Baidu - не могу удалить! [not-a-virus:WebToolbar.Win32.CrossRider.pbj, not-a-virus:AdWare.MSIL.Agent.bff ]

Не могу удалить Baidu. Еще не удается проверить систему на вирусы CureIt ом - в какой-то момент программа вылетает, прекращает работу.

Уважаемый(ая) [B]taksa48[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\User\appdata\local\smartweb\smartwebapp.exe','');
QuarantineFile('C:\Users\User\appdata\local\smartweb\smartwebhelper.exe','');
QuarantineFile('C:\Program Files\xtab\cmdshell.exe','');
QuarantineFile('C:\Program Files\BonanzaDeals\BonanzaDealsUpdate.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\be0814b3-4b83-4414-8648-3f5471b7aac2.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-7.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-6.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-5.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-11.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-10.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-7.exe','');
QuarantineFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-6.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\8a2429ca-479d-4e62-a5c1-a9015d820131.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-7.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-6.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-5.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-3.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-2.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-11.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-7.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-6.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-5.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-4.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-3.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-2.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-11.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\HD-Quality-v3-codedownloader.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-4.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\4ad551d8-e871-48bf-8da2-9b833a0de90b.exe','');
QuarantineFile('C:\Program Files\HD-Quality-v3\1be335cc-64ab-46df-936a-28225240fc30.exe','');
DelCLSID('{00890530-6A9F-4be2-B1BB-73F01E2BB986}');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
DelBHO('{15DEE173-1BE9-4424-81E0-58A87076E9B1}');
DelBHO('{11111111-1111-1111-1111-110611171162}');
QuarantineFile('C:\Program Files\HD-Quality-v3\HD-Quality-v3-bho.dll','');
QuarantineFile('C:\Windows\system32\config\systemprofile\AppData\Local\screentk\screentoolkit.exe','');
QuarantineFile('C:\Windows\system32\config\systemprofile\AppData\Local\screentk\screentool.exe','');
QuarantineFile('C:\Windows\system32\config\systemprofile\AppData\Local\screentk\screentkup.exe','');
QuarantineFile('C:\Users\User\AppData\Roaming\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Users\User\AppData\Roaming\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\Users\User\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Users\User\AppData\Local\83B16480-1425930859-11D5-B38E-485B399765A2\bnss3957.exe','');
QuarantineFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDShellExt.dll','');
QuarantineFile('C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL','');
QuarantineFile('C:\Windows\system32\drivers\nethfdrv.sys','');
DeleteService('nethfdrv');
SetServiceStart('BdSandBox', 4);
DeleteService('BdSandBox');
SetServiceStart('BDSafeBrowser', 4);
DeleteService('BDSafeBrowser');
SetServiceStart('BDMWrench', 4);
DeleteService('BDMWrench');
SetServiceStart('BDFileDefend', 4);
DeleteService('BDFileDefend');
SetServiceStart('BDDefense', 4);
DeleteService('BDDefense');
SetServiceStart('BDArKit', 4);
DeleteService('BDArKit');
SetServiceStart('bd0004', 4);
DeleteService('bd0004');
SetServiceStart('bd0001', 4);
SetServiceStart('bd0003', 4);
DeleteService('bd0003');
SetServiceStart('bd0002', 4);
DeleteService('bd0002');
DeleteService('bd0001');
QuarantineFile('C:\Program Files\XTab\ProtectService.exe','');
QuarantineFile('C:\Windows\system32\nethtsrv.exe','');
QuarantineFile('C:\Program Files\QuickRef_1.10.0.9\Service\qrsvc.exe','');
QuarantineFile('C:\Program Files\Xaven\updateXaven.exe','');
QuarantineFile('C:\Program Files\Xaven\bin\utilXaven.exe','');
DeleteService('Util Xaven');
DeleteService('Update Xaven');
DeleteService('qrsvc_1.10.0.9');
DeleteService('NetHttpService');
DeleteService('IHProtect Service');
DeleteService('BDMRTP');
QuarantineFile('C:\Users\User\AppData\Roaming\83B16480-1425912703-11D5-B38E-485B399765A2\jnsrAED0.tmp','');
SetServiceStart('vyfesyzy', 4);
DeleteService('vyfesyzy');
SetServiceStart('sogrMed', 4);
DeleteService('sogrMed');
SetServiceStart('SCService', 4);
DeleteService('SCService');
SetServiceStart('PCSUService', 4);
DeleteService('PCSUService');
SetServiceStart('jidybopi', 4);
DeleteService('jidybopi');
SetServiceStart('BaiduHips', 4);
DeleteService('BaiduHips');
SetServiceStart('BDKVRTP', 4);
DeleteService('BDKVRTP');
SetServiceStart('BDSGRTP', 4);
DeleteService('BDSGRTP');
TerminateProcessByName('c:\program files\pc speed up\speedcheckerservice.exe');
TerminateProcessByName('c:\program files\pc speed up\pcsuservice.exe');
TerminateProcessByName('c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\nsm4407.tmpfs');
QuarantineFile('c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\nsm4407.tmpfs','');
TerminateProcessByName('c:\program files\mypc backup\mypc backup.exe');
QuarantineFile('c:\users\user\appdata\local\mediaplay\mediaplay.exe','');
TerminateProcessByName('c:\windows\microsoft\sogrmed\media player zupdater.exe');
QuarantineFile('c:\windows\microsoft\sogrmed\media player zupdater.exe','');
TerminateProcessByName('c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\jnsraed0.tmp');
QuarantineFile('c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\jnsraed0.tmp','');
QuarantineFile('c:\program files\mixvideoplayer\browserweb.exe','');
TerminateProcessByName('c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdkvwsc.exe');
TerminateProcessByName('c:\program files\common files\baidu\bddownload\108\bddownloader.exe');
TerminateProcessByName('c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe');
TerminateProcessByName('c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe');
TerminateProcessByName('c:\program files\common files\baidu\baiduprotect1.3\1.3.0.645\baiduprotect.exe');
TerminateProcessByName('c:\program files\common files\baidu\baiduhips\1.2.0.751\baiduhips.exe');
TerminateProcessByName('c:\program files\anyprotectex\anyprotect.exe');
DeleteFile('c:\program files\anyprotectex\anyprotect.exe','32');
DeleteFile('c:\program files\common files\baidu\baiduhips\1.2.0.751\baiduhips.exe','32');
DeleteFile('c:\program files\common files\baidu\baiduprotect1.3\1.3.0.645\baiduprotect.exe','32');
DeleteFile('c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe','32');
DeleteFile('c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe','32');
DeleteFile('c:\program files\common files\baidu\bddownload\108\bddownloader.exe','32');
DeleteFile('c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdkvwsc.exe','32');
DeleteFile('c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\jnsraed0.tmp','32');
DeleteFile('c:\windows\microsoft\sogrmed\media player zupdater.exe','32');
DeleteFile('c:\program files\mypc backup\mypc backup.exe','32');
DeleteFile('c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\nsm4407.tmpfs','32');
DeleteFile('c:\program files\pc speed up\pcsuservice.exe','32');
DeleteFile('c:\program files\pc speed up\speedcheckerservice.exe','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\ad.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavArchive.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavCommon.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavEngine.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavFrame.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavOle.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavScanH.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavScanM.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavScanV.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavUnpack.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDKVDeskBand.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDLogicUtils.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDKitUtils.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDMAVCached.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDMAVEng.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDMPerfMon.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDUDiskGuard.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\bduf.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\TrustAndIso.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMAVE.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMCommon.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMDbSqlite.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMFrameWork.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMReport.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BdSandCtl.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDShellExt.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\DriverManager.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\FileMon.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\HIPSClient.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\PrivacyProtect.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\Plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\Plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\Plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\skin_engine.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\websafe\DllInject.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\websafe\websafe.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\websafe\WebSafePlugin.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\ad.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsBusiness.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsCore.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduPrevUIn.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\bd0001.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDConfig.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDLogicUtils.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\bdmantivirus\BDKitUtils.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVCached.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVEng.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMBase.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMFrameWork.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMNet.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMReport.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMStringUtils.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BDMTinyXml.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\DriverManager.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\TrustAndIso.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\ad.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BDKitUtils.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BDLogicUtils.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BDMDownload.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BDMNet.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BDMReport.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\bdsg0001.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\DriverManager.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\dynplugins\ArKit.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\dynplugins\AssistReportPlugin.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\dynplugins\FileUpdatePlugin.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\dynplugins\FixSePlugin.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\dynplugins\HostPlugin.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\plugins\BaiduRepair.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\plugins\HIPS.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\SafeBrowserDll.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BDDownload\108\bdcomproxy.dll','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BDDownload\108\dl.dll','32');
DeleteFile('C:\Program Files\MyPC Backup\x86\SQLite.Interop.dll','32');
DeleteFile('C:\Program Files\PC Speed Up\agsXMPP.dll','32');
DeleteFile('C:\Program Files\PC Speed Up\ManagedWifi.dll','32');
DeleteFile('C:\Program Files\PC Speed Up\SharpBrake.dll','32');
DeleteFile('C:\Program Files\PC Speed Up\SpeedChecker.dll','32');
DeleteFile('C:\Program Files\PC Speed Up\sqlite3.dll','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0003.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\Windows\system32\drivers\BDDefense.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDFileDefend.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDSafeBrowser.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BdSandBox.sys','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe','32');
DeleteFile('C:\Users\User\AppData\Roaming\83B16480-1425912703-11D5-B38E-485B399765A2\jnsrAED0.tmp','32');
DeleteFile('C:\Program Files\Xaven\bin\utilXaven.exe','32');
DeleteFile('C:\Program Files\Xaven\updateXaven.exe','32');
DeleteFile('C:\Program Files\QuickRef_1.10.0.9\Service\qrsvc.exe','32');
DeleteFile('C:\Windows\system32\nethtsrv.exe','32');
DeleteFile('C:\Program Files\XTab\ProtectService.exe','32');
DeleteFile('C:\Windows\system32\drivers\nethfdrv.sys','32');
DeleteFile('C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','baidusdTray');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{00890530-6A9F-4be2-B1BB-73F01E2BB986}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WinCheck');
DeleteFile('C:\Users\User\AppData\Local\83B16480-1425930859-11D5-B38E-485B399765A2\bnss3957.exe','32');
DeleteFile('C:\Users\User\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb','command');
DeleteFile('C:\Users\User\AppData\Roaming\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Users\User\AppData\Roaming\Browsers\exe.resworb.bat','32');
DeleteFile('C:\Windows\system32\config\systemprofile\AppData\Local\screentk\screentkup.exe','32');
DeleteFile('C:\Windows\system32\config\systemprofile\AppData\Local\screentk\screentool.exe','32');
DeleteFile('C:\Windows\system32\config\systemprofile\AppData\Local\screentk\screentoolkit.exe','32');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','screentoolkit.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','screentoolkit.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','screentk');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','screentk');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','screentkUpdater');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','screentkUpdater');
DeleteFile('C:\Program Files\HD-Quality-v3\HD-Quality-v3-bho.dll','32');
DeleteFile('C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\websafe\WebMonBHO.dll','32');
DeleteFile('C:\Windows\Tasks\1be335cc-64ab-46df-936a-28225240fc30.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\1be335cc-64ab-46df-936a-28225240fc30.exe','32');
DeleteFile('C:\Program Files\HD-Quality-v3\4ad551d8-e871-48bf-8da2-9b833a0de90b.exe','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-4.exe','32');
DeleteFile('C:\Windows\Tasks\6b80c839-e25e-480d-bde0-a71261931aaf.job','32');
DeleteFile('C:\Windows\Tasks\4ad551d8-e871-48bf-8da2-9b833a0de90b.job','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-1.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\HD-Quality-v3-codedownloader.exe','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-11.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-11.exe','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-2.exe','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-2.job','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-3.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-3.exe','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-4.exe','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-4.job','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-5.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-5.exe','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-5_user.job','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-6.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-6.exe','32');
DeleteFile('C:\Windows\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-7.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\7bc57f99-2456-4b39-b657-eb2abeb77dd8-7.exe','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-1.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-11.exe','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-11.job','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-2.job','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-3.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-2.exe','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-3.exe','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-4.job','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-5.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-5.exe','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-5_user.job','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-6.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-6.exe','32');
DeleteFile('C:\Program Files\HD-Quality-v3\826199da-e6d9-4505-8fcd-a9b81f1bf51e-7.exe','32');
DeleteFile('C:\Windows\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-7.job','32');
DeleteFile('C:\Windows\Tasks\8a2429ca-479d-4e62-a5c1-a9015d820131.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\8a2429ca-479d-4e62-a5c1-a9015d820131.exe','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-6.job','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-7.job','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-7.exe','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-10.exe','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-10_user.job','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-11.exe','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-11.job','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-5.job','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-5.exe','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-5_user.job','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-6.job','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-6.exe','32');
DeleteFile('C:\Windows\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-7.job','32');
DeleteFile('C:\Program Files\MediaPlayerVid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-7.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\be0814b3-4b83-4414-8648-3f5471b7aac2.job','32');
DeleteFile('C:\Program Files\HD-Quality-v3\be0814b3-4b83-4414-8648-3f5471b7aac2.exe','32');
DeleteFile('C:\Windows\Tasks\f80660c5-98f9-4983-8b13-fafee6b2b74b.job','32');
DeleteFile('C:\Program Files\PC Speed Up\PCSUSD.exe','32');
DeleteFile('C:\Windows\Tasks\PC SpeedUp Service Deactivator.job','32');
DeleteFile('C:\Windows\system32\Tasks\1be335cc-64ab-46df-936a-28225240fc30','32');
DeleteFile('C:\Windows\system32\Tasks\6b80c839-e25e-480d-bde0-a71261931aaf','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-1','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-11','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-2','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-3','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-4','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-5','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-6','32');
DeleteFile('C:\Windows\system32\Tasks\7bc57f99-2456-4b39-b657-eb2abeb77dd8-7','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-1','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-11','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-2','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-3','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-4','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-5','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-6','32');
DeleteFile('C:\Windows\system32\Tasks\826199da-e6d9-4505-8fcd-a9b81f1bf51e-7','32');
DeleteFile('C:\Windows\system32\Tasks\8a2429ca-479d-4e62-a5c1-a9015d820131','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-11','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-5','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-6','32');
DeleteFile('C:\Windows\system32\Tasks\abd75755-eae6-49b2-a520-ed21a47ad2b6-7','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\BonanzaDealsUpdate','32');
DeleteFile('C:\Program Files\BonanzaDeals\BonanzaDealsUpdate.exe','32');
DeleteFile('C:\Windows\system32\Tasks\f80660c5-98f9-4983-8b13-fafee6b2b74b','32');
DeleteFile('C:\Windows\system32\Tasks\LaunchSignup','32');
DeleteFile('C:\Windows\system32\Tasks\PC SpeedUp Service Deactivator','32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','32');
DeleteFile('C:\Windows\system32\Tasks\Soft installer','32');
DeleteFile('C:\Program Files\xtab\cmdshell.exe','32');
DeleteFile('C:\Users\User\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('C:\Users\User\appdata\local\smartweb\smartwebapp.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 2[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

[B][COLOR="Blue"]Сделайте новые логи по правилам[/COLOR][/B]


Сделайте лог [url="http://virusinfo.info/soft/tool.php?tool=checkbrowserlnk"]Check Browsers' LNK[/url]

Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.

[b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
[list][*]Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.[*]Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]"List BCD"[/i] и [i]"Driver MD5"[/i].
[img]http://i.imgur.com/B92LqRQ.png[/img][*]Нажмите кнопку [b]Scan[/b].[*]После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.[*]Если программа была запущена в первый раз, будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.[/list]

спасибо. отправляю логи по инструкции. Извините, не поняла , additional.txt нужно было прикрепить здесь или в другом письме

[list][*]Скачайте [url=http://virusinfo.info/soft/tool.php?tool=ClearLNK]ClearLNK[/url] и сохраните архив с утилитой на рабочем столе.[*]Распакуйте архив с утилитой в отдельную папку.[*]Перенесите [B]Check_Browsers_LNK.log[/B] на ClearLNK как показано на рисунке

[img]http://dragokas.com/tools/move.gif[/img]
[*]Отчет о работе [b]ClearLNK-<Дата>.log[/b] будет сохранен в папке [b]LOG[/b].[*]Прикрепите этот отчет к своему следующему сообщению.[/list]

[list][*]Скопируйте приведенный ниже текст в Блокнот и сохраните файл как [b]fixlist.txt[/b] в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
[code]
CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1426353007&from=cmi&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426053447&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1426353007&from=cmi&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&q={searchTerms}
HKU\S-1-5-21-3587619661-2284978773-633053045-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1425916685&from=squadm&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&q={searchTerms}
HKU\S-1-5-21-3587619661-2284978773-633053045-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1425916685&from=squadm&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&q={searchTerms}
HKU\S-1-5-21-3587619661-2284978773-633053045-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
HKU\S-1-5-21-3587619661-2284978773-633053045-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426053447&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K
SearchScopes: HKLM -> DefaultScope {75D14039-97E9-4372-A1F0-8E7533F4E950} URL = http://yandex.ru/yandsearch?clid=1214622&amp;text={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1426053447&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&q={searchTerms}
SearchScopes: HKLM -> {75D14039-97E9-4372-A1F0-8E7533F4E950} URL = http://yandex.ru/yandsearch?clid=1214622&amp;text={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> Moikrug URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> Software URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> Yandex URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K&ts=1426053516&type=default&q={searchTerms}
BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
Toolbar: HKU\S-1-5-21-3587619661-2284978773-633053045-1001 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
FF Plugin: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll [2014-11-19] (百度在线网络技术（北京）有限公司)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-03-14] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-03-14] (globalUpdate)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\webalta-search.xml [2013-10-03]
FF Extension: HD-Quality-v3 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\[email protected] [2014-08-19]
FF Extension: jid1ZAdIEUB7XOzOJwjetpack - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack [2014-08-25]
FF Extension: passifoxhanhuycom - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\[email protected] [2014-09-07]
FF Extension: DealPly Shopping - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{906000a4-88d9-4d52-b209-7a772970d91f} [2013-10-28]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} [2013-09-29]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaWatchV1\MediaWatchV1home1125\ff
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3729\ff
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7199\ff
FF Extension: No Name - C:\Program Files\Pass-Widget\134.xpi [2013-10-28]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f} [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [Not Found]
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home1125\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3729\ff [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=mp2", "hxxp://www.mystartsearch.com/?type=hp&ts=1426353007&from=cmi&uid=ST3500418AS_9VML8D4KXXXX9VML8D4K"
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgomnbpelpcdicbnicimghcecemjpbef [2015-03-04]
CHR Extension: (Музыка и Видео с ВК!) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgcpabamadfhbaambaijdhdkkijlaea [2015-03-09]
CHR Extension: (fbiodiodggnlakggeeckkjccjhhjndnb) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiodiodggnlakggeeckkjccjhhjndnb [2015-03-18]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopefgobkmblbipkdebgnnlclchlakom [2015-03-15]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdknicmnhbaajdglbinpahhapghpakch [2014-12-21]
CHR HKLM\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dfejebanpfginnaimnohcbkclkihembm] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7199\ch\RichMediaViewV1release7199.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fbdagnimlohkpamglloopgfnoiijpmoj] - C:\Program Files\Pass-Widget\134.crx [2013-10-28]
CHR HKLM\...\Chrome\Extension: [fopefgobkmblbipkdebgnnlclchlakom] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jaeahnnfohikjnejpokeaaiinijhpfop] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nfboccfjefeohpcaihpeioppiabikmah] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3729\ch\MediaBuzzV1mode3729.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [njabjmhinndphfnbjehdalkphpdmepli] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\User\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [olokbbjcahdjfbbfoiebknobebkifccf] - C:\Program Files\MediaWatchV1\MediaWatchV1home1125\ch\MediaWatchV1home1125.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pchfckkccldkbclgdepkaonamkignanh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx
OPR Extension: (MediaPlayerVid1) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\jecgbfoconhopjngaaijjgffhokohlac [2015-03-14]
OPR Extension: (HD-Quality-v3) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-09-23]
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53832 2014-11-26] (Just Develop It) <==== ATTENTION
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-03-14] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-03-14] (globalUpdate) [File not signed]
S2 BaiduHips; C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]
S2 BDKVRTP; "C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe" -r [X]
S2 BDSGRTP; "C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe" -r [X]
R0 BDMWrench; C:\Windows\System32\DRIVERS\BDMWrench.sys [253000 2015-01-19] (Baidu)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 bd0003; system32\DRIVERS\bd0003.sys [X]
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
S2 BDArKit; system32\DRIVERS\BDArKit.sys [X]
S1 BDDefense; system32\drivers\BDDefense.sys [X]
S4 BDFileDefend; system32\DRIVERS\BDFileDefend.sys [X]
S2 BDSafeBrowser; system32\DRIVERS\BDSafeBrowser.sys [X]
S4 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
2015-03-20 20:29 - 2015-03-20 20:28 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsq4FAA.tmp
2015-03-20 20:27 - 2015-03-20 20:27 - 00000000 ____D () C:\Users\User\Documents\PCSpeedUp
2015-03-20 20:27 - 2015-03-20 20:27 - 00000000 ____D () C:\Users\User\AppData\Local\PriceFountain
2015-03-20 20:26 - 2015-03-25 19:13 - 00000000 ____D () C:\Program Files\PC Speed Up
2015-03-17 20:33 - 2015-03-17 20:33 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsg61F0.tmp
2015-03-15 16:55 - 2015-03-15 16:55 - 00002267 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2015-03-15 16:55 - 2015-03-15 16:55 - 00002267 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk
2015-03-15 16:55 - 2015-03-15 16:55 - 00002230 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Амиго.lnk
2015-03-15 16:48 - 2015-03-15 16:48 - 00000175 _____ () C:\Users\User\Desktop\Искать в Интернете.url
2015-03-15 10:09 - 2015-03-15 10:09 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsoA1FE.tmp
2015-03-14 22:10 - 2015-03-14 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\mystartsearch
2015-03-14 12:33 - 2015-03-14 12:33 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nstA922.tmp
2015-03-14 09:51 - 2015-03-23 19:46 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-03-14 08:51 - 2015-03-25 19:14 - 00000000 ____D () C:\Program Files\MediaPlayerVid1
2015-03-13 04:32 - 2015-03-13 04:32 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-03-12 08:54 - 2015-03-12 08:54 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nse243.tmp
2015-03-11 11:01 - 2015-03-11 12:48 - 00000000 ____D () C:\Users\User\SupTab
2015-03-11 10:59 - 2015-03-11 10:58 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nszCBAA.tmp
2015-03-11 07:33 - 2015-03-11 07:33 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsbEA25.tmp
2015-03-10 08:27 - 2015-03-10 08:26 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nso2869.tmp
2015-03-09 21:02 - 2015-03-09 21:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-03-09 20:58 - 2015-03-25 19:13 - 00000000 ____D () C:\Program Files\AnyProtectEx
2015-03-09 20:58 - 2015-03-23 20:06 - 00000000 ____D () C:\Users\Все пользователи\WindowsMangerProtect
2015-03-09 20:58 - 2015-03-23 20:06 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-09 20:58 - 2015-03-11 10:58 - 00000000 ____D () C:\Program Files\XTab
2015-03-09 20:58 - 2015-03-09 20:58 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsuC73A.tmp
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 __SHD () C:\Users\User\AppData\Roaming\AnyProtectEx
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 ____D () C:\Users\Все пользователи\IHProtectUpDate
2015-03-09 20:58 - 2015-03-09 20:58 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-09 20:57 - 2015-03-09 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\istartsurf
2015-03-09 20:54 - 2015-03-09 20:54 - 00000000 ____D () C:\Program Files\IGS
2015-03-09 20:53 - 2015-03-09 20:53 - 00000000 ____D () C:\Users\User\AppData\Local\83B16480-1425934387-11D5-B38E-485B399765A2
2015-03-09 20:42 - 2015-03-20 20:21 - 00000000 ____D () C:\Program Files\QuickRef_1.10.0.9
2015-03-09 20:41 - 2015-03-25 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\SmartWeb
2015-03-09 19:56 - 2015-03-09 19:56 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-03-09 19:54 - 2015-03-25 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\83B16480-1425930859-11D5-B38E-485B399765A2
2015-03-09 19:51 - 2015-03-25 19:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\83B16480-1425912703-11D5-B38E-485B399765A2
2015-03-09 19:51 - 2015-03-09 19:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\VOPackage
2015-03-09 19:51 - 2015-03-09 19:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-03-09 19:48 - 2015-03-25 19:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Browsers
2015-03-11 07:33 - 2015-03-11 07:33 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsbEA25.tmp
2015-03-12 08:54 - 2015-03-12 08:54 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nse243.tmp
2015-03-17 20:33 - 2015-03-17 20:33 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsg61F0.tmp
2015-03-10 08:27 - 2015-03-10 08:26 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nso2869.tmp
2015-03-15 10:09 - 2015-03-15 10:09 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsoA1FE.tmp
2015-03-20 20:29 - 2015-03-20 20:28 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsq4FAA.tmp
2015-03-14 12:33 - 2015-03-14 12:33 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nstA922.tmp
2015-03-09 20:58 - 2015-03-09 20:58 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsuC73A.tmp
2015-03-11 10:59 - 2015-03-11 10:58 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nszCBAA.tmp
2014-06-12 20:01 - 2014-06-12 20:01 - 0000006 _____ () C:\Users\User\AppData\Roaming\smw_inst
Task: {027760B5-663D-4F7F-8E45-011D70C28717} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {08B39F61-037E-4F5F-8DBC-6BB74D8DE58E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2015-03-14] (globalUpdate) <==== ATTENTION
Task: {0A671BFB-4F48-4948-9450-6467D86793FF} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
Task: {5510FC27-690F-4DC4-8C48-0DD4DFC99BB5} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {71375B3F-A7AF-4FE6-9871-F951D4A651F0} - \Soft installer No Task File <==== ATTENTION
Task: {D7758295-7590-4E21-8AC9-44B294B3AD03} - \LaunchSignup No Task File <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\Users\User\Local Settings:wa
AlternateDataStreams: C:\Users\User\AppData\Local:wa
AlternateDataStreams: C:\Users\User\AppData\Local\Application Data:wa
AlternateDataStreams: C:\Users\Все пользователи\TEMP:07BF512B
EmptyTemp:
[/code][*]Запустите FRST и нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении![*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/list]

[LIST][*]Скачайте [B][URL="http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner"]AdwCleaner (by Xplode)[/URL][/B] и сохраните его на [B]Рабочем столе[/B].[*]Запустите его (в ОС [B]Windows Vista/Seven[/B] необходимо запускать через правую кн. мыши [B]от имени администратора[/B]), нажмите кнопку [B]"Scan"[/B] и дождитесь окончания сканирования.[*]Когда сканирование будет завершено, отчет будет сохранен в следующем расположении: [B][COLOR="Blue"]C:\AdwCleaner\AdwCleaner[R0].txt[/COLOR][/B].[*]Прикрепите отчет к своему следующему сообщению.[/LIST]

Подробнее читайте в [URL="http://virusinfo.info/showthread.php?t=146192"]этом руководстве[/URL].

Отправляю логи по инструкции

[NOTICE]Очистку производите в безопасном режиме[/NOTICE]

[LIST][*]Запустите повторно [COLOR="Blue"][B]AdwCleaner (by Xplode)[/B][/COLOR] (в ОС [B]Windows Vista/Seven[/B] необходимо запускать через правую кн. мыши [B]от имени администратора[/B]), нажмите кнопку [B]"Scan"[/B], а по окончанию сканирования нажмите кнопку "[B]Очистить[/B]" ("[B]Clean[/B]") и дождитесь окончания удаления.[*]Когда удаление будет завершено, отчет будет сохранен в следующем расположении: [B][COLOR="Blue"]C:\AdwCleaner\AdwCleaner[S0].txt[/COLOR][/B].[*]Прикрепите отчет к своему следующему сообщению[/LIST]
[B]Внимание: [COLOR="Red"]Для успешного удаления нужна [U]перезагрузка компьютера[/U]!!![/COLOR][/B].

Подробнее читайте в [URL="http://virusinfo.info/showthread.php?t=146192"]этом руководстве[/URL].

высылаю лог AdwCleaner

Еще раз логи Farbar сделайте.

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]117[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\program files\mediaplayervid1\abd75755-eae6-49b2-a520-ed21a47ad2b6-11.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.pbj[/B] ( BitDefender: Gen:Application.Heur.Vv0@kCW9DKeO, AVAST4: Win32:Malware-gen )[*] c:\program files\xtab\cmdshell.exe - [B]not-a-virus:AdWare.Win32.SearchProtect.ky[/B][*] c:\users\user\appdata\local\mediaplay\mediaplay.exe - [B]not-a-virus:Downloader.Win32.MediaGet.emb[/B][*] c:\users\user\appdata\local\smartweb\smartwebapp.exe - [B]not-a-virus:AdWare.Win32.Agent.hpou[/B] ( DrWEB: Adware.Shopper.845 )[*] c:\users\user\appdata\local\smartweb\smartwebhelper.exe - [B]not-a-virus:AdWare.Win32.Agent.hpot[/B] ( DrWEB: Adware.Shopper.845 )[*] c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\jnsraed0.tmp - [B]not-a-virus:AdWare.Win32.AdSvc.ac[/B] ( AVAST4: Win32:Dropper-gen [Drp] )[*] c:\users\user\appdata\roaming\83b16480-1425912703-11d5-b38e-485b399765a2\nsm4407.tmpfs - [B]not-a-virus:AdWare.Win32.AdSvc.ad[/B] ( AVAST4: Win32:Adware-gen [Adw] )[*] c:\windows\microsoft\sogrmed\media player zupdater.exe - [B]not-a-virus:AdWare.MSIL.Agent.bff[/B][/LIST][/LIST]