Klikniecie w okno przegladarki powoduje otwarcie nowej karty z ankieta

Klikniecie w okno przegladarki [firefox i googlehrome] powoduje otwarcie nowej karty ze strona z ankieta. [http://fr.gov-surveys.com/rp/v1.html?voluumdata=vid..00000003-782f-449f-8000-000000000000__vpid..f1e36800-6d6e-11e4-87ce-a76ea106a8a5__caid..61e62b63-b0ee-4957-a11b-776975a097b0__lid..b8668bcf-0f65-4da9-b233-7e2a99593a24__rt..DJ__oid1..eaf883b9-1379-485a-b7aa-0b5260df7785__oid2..de098afd-e27a-44a3-a005-0eb0108b8951__oid3..234ead1f-5db8-4d30-8106-081cf4ab66b0__oid4..c316856e-2eb6-4981-8bbe-0824100dcf79__oid5..681d7797-9025-44fb-85db-65c185914f6c__oid6..68a536f7-c8ae-4414-be8c-1ea247030a7d__oid7..349ad406-0a37-41bd-9243-e46337fcd46c__oid8..fdee3a80-a33c-4f31-b65c-670ec2c7b744__var2..forum.\dobreprogramy.\pl&keyword=forum.dobreprogramy.pl](http://fr.gov-surveys.com/rp/v1.html?voluumdata=vid..00000003-782f-449f-8000-000000000000 vpid…f1e36800-6d6e-11e4-87ce-a76ea106a8a5 caid…61e62b63-b0ee-4957-a11b-776975a097b0 lid…b8668bcf-0f65-4da9-b233-7e2a99593a24 rt…DJ oid1…eaf883b9-1379-485a-b7aa-0b5260df7785 oid2…de098afd-e27a-44a3-a005-0eb0108b8951 oid3…234ead1f-5db8-4d30-8106-081cf4ab66b0 oid4…c316856e-2eb6-4981-8bbe-0824100dcf79 oid5…681d7797-9025-44fb-85db-65c185914f6c oid6…68a536f7-c8ae-4414-be8c-1ea247030a7d oid7…349ad406-0a37-41bd-9243-e46337fcd46c oid8…fdee3a80-a33c-4f31-b65c-670ec2c7b744__var2…forum%5C.%5Cdobreprogramy%5C.%5Cpl&keyword=forum.dobreprogramy.pl)

Adwcleaner nie pomogl. Skanowanie avastem nie wykazuje zadnych infekcji.

 

Logi z Farbar Recovery Scan Tool

FRST http://wklej.to/sWWeL

Addition http://wklej.to/jJtGh

Odinstaluj McAfee Security Scan Plus

Hosts:
Task: {44FC56CB-485E-4FC2-A9DA-F06AA8888720} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C96D134E-02EB-4B97-8EBD-32AC9A77A965} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CF7D0429-53CF-44E6-8750-4AC9D095FCF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [stv_fr_17] => [X]
HKLM-x32\...\Run: [fst_fr_283] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
FF DefaultSearchUrl: https://fr.search.yahoo.com/yhs/search
FF Keyword.URL: https://fr.search.yahoo.com/yhs/search
R2 aTCkbbqkU; C:\ProgramData\KhQTOUuOK\aTCkbbqkU.exe [2321776 2014-11-11] (Acute Angle Solutions Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
2014-11-15 21:32 - 2014-11-15 21:32 - 00000000 ____ D () C:\SafeWeb
2014-11-15 11:00 - 2014-11-15 11:06 - 00000000 ____ D () C:\AdwCleaner
2014-11-14 11:07 - 2014-11-14 20:24 - 00000000 ____ D () C:\ProgramData\Spybot - Search & Destroy
2014-11-14 11:07 - 2014-11-14 11:12 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-14 11:07 - 2014-11-14 11:07 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-14 11:07 - 2014-11-14 11:07 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-14 11:07 - 2014-11-14 11:07 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-14 11:07 - 2014-11-14 11:07 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-14 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-14 11:04 - 2014-11-14 11:04 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\aleks\Desktop\spybot-2.4.exe
2014-11-14 10:50 - 2014-11-16 10:06 - 00000000 ____ D () C:\Users\aleks\AppData\Local\SafeWeb
2014-11-11 11:18 - 2014-11-11 12:44 - 00000000 ____ D () C:\ProgramData\KhQTOUuOK
EmpTytemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.