При нажатии на ссылки во всех браузерах открываются новые окна с рекламой

[thyrex 1 468]

1. Откройте Блокнот и скопируйте в него приведенный ниже текст

 

CreateRestorePoint:
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
SearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> {8C01790A-D2B9-4F10-A6CF-8BD15CB2C8F6} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^RU&gct=sb&itbv=12.21.0.114&apn_uid=2F3E36E8-9159-4582-A6DB-A271B0F92A09&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^RU&apn_dbr=ie&doi=2014-12-01&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} ->  No File
Toolbar: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Extension: No Name - C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
OPR Extension: (No Name) - C:\Users\Лида\AppData\Roaming\Opera Software\Opera Stable\Extensions\ablgnpngfaaficpckehadaljnjgjkhbi [2015-08-29]
OPR Extension: (No Name) - C:\Users\Лида\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-08-29]
2015-08-29 19:40 - 2015-08-29 19:40 - 00001010 _____ C:\Windows\Tasks\KlFj3QUlEHIo0SE7SIjPc.job
2015-08-29 19:40 - 2015-08-29 19:40 - 00001002 _____ C:\Windows\Tasks\4zcDGkUqCZDGA75Rm.job
2015-08-29 19:34 - 2015-08-29 19:34 - 00001008 _____ C:\Windows\Tasks\dL4ZbPEmSL97xm4b0FiJ.job
2015-08-29 19:34 - 2015-08-29 19:34 - 00000996 _____ C:\Windows\Tasks\NZxWIFkKud4Z7x.job
2015-08-27 21:33 - 2015-09-10 21:04 - 00000000 ____D C:\Program Files\onlysearch
2015-08-27 21:31 - 2015-08-27 21:46 - 00000000 ____D C:\Users\Лида\AppData\Roaming\cpuminer
2015-08-27 21:30 - 2015-08-27 21:30 - 00000000 ____D C:\Users\Все пользователи\App73
2015-08-27 21:30 - 2015-08-27 21:30 - 00000000 ____D C:\ProgramData\App73
2015-08-27 21:16 - 2015-08-27 21:16 - 00001020 _____ C:\Windows\Tasks\uPcPs8Mb2URpsEmYz8351Z6DGu.job
2015-08-27 20:52 - 2015-09-04 21:00 - 00000000 ____D C:\Program Files\NixSrv
2015-08-27 20:40 - 2015-09-08 18:41 - 00000000 ____D C:\Program Files\globalUpdate
2015-08-26 19:29 - 2015-09-10 21:03 - 00000000 ____D C:\Program Files\SFK
2015-08-25 18:57 - 2015-08-25 18:50 - 00067896 _____ (????) C:\Windows\system32\TSSK.sys
2015-08-25 11:17 - 2015-08-25 11:17 - 00000000 ____D C:\Users\Все пользователи\KingSoft
2015-08-25 11:17 - 2015-08-25 11:17 - 00000000 ____D C:\ProgramData\KingSoft
2015-08-25 11:06 - 2015-08-26 18:58 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2015-08-25 08:15 - 2015-08-26 19:12 - 00000063 _____ C:\Windows\QMNetworkMgr.ini
2015-08-25 08:00 - 2015-08-25 08:00 - 00000000 ____D C:\Users\Все пользователи\TXQMPC
2015-08-25 08:00 - 2015-08-25 08:00 - 00000000 ____D C:\ProgramData\TXQMPC
2015-08-25 07:58 - 2015-08-25 21:12 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Tencent
2015-08-25 07:58 - 2015-08-25 11:07 - 00000000 ____D C:\Users\Все пользователи\Tencent
2015-08-25 07:58 - 2015-08-25 11:07 - 00000000 ____D C:\ProgramData\Tencent
2015-08-25 07:58 - 2015-08-25 07:59 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-08-25 07:58 - 2015-08-25 07:58 - 00000000 ____D C:\Program Files\Tencent
2015-08-25 07:53 - 2015-08-28 19:29 - 00001085 _____ C:\task.vbs
2015-08-25 07:27 - 2015-09-07 19:32 - 00000000 ____D C:\qycache
2015-08-25 07:25 - 2015-09-07 19:45 - 00000000 ____D C:\IQIYI Video
2015-08-25 07:25 - 2015-08-25 07:25 - 00000000 ____D C:\Users\Public\QiYi
2015-08-25 07:24 - 2015-09-07 20:32 - 00000000 ____D C:\Program Files\baidu
2015-08-24 21:55 - 2015-09-05 23:35 - 00000000 ____D C:\Users\Лида\AppData\Roaming\ASPackage
2015-08-24 21:55 - 2015-08-14 21:25 - 00000026 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\4Ue9NpUtuGc
2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\4zcDGkUqCZDGA75Rm
2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\Лида\AppData\Roaming\D30TxpaFpHSQ
2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\dL4ZbPEmSL97xm4b0FiJ
2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\Лида\AppData\Roaming\KlFj3QUlEHIo0SE7SIjPc
2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\Лида\AppData\Roaming\NZxWIFkKud4Z7x
2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\uPcPs8Mb2URpsEmYz8351Z6DGu
C:\Users\Лида\AppData\Local\Temp\TempQMDTLSDKSetup20141114(1).exe
C:\Users\Лида\AppData\Local\Temp\TempQMDTLSDKSetup20141114.exe
C:\Users\Лида\AppData\Local\Temp\TempQMSystemSetup_10.10.16443.223_683216754(1).exe
C:\Users\Лида\AppData\Local\Temp\TempQMSystemSetup_10.10.16443.223_683216754.exe
C:\Users\Лида\AppData\Local\Temp\tmp9379.tmp.exe
C:\Users\Лида\AppData\Local\Temp\tmpA60E.tmp.exe
C:\Users\Лида\AppData\Local\Temp\install1215124.exe
C:\Users\Лида\AppData\Local\Temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Users\Лида\AppData\Local\Temp\kometa_vd.exe
C:\Users\Лида\AppData\Local\Temp\nsnB1D3.exe
C:\Users\Лида\AppData\Local\Temp\nsqA352.exe
C:\Users\Лида\AppData\Local\Temp\nsuA5E.exe
C:\Users\Лида\AppData\Local\Temp\nsv4C8B.exe
C:\Users\Лида\AppData\Local\Temp\nsvA7B7.exe
C:\Users\Лида\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\Лида\AppData\Local\Temp\PCMgr_Setup_10_10_16443_223.exe
C:\Users\Лида\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe
C:\Users\Лида\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Лида\AppData\Local\Temp\ReimageRepair.exe
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
Task: {00F2931F-09BA-4A09-A160-610F11C533F8} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {D0C33AA3-E078-444C-A35F-D57E234E082C} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: C:\Windows\Tasks\4Ue9NpUtuGc.job => C:\Users\Лида\AppData\Roaming\4Ue9NpUtuGc.exe <==== ATTENTION
Task: C:\Windows\Tasks\4zcDGkUqCZDGA75Rm.job => C:\Users\Лида\AppData\Roaming\4zcDGkUqCZDGA75Rm.exe <==== ATTENTION
Task: C:\Windows\Tasks\D30TxpaFpHSQ.job => C:\Users\Лида\AppData\Roaming\D30TxpaFpHSQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\dL4ZbPEmSL97xm4b0FiJ.job => C:\Users\Лида\AppData\Roaming\dL4ZbPEmSL97xm4b0FiJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\KlFj3QUlEHIo0SE7SIjPc.job => C:\Users\Лида\AppData\Roaming\KlFj3QUlEHIo0SE7SIjPc.exe <==== ATTENTION
Task: C:\Windows\Tasks\NZxWIFkKud4Z7x.job => C:\Users\Лида\AppData\Roaming\NZxWIFkKud4Z7x.exe <==== ATTENTION
Task: C:\Windows\Tasks\uPcPs8Mb2URpsEmYz8351Z6DGu.job => C:\Users\Лида\AppData\Roaming\uPcPs8Mb2URpsEmYz8351Z6DGu.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\Users\Все пользователи:NT
AlternateDataStreams: C:\Users\Все пользователи:NT2
AlternateDataStreams: C:\Users\Лида:id
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:10D14739
AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT
AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT2
AlternateDataStreams: C:\Users\Все пользователи\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Все пользователи\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Все пользователи\TEMP:10D14739
AlternateDataStreams: C:\Users\Лида\Application Data:NT
AlternateDataStreams: C:\Users\Лида\Application Data:NT2
AlternateDataStreams: C:\Users\Лида\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Лида\AppData\Roaming:NT2
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
FirewallRules: [{EA65BCAA-F684-460F-9106-AA8ECD3C181A}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{DF978091-5B31-4B20-99DA-53F47EC6D6A2}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{5F1764FE-BC92-48A6-A2D1-0D437D363BBF}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{66B662DD-A6E5-4CD3-83C1-C2E0B558EDF2}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{6034F75F-284E-4525-A0DE-0AD304C81819}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{AE6EBB45-E15B-4FF5-838E-406E222B00D0}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{18678528-AF1D-4ED6-BBD2-D829C38AEAE9}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{607A4714-56E1-4F8F-B00A-4235BC49A021}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{F13E7628-EBE4-43F8-8004-312DD18DD41C}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{64423ED0-975D-4EB1-8BF4-34A86283ADF6}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{2FC19B43-A377-4A10-8932-44C0BE20DD9F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{0DF6BBD2-0FB5-4C7C-AC27-79573A720657}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{43F113EC-140C-4BFA-BEFE-37E6A018EC72}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{D03ACD44-DF34-45EF-8928-E21C3A9ADCE0}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{353843B6-2516-400C-84D3-3AA8955341B8}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{7E2C736E-5EFA-4B40-852A-7D4129117E6F}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
FirewallRules: [{4054B829-A1B7-44BE-BD1C-8E4C03BF1CE0}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe
FirewallRules: [{CFD19CD2-4553-46ED-BDBA-ECD74CE9A31D}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
FirewallRules: [{8236CFEB-0DD6-42F8-BA5A-4A9E25C16AB5}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe
Reboot:

2. Нажмите Файл – Сохранить как

3. Выберите папку, откуда была запущена утилита Farbar Recovery Scan Tool

4. Укажите Тип файла – Все файлы (*.*)

5. Введите имя файла fixlist.txt и нажмите кнопку Сохранить

6. Запустите FRST, нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!

• Обратите внимание, что компьютер будет перезагружен.
  

[shtaf1987 0]

Вот!!!!

Fixlog.txt

[thyrex 1 468]

Что с проблемой?

[shtaf1987 0]

так вроде норм все)))))

[thyrex 1 468]

Удалите МВАМ и на выписку из клиники

[shtaf1987 0]

Спасибо большое)))))