start
CreateRestorePoint:
Task: D:\WINDOWS\Tasks\AmiUpdXp.job => D:\Documents and Settings\;448<8D.D4586D306D714B5.000\Application Data\9495\Updater.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\At1.job => D:\DOCUME~1\F5F1~1.D45\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: D:\WINDOWS\Tasks\SmartWeb Upgrade Trigger Task.job => D:\Documents and Settings\;448<8D.D4586D306D714B5.000\Local Settings\Application Data\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\Soft installer.job => D:\Documents and Settings\;448<8D.D4586D306D714B5.000\Local Settings\Application Data\Host installer\2824004470_monster.exe
2015-06-10 20:26 - 2015-06-10 20:26 - 00744960 _____ () D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\00000000-1433879110-0000-0000-00241DC6D6A9\nsp38D.tmp
2015-06-12 15:24 - 2015-06-12 15:24 - 00219136 _____ () D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\00000000-1433879110-0000-0000-00241DC6D6A9\jnsl4E9.tmp
2015-06-12 15:24 - 2015-06-12 15:24 - 03983016 _____ () D:\Program Files\gmsd_ru_290\gmsd_ru_290.exe
2015-06-12 15:24 - 2015-06-11 14:25 - 03984552 _____ () D:\Program Files\gmsd_ru_005010001\gmsd_ru_005010001.exe
2015-06-14 19:22 - 2015-06-13 14:58 - 03984552 _____ () D:\Program Files\gmsd_ru_005010002\gmsd_ru_005010002.exe
2015-06-13 17:37 - 2015-06-13 14:58 - 03304904 _____ () D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_005010002\upgmsd_ru_005010002.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\96988a106b32ba79faf59eff]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb]
HKLM\...\Run: [ QQPCTray] => "D:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe" /regrun
HKLM\...\Run: [gmsd_ru_290] => D:\Program Files\gmsd_ru_290\gmsd_ru_290.exe [3983016 2015-06-12] ()
HKLM\...\Run: [gmsd_ru_005010001] => D:\Program Files\gmsd_ru_005010001\gmsd_ru_005010001.exe [3984552 2015-06-11] ()
HKLM\...\Run: [upgmsd_ru_005010001.exe] => D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_290\upgmsd_ru_005010001.exe -runhelper
HKLM\...\Run: [gmsd_ru_005010002] => D:\Program Files\gmsd_ru_005010002\gmsd_ru_005010002.exe [3984552 2015-06-13] ()
HKLM\...\Run: [upgmsd_ru_005010002.exe] => D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_005010002\upgmsd_ru_005010002.exe [3304904 2015-06-13] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-606747145-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://spacesearch.ru/?ri=1&rsid=16dd3538ca89263c333dd6f23c7a938f&q={searchTerms}
HKU\S-1-5-21-606747145-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spacesearch.ru/?ri=1&rsid=16dd3538ca89263c333dd6f23c7a938f&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-606747145-1644491937-682003330-1003 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
DefaultPrefix: => http://spacesearch.ru/?ri=1&rsid=16dd3538ca89263c333dd6f23c7a938f&q= <==== ATTENTION
FF Plugin: @qq.com/QQPCMgr -> D:\Program Files\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll No File
CHR Extension: (Chrome Hotword Shared Module) - D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-04]
CHR HKLM\...\Chrome\Extension: [mdeldjolamfbcgnndjmjjiinnhbnbnla] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx
R2 xoperoze; D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\00000000-1433879110-0000-0000-00241DC6D6A9\jnsl4E9.tmp [219136 2015-06-12] () [File not signed]
S2 insvc_1.10.0.14; "D:\Program Files\Infonaut_1.10.0.14\Service\insvc.exe" [X]
S2 kysykiti; D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\00000000-1433893693-0000-0000-00241DC6D6A9\snsd564.tmp [X]
S2 zedepory; D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\00000000-1433879110-0000-0000-00241DC6D6A9\hnsa4EC.tmp [X]
S2 UpdaterSvcClearThink; "D:\Program Files\ClearThink\updater.exe" [X]
S2 QQSysMon; \??\D:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQSysMon.sys [X]
S0 TsFltMgr; system32\drivers\TsFltMgr.sys [X]
S1 tsksp; \??\D:\Program Files\Tencent\QQPCMgr\10.9.16349.225\TSKsp.sys [X]
S3 TSSK; System32\tssk.sys [X]
2015-06-14 22:33 - 2015-06-14 22:33 - 00000000 ____D D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\gmsd_ru_290
2015-06-14 22:33 - 2015-06-14 22:33 - 00000000 ____D D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\gmsd_ru_005010002
2015-06-14 22:33 - 2015-06-14 22:33 - 00000000 ____D D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\gmsd_ru_005010001
2015-06-14 21:50 - 2015-06-14 21:50 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\istartsurf
2015-06-14 21:14 - 2015-06-14 21:14 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_290
2015-06-14 21:14 - 2015-06-14 21:14 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_005010001
2015-06-14 20:51 - 2015-06-14 20:53 - 00000000 ____D D:\Documents and Settings\Администратор.D4586D306D714B5\Application Data\Tencent
2015-06-13 17:37 - 2015-06-15 21:58 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_005010002
2015-06-13 17:37 - 2015-06-14 23:06 - 00000000 ____D D:\Program Files\gmsd_ru_005010002
2015-06-11 17:10 - 2015-06-13 17:11 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\Tencent
2015-06-10 22:58 - 2015-06-14 20:27 - 00000000 ____D D:\Program Files\gmsd_ru_290
2015-06-10 22:57 - 2015-06-15 21:55 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\SmartWeb
2015-06-10 22:57 - 2015-06-10 23:26 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\SmartWeb
2015-06-10 22:57 - 2015-06-10 23:26 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Application Data\mystartsearch
2015-06-10 22:57 - 2015-06-10 22:57 - 00000390 _____ D:\WINDOWS\Tasks\SmartWeb Upgrade Trigger Task.job
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 ____D D:\Documents and Settings\冷扈龛耱疣蝾餦Application Data\Tencent
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 ____D D:\Documents and Settings\Администратор\Application Data\Tencent
2015-06-10 00:08 - 2015-06-12 15:27 - 00000000 ____D D:\Documents and Settings\袙谢邪写懈屑懈褉.D4586D306D714B5.000\Local Settings\Temp
2015-06-10 00:08 - 2015-06-10 00:08 - 00000000 ____D D:\Documents and Settings\袙谢邪写懈屑懈褉.D4586D306D714B5.000
2015-06-10 00:05 - 2015-06-14 20:57 - 00030392 _____ (Tencent) D:\WINDOWS\system32\Drivers\TS888.sys
2015-06-09 23:59 - 2015-06-10 21:43 - 00000000 ____D D:\Program Files\gmsd_ru_284
2015-06-09 23:59 - 2015-06-10 21:43 - 00000000 ____D D:\Documents and Settings\Владимир.D4586D306D714B5.000\Local Settings\Application Data\gmsd_ru_284
2015-06-09 23:51 - 2015-06-09 23:51 - 00000000 ____D D:\Documents and Settings\码噤桁桊.D4586D306D714B5.000\Application Data\Tencent
2015-06-09 23:51 - 2015-06-09 23:51 - 00000000 ____D D:\Documents and Settings\码噤桁桊.D4586D306D714B5.000
2015-06-09 23:51 - 2015-06-09 23:49 - 00077016 _____ (Tencent) D:\WINDOWS\system32\Drivers\TAOAccelerator.sys
2015-06-09 23:49 - 2015-06-09 23:49 - 00139064 _____ (Tencent Technology(Shenzhen) Company Limited) D:\WINDOWS\system32\Drivers\TAOKernelXP.sys
2015-06-09 23:49 - 2015-06-09 23:49 - 00000758 _____ D:\Documents and Settings\All Users.WINDOWS\Главное меню\电脑管家.lnk
2015-06-09 23:49 - 2015-06-09 23:49 - 00000758 _____ D:\Documents and Settings\All Users.WINDOWS\Главное меню\电脑管家.lnk
2015-06-09 23:49 - 2015-06-09 23:49 - 00000000 ____D D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Tencent
2015-06-09 23:47 - 2009-03-08 14:09 - 00638816 ____H (Microsoft Corporation) D:\iехplоrе.bаt.exe
EmptyTemp:
Reboot:
end
;uVS v3.85.24 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v385c
breg
sreg
; D:\PROGRAM FILES\MIUITAB\BROWSERACTION.DLL
zoo %SystemDrive%\PROGRAM FILES\MIUITAB\BROWSERACTION.DLL
bl 5785680870EFF9BA7B4F58C726552013 1720320
addsgn A7679B1928664D070E3C66B464C8ED70357589FA768F179082C3C5BCD3127D11E11BC33D2E3D2D833D906C49451649C9BD9F6382DCAF541FF6FEF9D34C7B2EFA 64 Adware.Mutabaha.265 [DrWeb]
; D:\PROGRAM FILES\GMSD_RU_005010003\GMSD_RU_005010003.EXE
zoo %SystemDrive%\PROGRAM FILES\GMSD_RU_005010003\GMSD_RU_005010003.EXE
bl 48F71C14F2FF634BC1039734570B29EA 3985576
addsgn 1A55C39A5583C58CF42B254E3143FE86C9C65D5689821F4B404A804003E5AA1BA8EE4A0AFEDCC0F5107BF185AEFB0FFA7D18E86455DAB0C459F0A42F44CCDDF8 64 Adware.Downware.10601 [DrWeb]
delref HTTP://SEARCH.QIP.RU
delref HTTP://WWW.MYSTARTSEARCH.COM/?TYPE=HPPP&TS=1434398148&Z=CA50BA91B0F3B5CBF12DC4AG4ZAC5ZEZ8E7GCQ3B8T&FROM=CMI&UID=WDCXWD5000AADS-00M2B0_WD-WMAV5125867758677
delref HTTP://WWW.MYSTARTSEARCH.COM/?TYPE=SC&TS=1434469183&Z=1C363B9AB74E984032DF34FG9Z4C5ZCZFM6O3M7E9C&FROM=CMI&UID=WDCXWD5000AADS-00M2B0_WD-WMAV5125867758677
delref HTTP://WWW.SMAXXI.BIZ
delref %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР\KNYXI.EXE
; D:\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\APPLICATION DATA\9495\UPDATER.EXE
addsgn 1A2B6F9B5583C58CF42B254E3143FE6F2FE0FC09FCF2F70F9EC2C53F94DA2C8FA8E896DCD2AAE845418AEE9FB9634112F4C4E972D61EA071EEFC5B7A4CEA7F9A 64 HEUR:Trojan.Win32.Generic [Kaspersky]
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\APPLICATION DATA\9495\UPDATER.EXE
bl FC8FF437C8C9764B2EAE0AE6B16E0C4D 1179648
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\GMSD_RU_005010002\UPGMSD_RU_005010002.EXE
delref %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\GMSD_RU_005010002\UPGMSD_RU_005010003.EXE
delref HTTP:\\PLARIUM.COM\PLAY\RU\PIRATES\TOP\?ADCAMPAIGN=31909&CLICKID=ZZYE0CZY0BTBYB0D0EYEYC0A0ETAYBYC&PUBLISHERID=0_9_15_16_44
; D:\FRST\QUARANTINE\D\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\SMARTWEB\SMARTWEBHELPER.EXE
addsgn 1A3B099A5583338CF42BFB3A8837076DA4C8FC9C88593324C6C32DFFD0D671B3561F2BEA55559DCA16ACD8DC461610A308D78273BDF3302C2D2ECC26C306E29B 64 Adware.Shopper.859 [DrWeb]
zoo %SystemDrive%\FRST\QUARANTINE\D\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\SMARTWEB\SMARTWEBHELPER.EXE
bl 153F088DFDB3F940AD9DAEB04A3ACC4D 270368
; D:\FRST\QUARANTINE\D\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\SMARTWEB\SMARTWEBAPP.EXE
addsgn 1A3AF59A5583338CF42BFB3A883707E934CCFC9C88590BBDC2C32DFED4D671B3561F2B454C559DCA169441D8461610A308D78273BDF2342C2D2ECC26C306E29B 64 Adware.Shopper.859 [DrWeb]
zoo %SystemDrive%\FRST\QUARANTINE\D\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\SMARTWEB\SMARTWEBAPP.EXE
bl 44069C2AC699C8DAD80A96FB1C8DFE57 557088
delref %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\APPLICATION DATA\00000000-1433879110-0000-0000-00241DC6D6A9\NSP38D.TMP
delref HTTP://WWW.MYSTARTSEARCH.COM/WEB/?TYPE=DSPP&TS=1434398148&Z=CA50BA91B0F3B5CBF12DC4AG4ZAC5ZEZ8E7GCQ3B8T&FROM=CMI&UID=WDCXWD5000AADS-00M2B0_WD-WMAV5125867758677&Q={SEARCHTERMS}
delref %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5.000\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LCCEKMODGKLAEPJEOFJDJPBMINLLAJKG\0.3.0.5_1\CHROME HOTWORD SHARED MODULE
delref HTTP:\\WWW.MYSTARTSEARCH.COM\?TYPE=SC&TS=1434469183&Z=1C363B9AB74E984032DF34FG9Z4C5ZCZFM6O3M7E9C&FROM=CMI&UID=WDCXWD5000AADS-00M2B0_WD-WMAV5125867758677
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\ГЛАВНОЕ МЕНЮ\ПРОГРАММЫ\MIPONY\MIPONY.LNK
; D:\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\ГЛАВНОЕ МЕНЮ\ПРОГРАММЫ\MIPONY\MIPONY.LNK
bl 43A97F30AFD1724CBA964C9039D79AE5 666
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\ГЛАВНОЕ МЕНЮ\ПРОГРАММЫ\MIPONY\MIPONY.LNK
deldir %SystemDrive%\PROGRAM FILES\MIPONY
deltmp
czoo
chklst
delvir
areg
;uVS v3.85.24 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v385c
breg
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\ГЛАВНОЕ МЕНЮ\ПРОГРАММЫ\DEALPLY\UNINSTALL DEALPLY.LNK
; D:\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\ГЛАВНОЕ МЕНЮ\ПРОГРАММЫ\DEALPLY\UNINSTALL DEALPLY.LNK
bl AA48436C6EA8E07482ACAA20D1FC12FD 623
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\ГЛАВНОЕ МЕНЮ\ПРОГРАММЫ\DEALPLY\UNINSTALL DEALPLY.LNK
deldir %SystemDrive%\PROGRAM FILES\DEALPLY
delref %SystemDrive%\DOCUME~1\F5F1~1.D45\LOCALS~1\TEMP\HNI34F.TMP
delref %SystemDrive%\DOCUME~1\F5F1~1.D45\0016~1\SSSEXY~1.EXE
delref %SystemDrive%\PROGRAM FILES\MIPONY\MIPONY.EXE
delref %SystemDrive%\DOCUMENTS AND SETTINGS\ВЛАДИМИР.D4586D306D714B5\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MIPONY.LNK
deltmp
czoo
restart
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?