Та же беда rusearcher

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/search
R3 - URLSearchHook: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - (no file)
O1 - Hosts: ggg
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O3 - Toolbar: Поиск WebAlta - {fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - (no file)
O3 - Toolbar: (no name) - {5BCDC9E9-A980-4B53-B2E8-60CFF484DA61} - (no file)
O4 - HKLM\..\Run: [Timestasks] C:\ProgramData\TimeTasks\timetasks.exe"
O4 - HKLM\..\Run: [ZaxarGameBrowser] "C:\Program Files\Zaxar\ZaxarGameBrowser.exe" -s
O4 - HKLM\..\Run: [ZaxarLoader] "C:\Program Files\Zaxar\ZaxarLoader.exe" /verysilent
O20 - AppInit_DLLs:    c:\progra~1\browse~1\sprote~1.dll  c:\progra~1\simple~1\sprote~1.dll

>>>  "C:\Documents and Settings\1\Start Menu\Internet Explorer.lnk"   -> ( цель неизвестна )
>>> [script][MASK] "C:\Documents and Settings\1\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk"   -> ["C:\Program Files\Internet Explorer\iexplore.bat"  =>>  -extoff] -> start "" /I /B /D "c:\PROGRA~1\INTERN~1\" "c:\PROGRA~1\INTERN~1\iexplore.exe" hxxp://searchyc-naity.ru (MD5:C462C137BA3DE93DAE7363F06ECE8870)
>>> [script][MASK] "C:\Documents and Settings\1\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk"           -> ["C:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\chrome.bat"] -> start "" /I /B /D "c:\DOCUME~1\1\LOCALS~1\APPLIC~1\google\chrome\APPLIC~1\" "c:\DOCUME~1\1\LOCALS~1\APPLIC~1\google\chrome\APPLIC~1\chrome.exe" hxxp://searchyc-naity.ru (MD5:79D10DF3539DD9B213A9E35330DD5369)

start
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKU\S-1-5-21-527237240-1004336348-725345543-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> DefaultScope {C5B6078D-9C82-43D4-8E6A-91AD3D0E8550} URL = hxxp://rusearcher.com/search.php?us=searcher&pcid=D4D3EC4F-DED3-4734-B4C9-07A21F2D48CA&pid=33&query={searchTerms}&sc=ie
SearchScopes: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=ru_RU
SearchScopes: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> {61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633} URL = hxxp://webalta.ru/search?q={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> {C5B6078D-9C82-43D4-8E6A-91AD3D0E8550} URL = hxxp://rusearcher.com/search.php?us=searcher&pcid=D4D3EC4F-DED3-4734-B4C9-07A21F2D48CA&pid=33&query={searchTerms}&sc=ie
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02] (Hewlett-Packard Co.)
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02] (Hewlett-Packard Co.)
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Toolbar: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> No Name - {468CD8A9-7C25-45FA-969E-3D925C689DC4} -  No File
Toolbar: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Toolbar: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Toolbar: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> No Name - {00000574-EF9C-0215-94EF-150274050000} -  No File
Toolbar: HKU\S-1-5-21-527237240-1004336348-725345543-1003 -> No Name - {00000002-EF28-0840-0F20-3E7731000000} -  No File
2015-08-18 15:58 - 2015-08-20 15:58 - 00000308 _____ C:\WINDOWS\Tasks\Update Service for Torrent Search2111111111111111111.job
2015-08-18 15:58 - 2015-08-18 15:58 - 00000308 _____ C:\WINDOWS\Tasks\Update Service for Torrent Search11111111111111111111.job
2015-08-18 15:54 - 2015-08-18 18:32 - 00000000 ____D C:\Documents and Settings\1\Application Data\Homepager11111111111111111111
2015-08-18 15:54 - 2015-08-18 15:54 - 00000000 ____D C:\Documents and Settings\1\Application Data\Searcher1111111111111111
NETSVC: yensog -> C:\WINDOWS\system32\qvkyv.dll ==> No File
NETSVC: yamkqvtc -> C:\WINDOWS\system32\qvkyv.dll ==> No File
Task: C:\WINDOWS\Tasks\schedule!1173230912.job => C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exeq/schedule /profile c:\documents and settings\all users\application data\bettersoft\optimizerpro\1173230912.ini <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Torrent Search11111111111111111111.job => C:\Program Files\Torrent Search\1hZpDVY.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Torrent Search2111111111111111111.job => C:\Program Files\Torrent Search\1hZpDVY.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Google Software Updater.job => 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
AlternateDataStreams: C:\Documents and Settings\1\Local Settings\Application Data:wa
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
EmptyTemp:
Reboot:
end