProgramData\Service1104
HKLM\...\Run: [IDSCCOMO28] => "C:\Program Files (x86)\Max Driver Updater\idsccom_O28.exe"
HKLM\...\Run: [IDSCCOM203] => "C:\Program Files (x86)\Hostify\idsccom_203.exe"
C:\Program Files (x86)\Max Driver Updater
C:\Program Files (x86)\Hostify
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\...\Run: [ALLMediaServer] => C:\Program Files (x86)\ALLMediaServer\MediaServer.exe [4985856 2013-07-17] (ALLPlayer.org)
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\...\Run: [BingSvc] => C:\Users\eDiving.pl\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3882605444-1655736625-3912300315-1001\...\RunOnce: [Uninstall C:\Users\eDiving.pl\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eDiving.pl\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
SearchScopes: HKLM-x32 DefaultScope - brak wartości
Toolbar: HKLM-x32 - Brak nazwy - {96f454ea-9d38-474f-b504-56193e00c1a5} - Brak pliku
FF Extension: Brak nazwy - C:\Users\eDiving.pl\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{2f69129d-a03f-4719-bd98-cdb9d6b0d6cf}.xpi [nie znaleziono]
2016-05-13 10:03 - 2013-11-19 05:38 - 00000074 _____ C:\Users\eDiving.pl\AppData\Roaming\sp_data.sys
EmptyTemp:

Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Napraw. Powstanie plik fixlog.txt, który podajesz na forum.
Następnie podaj nowe logi z FRST.