Po włączeniu systemu przeglądarka sama automatycznie otwiera z ruską stronę z reklamiami
Logi OTL:
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Otwórz Notatnik i wklej:
Task: {B8E2D159-2E73-4262-AAC6-48E9BB3D8A9E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1876139344-2774360189-3690292869-1000Core = C:\Users\Ernest\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24] (Facebook Inc.)
Task: {D5F618F0-34FC-47E8-8CA1-E84762E69F51} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1876139344-2774360189-3690292869-1000UA = C:\Users\Ernest\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1876139344-2774360189-3690292869-1000Core.job = C:\Users\Ernest\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1876139344-2774360189-3690292869-1000UA.job = C:\Users\Ernest\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\Run: [Facebook Update] = C:\Users\Ernest\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-24] (Facebook Inc.)
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\Run: [CMD] = cmd.exe /c start http://extendedunlimited.org exit ===== ATTENTION
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\MountPoints2: {5c72bd0e-b1f2-11e3-8f2f-8c89a5816dcf} - G:\autorun.exe
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\MountPoints2: {c4e3238f-de62-11e3-8f7a-8c89a5816dcf} - H:\AutoRun.exe
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\MountPoints2: {c4e3239a-de62-11e3-8f7a-e83a52340a84} - H:\AutoRun.exe
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\MountPoints2: {eb21ed7d-1d55-11e4-a844-8c89a5816dcf} - H:\start.exe
HKU\S-1-5-21-1876139344-2774360189-3690292869-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-11] (Microsoft Corporation) ==== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {71E38050-01EE-42B3-AB59-4CD81A0FECF4} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
SearchScopes: HKCU - {71E38050-01EE-42B3-AB59-4CD81A0FECF4} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1ei=utf-8ilc=12type=888596p=
FF SearchPlugin: C:\Users\Ernest\AppData\Roaming\Mozilla\Firefox\Profiles\v6ezkzyj.default\searchplugins\yahoo_ff.xml
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_cdcecm; system32\DRIVERS\ew_cdcecm.sys [X]
S3 NTIOLib_1_0_C; \\F:\NTIOLib_X64.sys [X]
S1 rsddlwcm; \\C:\Windows\system32\drivers\rsddlwcm.sys [X]
2014-10-07 19:55 - 2014-10-07 20:00 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Dzięki problem został rozwiązany 
Skasuj folder C:\FRST