Jak usunąć z komputera Yoursites123? Logi z FRST.

Mam problem z usunięciem yoursites123.
Proszę o pomoc.

Odinstaluj: WinZipper

Obok frst.exe utworz plik fixlist.txt z zawartoscia:
Task: {04A2C29C-997A-42E5-B0EF-8D048E114639} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {0CE9F7F4-A599-48C2-9FE4-CC1B05E4E27E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {6D556EF1-91A3-41D0-A53A-921B57C37B69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {81E95849-B3F0-4309-9C49-564B2AB7B207} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {A63068B9-E131-4776-B7E2-F1E1927FD688} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {A95B35F9-1ABD-47B8-B3EF-7250B937DE7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {B482BB3D-A0DC-4179-BEE3-11C102610173} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {BABDAC58-6861-46AB-8B9B-7A31A3BC1560} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {C12AD254-58C6-4CA6-9FF2-A4D3832ADBCE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
Task: {D9CE73BA-B230-47F1-988E-CCB270DCAA5C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {DF341EAA-A571-4732-89A3-F311C2A52FBB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2187988514-1794954199-2892735946-1001Core.job => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2187988514-1794954199-2892735946-1001UA.job => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(TFuns LIMITED) C:\ProgramData\6WdM6\WdMan.exe
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\...\Run: [Facebook Update] => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-29] (Facebook Inc.)
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\...\Run: [Opencl] => "C:\Users\Ola\AppData\Roaming\Opencl\nircmd.exe" exec hide "C:\Users\Ola\AppData\Roaming\Opencl\start.bat"
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\...\MountPoints2: {0b548e29-d560-11e3-8250-8056f225854c} - "F:\setup.exe"
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\...\MountPoints2: {4f2f04b2-47e6-11e5-805c-a0481c20acdf} - "G:\LG_PC_Programs.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252970&z=f82dd2913788915cfdc7e72g8zbz7m9o9w3oftbq1w&from=wpm07173&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252970&z=f82dd2913788915cfdc7e72g8zbz7m9o9w3oftbq1w&from=wpm07173&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130918016054186860&GUID=435E055D-6717-41ED-8F38-0707BFC6FD4E
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445850670&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx11e431100311003&z=efbcdaccb3afbd83d24f65fg3zezbw6bcw8e9qcq3b
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130918016054180003&GUID=435E055D-6717-41ED-8F38-0707BFC6FD4E
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445850670&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx11e431100311003&z=efbcdaccb3afbd83d24f65fg3zezbw6bcw8e9qcq3b
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130918016054183892&GUID=435E055D-6717-41ED-8F38-0707BFC6FD4E
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445850670&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx11e431100311003&z=efbcdaccb3afbd83d24f65fg3zezbw6bcw8e9qcq3b
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1448614346&z=e7e428ab12f6b22ad820344g8z1z5b4q7g9zec4z3z&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPALL13/175
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1448614346&z=e7e428ab12f6b22ad820344g8z1z5b4q7g9zec4z3z&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
SearchScopes: HKLM -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449865787&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=3219913727_198313_4E95D461
Edge HomeButtonPage: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: yoursites123
FF Extension: YahooToolsProtected - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\yahooprotected@gmail.com [2015-12-11] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\defsearchp@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\default_newtabff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\sidebarff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\yahooprotected@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449865787&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=3219913727_198313_4E95D461
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
S2 WdMan; C:\ProgramData\6WdM6\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-12-11 21:30 - 2015-12-11 21:40 - 00000000 ____D C:\ProgramData\6WdM6
2015-11-27 16:37 - 2015-11-27 16:37 - 00000000 ____D C:\Users\Ola\AppData\Roaming\eCyber
2015-11-27 09:57 - 2015-12-05 15:44 - 00000000 ____D C:\ProgramData\MWMiniProM
2015-12-11 21:42 - 2015-10-13 11:23 - 00000000 ____D C:\Program Files (x86)\WinZipper
2015-12-11 21:30 - 2015-09-29 20:37 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-12-10 12:11 - 2015-08-11 08:45 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-05 15:37 - 2015-11-11 15:48 - 00000000 ____D C:\ProgramData\nWMiniPron
2015-12-05 15:36 - 2015-11-11 15:42 - 00000000 ____D C:\ProgramData\5WMiniPro5
2015-12-05 15:36 - 2015-10-13 11:19 - 00000000 ____D C:\ProgramData\8WdsManPro8
EmptyTemp:

W FRST wybierz Napraw.

Usun katalog C:\FRST i to wszystko.

Odinstaluj Adobe Reader 9.3 - Polish, WinZipper. Otwórz notatnik systemowy i wklej:

Cytat:

Task: {04A2C29C-997A-42E5-B0EF-8D048E114639} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {0CE9F7F4-A599-48C2-9FE4-CC1B05E4E27E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {4190FD9A-635D-4644-8A3B-7AB338FFAC49} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2187988514-1794954199-2892735946-1001Core => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-29] (Facebook Inc.)
Task: {6D556EF1-91A3-41D0-A53A-921B57C37B69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {81E95849-B3F0-4309-9C49-564B2AB7B207} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {A63068B9-E131-4776-B7E2-F1E1927FD688} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {A95B35F9-1ABD-47B8-B3EF-7250B937DE7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {B482BB3D-A0DC-4179-BEE3-11C102610173} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {BABDAC58-6861-46AB-8B9B-7A31A3BC1560} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {C12AD254-58C6-4CA6-9FF2-A4D3832ADBCE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
Task: {D9CE73BA-B230-47F1-988E-CCB270DCAA5C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {DF341EAA-A571-4732-89A3-F311C2A52FBB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {EEC55EF5-72FC-4A20-81A0-7A9960E3E95D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2187988514-1794954199-2892735946-1001UA => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-29] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2187988514-1794954199-2892735946-1001Core.job => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2187988514-1794954199-2892735946-1001UA.job => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\...\Run: [Facebook Update] => C:\Users\Ola\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-29] (Facebook Inc.)
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\...\Run: [Opencl] => "C:\Users\Ola\AppData\Roaming\Opencl\nircmd.exe" exec hide "C:\Users\Ola\AppData\Roaming\Opencl\start.bat"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252970&z=f82dd2913788915cfdc7e72g8zbz7m9o9w3oftbq1w&from=wpm07173&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447252970&z=f82dd2913788915cfdc7e72g8zbz7m9o9w3oftbq1w&from=wpm07173&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445850670&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx11e431100311003&z=efbcdaccb3afbd83d24f65fg3zezbw6bcw8e9qcq3b
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445850670&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx11e431100311003&z=efbcdaccb3afbd83d24f65fg3zezbw6bcw8e9qcq3b
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445850670&from=mych123&uid=wdcxwd10jpvx-60jc3t0_wd-wx11e431100311003&z=efbcdaccb3afbd83d24f65fg3zezbw6bcw8e9qcq3b
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1448614346&z=e7e428ab12f6b22ad820344g8z1z5b4q7g9zec4z3z&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPALL13/175
HKU\S-1-5-21-2187988514-1794954199-2892735946-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1448614346&z=e7e428ab12f6b22ad820344g8z1z5b4q7g9zec4z3z&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003&q={searchTerms}
SearchScopes: HKLM -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449865787&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=3219913727_198313_4E95D461
Edge HomeButtonPage: HKU\S-1-5-21-2187988514-1794954199-2892735946-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449842962&z=ea650aa45ffe5e0dd34204fg6zazatcbdz0o1t4qao&from=ient07021&uid=WDCXWD10JPVX-60JC3T0_WD-WX11E431100311003
FF SelectedSearchEngine: yoursites123
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml [2014-03-22]
FF Extension: YahooToolsProtected - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\a4lsemeo.default\extensions\yahooprotected@gmail.com [2015-12-11] [Brak podpisu cyfrowego]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449865787&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=3219913727_198313_4E95D461
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
R2 WdMan; C:\ProgramData\6WdM6\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-12-11 21:30 - 2015-12-11 21:40 - 00000000 ____D C:\ProgramData\6WdM6
2015-11-27 16:37 - 2015-11-27 16:37 - 00000000 ____D C:\Users\Ola\AppData\Roaming\eCyber
2015-11-27 09:57 - 2015-12-05 15:44 - 00000000 ____D C:\ProgramData\MWMiniProM
2015-12-05 15:37 - 2015-11-11 15:48 - 00000000 ____D C:\ProgramData\nWMiniPron
2015-12-05 15:36 - 2015-11-11 15:42 - 00000000 ____D C:\ProgramData\5WMiniPro5
2015-12-05 15:36 - 2015-10-13 11:19 - 00000000 ____D C:\ProgramData\8WdsManPro8
2015-11-27 09:56 - 2015-10-13 11:21 - 00000000 ____D C:\Users\Ola\AppData\Roaming\TSv
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Dziękuję Wam bardzo!

Nawet Kaspersky sobie z tym nie radził.
Swoją drogą sprytnie ukryli tego winzippera, kilka razy sprawdzałam tą listę.
A co jest nie tak z tym Adobe Readerem? Oczywiście usunęłam to, ale myślałam, że to ten "dobry".

Zainstaluj najnowszą wersję lub FoxitReader. Z winzipperem radzi sobie AdwCleaner.

To wszystko.
Zamykam temat.