Tym razem siostra nabałaganiła na swoim lapku… Wstawiam logi…
Bardzo proszę o pomoc 
Odinstaluj Norton Security Scan.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-1292483907-2650973845-183384328-1000\...\Run: [Yahoo! Search] => C:\Users\a\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
Toolbar: HKU\S-1-5-21-1292483907-2650973845-183384328-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF SearchPlugin: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\xhwftonv.default\searchplugins\keepmysearch.xml [2014-06-26]
FF Extension: FF Toolbar - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\xhwftonv.default\Extensions\1426622601_xpi [2015-03-17]
FF Extension: BatBrowse 1.0.1 - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\xhwftonv.default\Extensions\{97c4cab6-61b3-4540-9274-f278ba746bf7}.xpi [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
U2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2015-07-28 12:03 - 2015-07-28 12:05 - 00000000 ____ D C:\AdwCleaner
2015-07-23 07:39 - 2015-07-23 07:39 - 00000000 __SHD C:\found.007
2015-07-22 18:31 - 2015-07-22 18:31 - 86837264 _____ (Nero AG) C:\Users\a\Downloads\Nero_BurningROM2015-16.0.02600_softonic_trial.exe
2013-10-30 22:51 - 2013-10-30 22:51 - 0223970 _____ () C:\ProgramData\1383156023.bdinstall.bin
2013-09-07 20:04 - 2013-09-07 20:04 - 0822721 _____ () C:\ProgramData\1378579083.bdinstall.bin
CustomCLSID: HKU\S-1-5-21-1292483907-2650973845-183384328-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1292483907-2650973845-183384328-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\a\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
Task: {0A923D28-0F02-4DDC-997D-6AFBE8828951} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {A2B69FB5-679E-446C-A0E7-49C1D3D76564} - System32\Tasks\Norton Security Scan for a => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: C:\Windows\Tasks\Norton Security Scan for a.job => C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.