Помогите, прогамы и браузеры устанавливаються сами по себе, тьма вирусов и троянов, ничего не помагает. [not-a-virus:WebToolbar.Win32.CrossRider.anvj, not-a-virus:AdWare.Win32.ConvertAd.bai ]

Помогите, прогамы и браузеры устанавливаються сами по себе, тьма вирусов и троянов, ничего не помагает.

Уважаемый(ая) [B]F1la[/B], спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="http://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

YAC (Yet Another Cleaner!) удалите через Установку программ

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\psuser.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\psmachine.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdateres_en.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe','');
QuarantineFile('C:\Program Files\elex-tech\yac\libcurl.dll','');
QuarantineFile('C:\Program Files\elex-tech\yac\isafechlp.dll','');
QuarantineFile('C:\Program Files\elex-tech\yac\ipcproxy.dll','');
QuarantineFile('C:\Program Files\elex-tech\yac\curlpp.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe','');
QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','');
QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-5.exe','');
QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-11.exe','');
QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-10.exe','');
QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-7.exe','');
QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-6.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV16.10\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.10\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV06.10\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.xoferif.bat','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010075\upgmsd_re_005010075.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010073\upgmsd_re_005010073.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010071\upgmsd_re_005010071.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010070\upgmsd_re_005010070.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010066\upgmsd_re_005010066.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010064\upgmsd_re_005010064.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010038\upgmsd_re_005010038.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010024\upgmsd_re_005010024.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010023.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010022.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010001\upgmsd_re_005010001.exe','');
QuarantineFile('C:\Program Files\gmsd_re_005010075\gmsd_re_005010075.exe','');
QuarantineFile('C:\Program Files\gmsd_re_005010073\gmsd_re_005010073.exe','');
QuarantineFile('C:\Program Files\gmsd_re_005010071\gmsd_re_005010071.exe','');
QuarantineFile('C:\Program Files\gmsd_re_005010070\gmsd_re_005010070.exe','');
QuarantineFile('C:\Program Files\gmsd_re_005010066\gmsd_re_005010066.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe','');
QuarantineFile('c:\docume~1\alluse~1\dxlorckjz.exe','');
QuarantineFile('C:\DOCUME~1\ALENA_~1\LOCALS~1\Temp\hnszs0.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010111\upgmsd_re_005010111.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010109\upgmsd_re_005010109.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010099\upgmsd_re_005010099.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010090\upgmsd_re_005010090.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010089\upgmsd_re_005010089.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010087\upgmsd_re_005010087.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010083\upgmsd_re_005010083.exe','');
DeleteService('QMUdisk');
DeleteService('TSSK');
DeleteService('iSafeKrnlBoot');
SetServiceStart('iSafeKrnl', 4);
SetServiceStart('iSafeKrnlKit', 4);
SetServiceStart('iSafeKrnlMon', 4);
SetServiceStart('iSafeKrnlR3', 4);
SetServiceStart('iSafeNetFilter', 4);
DeleteService('iSafeNetFilter');
DeleteService('iSafeKrnlR3');
DeleteService('iSafeKrnlMon');
DeleteService('iSafeKrnlKit');
DeleteService('iSafeKrnl');
SetServiceStart('cicebyfe', 4);
SetServiceStart('fequqegu', 4);
SetServiceStart('gyfywiky', 4);
SetServiceStart('hyqerywy', 4);
SetServiceStart('myfohexe', 4);
SetServiceStart('lomuxexu', 4);
SetServiceStart('rutexypo', 4);
SetServiceStart('SSFK', 4);
SetServiceStart('tifunuvo', 4);
SetServiceStart('totetucy', 4);
SetServiceStart('tukyhohi', 4);
SetServiceStart('velykupe', 4);
SetServiceStart('WdsManPro', 4);
SetServiceStart('xifekule', 4);
SetServiceStart('xohihegy', 4);
DeleteService('zedepory');
DeleteService('zegylute');
DeleteService('xohihegy');
DeleteService('xifekule');
DeleteService('WdsManPro');
DeleteService('velykupe');
DeleteService('tukyhohi');
DeleteService('totetucy');
DeleteService('tifunuvo');
DeleteService('SSFK');
DeleteService('rutexypo');
DeleteService('myfohexe');
DeleteService('lomuxexu');
DeleteService('hyqerywy');
DeleteService('gyfywiky');
DeleteService('fequqegu');
DeleteService('cicebyfe');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsb169.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd103f.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd6dd.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knse261.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsg5f6.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsh3fd.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knslef8.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsm11a9.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn850.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn88e.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsp3a0.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knss77f.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsw367.tmp');
TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsy1db.tmp');
TerminateProcessByName('c:\program files\sfk\ssfk.exe');
TerminateProcessByName('c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe');
QuarantineFile('c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe','');
QuarantineFile('c:\program files\sfk\ssfk.exe','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsy1db.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsw367.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knss77f.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsp3a0.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn88e.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn850.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsm11a9.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knslef8.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsh3fd.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsg5f6.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knse261.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd6dd.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd103f.tmp','');
QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsb169.tmp','');
TerminateProcessByName('c:\program files\elex-tech\yac\isafetray.exe');
QuarantineFile('c:\program files\elex-tech\yac\isafetray.exe','');
DeleteFile('c:\program files\elex-tech\yac\isafetray.exe','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsb169.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd103f.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd6dd.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knse261.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsg5f6.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsh3fd.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knslef8.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsm11a9.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn850.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn88e.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsp3a0.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knss77f.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsw367.tmp','32');
DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsy1db.tmp','32');
DeleteFile('c:\program files\sfk\ssfk.exe','32');
DeleteFile('c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\curlpp.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iCommon.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iCommu.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iImportLib.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\ipcproxy.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeAdless.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeBase.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\isafesopt.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\isafeupbiz.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSvc.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\tws\twsupd.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\tws\twsdk.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\tws\tsc.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys','32');
DeleteFile('C:\WINDOWS\system32\DRIVERS\iSafeNetFilter.sys','32');
DeleteFile('zedepory.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMUdisk.sys','32');
DeleteFile('C:\WINDOWS\system32\tssk.sys','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010083\upgmsd_re_005010083.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010087\upgmsd_re_005010087.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010089\upgmsd_re_005010089.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010090\upgmsd_re_005010090.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010099\upgmsd_re_005010099.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010109\upgmsd_re_005010109.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010111\upgmsd_re_005010111.exe','32');
DeleteFile('C:\DOCUME~1\ALENA_~1\LOCALS~1\Temp\hnszs0.exe','32');
DeleteFile('c:\docume~1\alluse~1\dxlorckjz.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','11106');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','System');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','AppsHat');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010111.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010109.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010099.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010090.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010089.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010087.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010083.exe');
DeleteFile('C:\Program Files\gmsd_re_005010066\gmsd_re_005010066.exe','32');
DeleteFile('C:\Program Files\gmsd_re_005010070\gmsd_re_005010070.exe','32');
DeleteFile('C:\Program Files\gmsd_re_005010071\gmsd_re_005010071.exe','32');
DeleteFile('C:\Program Files\gmsd_re_005010073\gmsd_re_005010073.exe','32');
DeleteFile('C:\Program Files\gmsd_re_005010075\gmsd_re_005010075.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010075','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010073','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010071','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010070','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010066','command');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010001\upgmsd_re_005010001.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010022.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010023.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010024\upgmsd_re_005010024.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010038\upgmsd_re_005010038.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010064\upgmsd_re_005010064.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010066\upgmsd_re_005010066.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010070\upgmsd_re_005010070.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010071\upgmsd_re_005010071.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010075\upgmsd_re_005010075.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010073\upgmsd_re_005010073.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010075.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010073.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010071.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010070.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010066.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010064.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010038.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010024.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010023.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010022.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010001.exe','command');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.xoferif.bat','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV06.10\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.10\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV16.10\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.exe','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\WINDOWS\Tasks\Crossbrowse.job','32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\WINDOWS\Tasks\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.job','32');
DeleteFile('C:\WINDOWS\Tasks\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.job','32');
DeleteFile('C:\WINDOWS\Tasks\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.job','32');
DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-6.exe','32');
DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-7.exe','32');
DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-10.exe','32');
DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-11.exe','32');
DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-5.exe','32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe','32');
DeleteFile('C:\WINDOWS\Tasks\MyBrowser.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-5.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-11.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-10_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-6.job','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsc144.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsd553.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nse130.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nseA6.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsg10B.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsgAC.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsgD5.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nshDB.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nslD05.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsmEA.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsnF0.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nso129.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsp389.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsq7D4.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsr135A.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsrAF.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsrFE.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsu108.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsuF2.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsx551.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsy104.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsyCA.tmp\blowfish.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsz120.tmp\blowfish.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\curlpp.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\ipcproxy.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\isafechlp.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\libcurl.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdateres_en.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\psmachine.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\psuser.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Будет выполнена перезагрузка компьютера.

Выполните скрипт в AVZ
[code]begin
CreateQurantineArchive('c:\quarantine.zip');
end.[/code][b]c:\quarantine.zip[/b] пришлите по красной ссылке [color="Red"][u][b]Прислать запрошенный карантин[/b][/u][/color] [b]над первым сообщением[/b] в Вашей теме.

Сделайте лог [url="http://virusinfo.info/soft/tool.php?tool=checkbrowserlnk"]CheckBrowsers' Lnk[/url]

[B][COLOR="Red"]Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи[/COLOR][/B]

День добрый! YAC удалился только с помощью Uninstall tool. Остальные инструкции выполнил. Карантин переслал. Вот новые логи. :

[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]

Этот лог добавляю тоже -

[URL="http://virusinfo.info/showthread.php?t=7239"][B]Выполните скрипт в AVZ[/B]:[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\documents and settings\alena_kharchenko\application data\tsv\tsvr.exe');
TerminateProcessByName('c:\documents and settings\alena_kharchenko\local settings\application data\c8fd3271-1445009795-11e0-8319-10e12c0000fd\qnsu4e1.tmp');
TerminateProcessByName('c:\program files\mybrowser\mybrowser\application\mybrowser.exe');
SetServiceStart('IhPul', 4);
SetServiceStart('hidekoqe', 4);
StopService('IhPul');
StopService('hidekoqe');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk','');
QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll','');
QuarantineFile('c:\documents and settings\alena_kharchenko\application data\tsv\tsvr.exe','');
QuarantineFile('c:\documents and settings\alena_kharchenko\local settings\application data\c8fd3271-1445009795-11e0-8319-10e12c0000fd\qnsu4e1.tmp','');
QuarantineFile('c:\program files\mybrowser\mybrowser\application\mybrowser.exe','');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\C8FD3271-1445009795-11E0-8319-10E12C0000FD\qnsu4E1.tmp','32');
DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\TSv\TSvr.exe','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe','32');
DeleteFile('C:\WINDOWS\Tasks\MyBrowser.job','32');
DeleteFile('C:\Program Files\mybrowser\mybrowser\application\utility.exe','32');
DelBHO('{f9bf7bc2-f584-4dd2-af27-4600ec3c82da}');
DelBHO('{f51af219-4450-4d70-ac72-35c7a5cb2c27}');
DelBHO('{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}');
DelBHO('{cae4b0cb-e8de-49bf-b683-59846133444a}');
DelBHO('{8984B388-A5BB-4DF7-B274-77B879E179DB}');
DelBHO('{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}');
DelBHO('{40ea9bfb-e783-4497-83ea-41faccc128dd}');
DelBHO('{35c3a411-0be7-4910-90dd-ee7b434ab503}');
DelBHO('{10921475-03CE-4E04-90CE-E2E7EF20C814}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_4DE953975DDD8C6998A57FF365CA943F');
DeleteService('IhPul');
DeleteService('hidekoqe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('SCU',2,2,true);
RebootWindows(true);
end.[/CODE]

После перезагрузки выполните скрипт:
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]

Загрузите quarantine.zip из папки AVZ по красной ссылке [B]вверху[/B] темы [COLOR="Red"]Прислать запрошенный карантин[/COLOR]
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log )

[list][*]Скачайте [url=http://virusinfo.info/soft/tool.php?tool=ClearLNK]ClearLNK[/url] и сохраните архив с утилитой на рабочем столе.[*]Распакуйте архив с утилитой в отдельную папку.[*]Перенесите [B]Check_Browsers_LNK.log[/B] на ClearLNK как показано на рисунке

[img]http://dragokas.com/tools/move.gif[/img]
[*]Отчет о работе [b]ClearLNK-<Дата>.log[/b] будет сохранен в папке [b]LOG[/b].[*]Прикрепите этот отчет к своему следующему сообщению.[/list]

Извините за накладки, далек просто от этой сферы.

Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.

[b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
[list][*]Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.[*]Убедитесь, что под окном [b]Optional Scan[/b] отмечены [i]"List BCD"[/i], [i]"Driver MD5"[/i] и [i]"90 Days Files"[/i].[*]Нажмите кнопку [b]Scan[/b].[*]После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.[*]Если программа была запущена в первый раз, будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.[/list]
[img]http://i.imgur.com/3munStB.png[/img]

Спасибо за терпение. Вот сделал сканы -

[list][*]Скопируйте приведенный ниже текст в Блокнот и сохраните файл как [b]fixlist.txt[/b] в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:

[CODE]CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21073&r=2015/01/12&hid=831997748575875411&lg=EN&cc=UA&unqvl=74
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {77F2B683-BFE4-4140-A5D5-3004C16E3A8F} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {77F2B683-BFE4-4140-A5D5-3004C16E3A8F},Codepage,0x10001,e3,04,00,00 URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {E54128C6-3DD5-434B-ABE0-37640C57F572} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms}
Toolbar: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Toolbar: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
CinemaPlus-3.2cV06.10 (HKLM\...\CinemaPlus-3.2cV06.10) (Version: 1.36.01.22 - Cinema PlusV06.10) <==== ATTENTION
CinemaPlus-3.2cV14.10 (HKLM\...\CinemaPlus-3.2cV14.10) (Version: 1.36.01.22 - Cinema PlusV14.10) <==== ATTENTION
CinemaPlus-3.2cV16.10 (HKLM\...\CinemaPlus-3.2cV16.10) (Version: 1.36.01.22 - Cinema PlusV16.10) <==== ATTENTION
MSCONFIG\startupreg: gmsd_re_005010001 =>
MSCONFIG\startupreg: gmsd_re_005010023 =>
MSCONFIG\startupreg: gmsd_re_005010024 =>
MSCONFIG\startupreg: gmsd_re_005010038 =>
MSCONFIG\startupreg: gmsd_re_005010050 =>
MSCONFIG\startupreg: gmsd_re_005010064 =>
MSCONFIG\startupreg: gmsd_re_005010066 =>
MSCONFIG\startupreg: gmsd_re_005010070 =>
MSCONFIG\startupreg: gmsd_re_005010071 =>
MSCONFIG\startupreg: gmsd_re_005010073 =>
MSCONFIG\startupreg: gmsd_re_005010075 =>
MSCONFIG\startupreg: upgmsd_re_005010001.exe =>
MSCONFIG\startupreg: upgmsd_re_005010022.exe =>
MSCONFIG\startupreg: upgmsd_re_005010023.exe =>
MSCONFIG\startupreg: upgmsd_re_005010024.exe =>
MSCONFIG\startupreg: upgmsd_re_005010038.exe =>
MSCONFIG\startupreg: upgmsd_re_005010064.exe =>
MSCONFIG\startupreg: upgmsd_re_005010066.exe =>
MSCONFIG\startupreg: upgmsd_re_005010070.exe =>
MSCONFIG\startupreg: upgmsd_re_005010071.exe =>
MSCONFIG\startupreg: upgmsd_re_005010073.exe =>
MSCONFIG\startupreg: upgmsd_re_005010075.exe =>
EmptyTemp:
Reboot:[/CODE][*]Запустите FRST и нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении![*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/list]

Вот, все сделал -

Сделайте лог [url="http://virusinfo.info/showthread.php?t=53070&p=1104657&viewfull=1#post1104657"]полного сканирования МВАМ[/url]

Здравствуйте, вот лог -

Он пустой, переделайте нормально.

MBAM обновил, все сделал по инструкции, в тхт не сохраняет, только в хмл.

[ATTACH=CONFIG]595710[/ATTACH]
[ATTACH=CONFIG]595711[/ATTACH]

Задаем Имя файлу. В случае на картинке "MBAM"

[ATTACH=CONFIG]595712[/ATTACH]

Результат.

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]195[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\documents and settings\alena_kharchenko\application data\browsers\exe.emorhc.bat - [B]Trojan-Clicker.BAT.Small.bv[/B] ( DrWEB: BAT.Hosts.147 )[*] c:\documents and settings\alena_kharchenko\application data\browsers\exe.erolpxei.bat - [B]Trojan-Clicker.BAT.Small.bv[/B] ( DrWEB: BAT.Hosts.147 )[*] c:\documents and settings\alena_kharchenko\application data\microsoft\internet explorer\quick launch\mail.ru.lnk - [B]HEUR:Trojan.WinLNK.StartPage.gena[/B][*] c:\documents and settings\alena_kharchenko\application data\microsoft\internet explorer\quick launch\запустить обозреватель internet explorer.lnk - [B]HEUR:Trojan.WinLNK.StartPage.gena[/B][*] c:\documents and settings\alena_kharchenko\local settings\application data\c8fd3271-1445009795-11e0-8319-10e12c0000fd\qnsu4e1.tmp - [B]not-a-virus:AdWare.Win32.ConvertAd.bai[/B] ( AVAST4: Win32:Rootkit-gen [Rtk] )[*] c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe - [B]not-a-virus:AdWare.Win32.WProtManager.bw[/B][*] c:\program files\cinemaplus-3.2cv06.10\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.hv1@k0WdKEiO )[*] c:\program files\cinemaplus-3.2cv14.10\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.@u1@kyYs8EpO )[*] c:\program files\cinemaplus-3.2cv16.10\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.@u1@kORN3!fO )[*] c:\program files\globalupdate\update\1.3.25.0\globalupdatebroker.exe - [B]not-a-virus:AdWare.Win32.Goopdate.a[/B] ( DrWEB: Adware.Boxore.2 )[*] c:\program files\globalupdate\update\1.3.25.0\globalupdateondemand.exe - [B]not-a-virus:AdWare.Win32.Goopdate.b[/B] ( DrWEB: Adware.Boxore.2 )[*] c:\program files\globalupdate\update\1.3.25.0\goopdate.dll - [B]not-a-virus:AdWare.Win32.Goopdate.c[/B][*] c:\program files\globalupdate\update\1.3.25.0\goopdateres_en.dll - [B]not-a-virus:AdWare.Win32.Goopdate.d[/B][*] c:\program files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll - [B]not-a-virus:AdWare.Win32.Goopdate.e[/B][*] c:\program files\globalupdate\update\1.3.25.0\psmachine.dll - [B]not-a-virus:AdWare.Win32.Goopdate.f[/B][*] c:\program files\globalupdate\update\1.3.25.0\psuser.dll - [B]not-a-virus:AdWare.Win32.Goopdate.f[/B][*] c:\program files\mybrowser\mybrowser\application\utility.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.anvj[/B][*] c:\program files\sfk\ssfk.exe - [B]not-a-virus:AdWare.Win32.ELEX.el[/B][/LIST][/LIST]