;uVS v3.86.4 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
delref HTTP://WWW.MYSTARTSEARCH.COM/?TYPE=HP&TS=1419525043&FROM=WPC&UID=ST3500410AS_5VM09JCWXXXX5VM09JCW
delref HTTP://WWW.MYSTARTSEARCH.COM/WEB/?TYPE=DS&TS=1419525043&FROM=WPC&UID=ST3500410AS_5VM09JCWXXXX5VM09JCW&Q={SEARCHTERMS}
delref HTTPS://ISSALVE.COM/PICS/VISTA.EXD
delref %SystemDrive%\PROGRAM FILES (X86)\MIPONY\MIPONY.EXE
delref %Sys32%\DRIVERS\TTRFD_VT_1_10_0_22.SYS
delref %Sys32%\DRIVERS\{2BF1E193-DF72-4E3C-9F15-D1DC6E2F810F}GW64.SYS
delref %Sys32%\DRIVERS\{45181535-538C-463E-AA53-481874080ED5}GW64.SYS
delref HTTP://SEARCH.GBOXAPP.COM/
delref %SystemDrive%\PROGRAMDATA\{536E2DFF-01CE-4B17-536E-E2DFF01CB7FC}\HQGHUMEAYLNLF.EXE
delref %SystemDrive%\PROGRAMDATA\{81118EB0-94F5-5140-8111-18EB094F3AC2}\HQGHUMEAYLNLF.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\EXSATRACOUPON\ZHYHRMJSEA0W9U.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSATRACOUPON\ZHYHRMJSEA0W9U.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\NEWSAVER\U4OIVMALE1PSDL.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\NEWSAVER\U4OIVMALE1PSDL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSTRRACOUPON\QVHEA41ESLO0OS.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSTRRACOUPON\QVHEA41ESLO0OS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DUOWNNSAVE\JDC4IHQUXUJNHC.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DUOWNNSAVE\JDC4IHQUXUJNHC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UNISAELES\7HHQKRLUI6LCWC.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UNISAELES\7HHQKRLUI6LCWC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\FINDBESTTDEALL\SACOZMJWDYLO4C.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\FINDBESTTDEALL\SACOZMJWDYLO4C.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\5I0UCOUPONS\VOIYMSL4KZMPXG.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\5I0UCOUPONS\VOIYMSL4KZMPXG.DLL
delref %SystemDrive%\PROGRAMDATA\7SSAVE\3NI6UTZWPLNDGI.X64.DLL
delref %SystemDrive%\PROGRAMDATA\7SSAVE\3NI6UTZWPLNDGI.DLL
delref %SystemDrive%\PROGRAMDATA\ALLCHEAPPRIICCE\7BEUSRMTBQ2WLA.X64.DLL
delref %SystemDrive%\PROGRAMDATA\ALLCHEAPPRIICCE\7BEUSRMTBQ2WLA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DISCOUNNTEXTENSI\0JOJGYAPCQ9FMH.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DISCOUNNTEXTENSI\0JOJGYAPCQ9FMH.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UNISALESS\HFHNMKSSYYL8KT.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UNISALESS\HFHNMKSSYYL8KT.DLL
delref %SystemDrive%\PROGRAMDATA\50CEOUPOONS\1ZCYJJPKGTESZS.X64.DLL
delref %SystemDrive%\PROGRAMDATA\50CEOUPOONS\1ZCYJJPKGTESZS.DLL
delref %SystemDrive%\PROGRAMDATA\REGULARDDEAALSS\I3M1CLVFALJLGZ.X64.DLL
delref %SystemDrive%\PROGRAMDATA\REGULARDDEAALSS\I3M1CLVFALJLGZ.DLL
delref %SystemDrive%\PROGRAMDATA\7SAAVE\O1BDEYHY8TYPIP.X64.DLL
delref %SystemDrive%\PROGRAMDATA\7SAAVE\O1BDEYHY8TYPIP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SAAVENUEWAAPAPZ\2VALB9SRVCAJG9.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SAAVENUEWAAPAPZ\2VALB9SRVCAJG9.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BBESTSAVEFORYOU\9NEGQNSIIH8NRT.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BBESTSAVEFORYOU\9NEGQNSIIH8NRT.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DOWNUSAVE\VVFN8WGTE3E4PG.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DOWNUSAVE\VVFN8WGTE3E4PG.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\NEWWSAAVERO\CDWVO2V9ONYKJU.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\NEWWSAAVERO\CDWVO2V9ONYKJU.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\AIMERSOFT\VIDEO CONVERTER ULTIMATE\WS_ATLMOVIE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\7ASAVE\1NO04XHIPNXCYP.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\7ASAVE\1NO04XHIPNXCYP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SHOPDDRROP\9FDXC0XJD1XMVV.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SHOPDDRROP\9FDXC0XJD1XMVV.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\REGULAARDEAALS\GZ9XFNAPHEAPBD.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\REGULAARDEAALS\GZ9XFNAPHEAPBD.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSTRAECOUPOON\HFQ0MFSYZPOLBN.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSTRAECOUPOON\HFQ0MFSYZPOLBN.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BESTSAIVEFIORYOU\TTQ8QJ6AMH3BJS.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BESTSAIVEFIORYOU\TTQ8QJ6AMH3BJS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DIIGIISAUVEER\NHFTX8PHYQRPUA.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\DIIGIISAUVEER\NHFTX8PHYQRPUA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CCHOEAPME\FD6NXEFLHRIPKW.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CCHOEAPME\FD6NXEFLHRIPKW.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CHHEAAPPME\FNIA95Q4YT9IBG.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CHHEAAPPME\FNIA95Q4YT9IBG.DLL
delref {B04B9F59-CF88-4444-93C7-4AEC253BC739}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\ENNJOYCOUPION\MNYDUD1HYXCVRM.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ENNJOYCOUPION\MNYDUD1HYXCVRM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BIETSAVER\BMHBPBMOF6M4TE.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BIETSAVER\BMHBPBMOF6M4TE.DLL
delref %SystemDrive%\PROGRAMDATA\BBESTSAVEFOURYOU\CGUQ5REPMV2NPQ.X64.DLL
delref %SystemDrive%\PROGRAMDATA\BBESTSAVEFOURYOU\CGUQ5REPMV2NPQ.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BESTSAVEFORYOU\4UWCPYQA0IWB0Z.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BESTSAVEFORYOU\4UWCPYQA0IWB0Z.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ADSYI\OGGHSHALMJZZZY.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ADSYI\OGGHSHALMJZZZY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\YOUTUBEADDBLOCKE\9IE0NR8GPRSVHZ.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\YOUTUBEADDBLOCKE\9IE0NR8GPRSVHZ.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SHOPDRROOPU\EF8FHCE4OCIKXY.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SHOPDRROOPU\EF8FHCE4OCIKXY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\NPGOOGLEUPDATE3.DLL
delref %SystemDrive%\PROGRAMDATA\ISAVER\QAJOFHIZQASYNX.X64.DLL
delref %SystemDrive%\PROGRAMDATA\ISAVER\QAJOFHIZQASYNX.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CHEAPMIE\CVAV4CNCBC3GAZ.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CHEAPMIE\CVAV4CNCBC3GAZ.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSTERAACOUPON\FB3NQFSFRJBN56.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\EXSTERAACOUPON\FB3NQFSFRJBN56.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\COUPPMEAPP\YFDSN8ZDYK5KQG.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\COUPPMEAPP\YFDSN8ZDYK5KQG.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\NNEWSAOVEERA\SPC0TJPFQR6PRM.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\NNEWSAOVEERA\SPC0TJPFQR6PRM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\5O0COUPONS\3O78CKH1ED0MV6.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\5O0COUPONS\3O78CKH1ED0MV6.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\FINDBESTTDEAL\WKPVMK2C2YLTOM.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\FINDBESTTDEAL\WKPVMK2C2YLTOM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SAVERREXXTENSIONN\NJFBIW8FCZOXXE.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SAVERREXXTENSIONN\NJFBIW8FCZOXXE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\SAFEPCREPAIR\IOLOTOOLSERVICE.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\GOOGLE TOOLBAR\GOOGLETOOLBAR_64.DLL
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVDISPS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\LAMPY LIGHTY\BIN\{45181535-538C-463E-AA53-481874080ED5}64.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\5.7.9012.1008\SWG64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\LAMPY LIGHTY\BIN\{45181535-538C-463E-AA53-481874080ED5}.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\GOOGLETOOLBARNOTIFIER\5.7.9012.1008\SWG.DLL
delref %SystemDrive%\PROGRA~2\SAFEPC~2\IOLOTO~1.EXE
deltmp
restart
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419525043&from=wpc&uid=ST3500410AS_5VM09JCWXXXX5VM09JCW&q={searchTerms}
SearchScopes: HKLM-x32 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^AW7^xdm326^S12968^ru&si=316650_6191&ptb=F558B07F-5B54-4997-A76B-B0104D918036&ind=2015053001&n=781b44c9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3327777186-4243457058-3746701894-1000 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^AW7^xdm326^S12968^ru&si=316650_6191&ptb=F558B07F-5B54-4997-A76B-B0104D918036&ind=2015053001&n=781b44c9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3327777186-4243457058-3746701894-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/25&hid=1378024265678823941&lg=EN&cc=RU
SearchScopes: HKU\S-1-5-21-3327777186-4243457058-3746701894-1000 -> {C23765D6-2166-4609-92EF-9B3C7780F687} URL = hxxp://www.search.ask.com/web?tpid=NDV-SP&o=APN10975&pf=V7&p2=^B2X^YYYYYY^YY^RU&gct=&itbv=12.23.0.49&apn_uid=18A76924-A5C6-491F-9584-2CEA13D371D8&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^RU&apn_dbr=&doi=2015-01-30&trgb=IE&q={searchTerms}&psv=&pt=tb
Toolbar: HKU\S-1-5-21-3327777186-4243457058-3746701894-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF NewTab: yafd:tabs
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF NetworkProxy: "autoconfig_url", "https://issalve.com/pics/vista.exd"
FF NetworkProxy: "type", 2
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-01-02]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\WebSearch.xml [2014-12-25]
FF Extension: ExStrACouponn - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\T@gH.net [2015-09-05]
CHR Extension: (priceechoapp) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcibomnobffpmfiglebnfoahbkinbof [2014-08-24]
CHR HKLM-x32\...\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mdeldjolamfbcgnndjmjjiinnhbnbnla] - http://clients2.google.com/service/update2/crx
2015-09-03 23:56 - 2015-09-03 23:57 - 00000000 ____D C:\ProgramData\3872871776
2015-09-03 23:56 - 2015-09-03 23:57 - 00000000 ____D C:\Program Files (x86)\mypdfile
EmptyTemp:
Reboot:
;uVS v3.86.4 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
uidel "C:\ProgramData\Mini - Adblocker\Mini - Adblocker.exe" /progname=Mini - Adblocker /progver=3.4.2 /progpub=Mini - Adblocker /proguninstallurl=asdahjka.com /deleteappfolder=0 /deletefile2="C:\Users\Admin\AppData\Local\Google\Chrome\Applicationupdate.dll" /deletefile3="C:\Users\Admin\AppData\Local\Google\Chrome\Applicationchrome.dll" /VERYSILENT
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AMINLPMKFCDIBGPGFAJLGNAMICJCKKJF\1.0.3_4\U041F\U043E\U0438\U0441\U043A \U042F\U043D\U0434\U0435\U043A\U0441\U0430
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDKIHDHLEGCDGGKNOKFEKOEMKJJNJHGI\1.0.3_4\U0421\U0442\U0430\U0440\U0442\U043E\U0432\U0430\U044F \U2014 \U042F\U043D\U0434\U0435\U043A\U0441
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GOALOJOOBCFKHDDPBJCMHDCEEEGMAPHH\2.1.8.0_1\U0421\U043E\U0432\U0435\U0442\U043D\U0438\U043A \U0422\U0435\U0441\U043B\U044B
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CNCGOHEPIHCEKKLOKHBHIBLHFCMIPBDH\1.0.9_1\U041F\U043E\U0438\U0441\U043A \U042F\U043D\U0434\U0435\U043A\U0441A
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GEHNGEIFMELPHPLLNCOBKMIMPHFKCKNE\1.0.7_1\U0421\U0442\U0430\U0440\U0442\U043E\U0432\U0430\U044F \U2014 \U042F\U043D\U0434\U0435\U043A\U0441
deldir C:\ProgramData\Mini - Adblocker
deltmp
restart
begin
ClearQuarantine;
QuarantineFile('C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe','');
QuarantineFile('C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk','');
QuarantineFile('C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk','');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?