- Сообщения
- 14,905
- Решения
- 4
- Реакции
- 6,834
may may, ваша проблема явно из-за плагинов в браузере. Странно, что в портабл Опере она также проявилась.
1)
эти сайты вы сами в настройках браузера прописывали?
2) Папки
заархивируйте в zip архив с паролем virus . Полученный архив отправьте с помощью этой формы или на этот почтовый ящик: quarantine <at> safezone.cc (замените <at> на @) с указанием ссылки на тему в теме (заголовке) сообщения и с указанием пароля: virus в теле письма.
А также загрузите на RGhost — файлообменник и пришлите ссылку мне в ЛС.
3) У вас очень много плагинов в браузерах установлен. Какие из них вам не знакомы (ставили не вы)?
4)
1)
Код:
HTTP://DREAMLAIR.NET/
HTTP://WWW.SECYRITYGROUP.US
2) Папки
Код:
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ELICPJHCIDHPJOMHIBIFFOJPINPMMPIL\
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLIPCAFLAOCIHNMLHNHCFOMBGMMFGLHO\
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLBJNCDGJEOCEBHNMKBBBDEKMMMCBFJD\
А также загрузите на RGhost — файлообменник и пришлите ссылку мне в ЛС.
3) У вас очень много плагинов в браузерах установлен. Какие из них вам не знакомы (ставили не вы)?
INI:
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\DPS_QuarQ_Search.SU.xml [2012-02-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml [2012-06-15]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml [2012-06-15]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\virustotal-hash.xml [2012-02-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml [2012-06-15]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml [2012-06-15]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\adblockpopups@jessehakanen.net [2013-08-16] [not signed]
FF Extension: IE Tab + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\coralietab@mozdev.org [2013-08-16] [not signed]
FF Extension: ImgLikeOpera - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\imglikeopera@imfo.ru [2013-08-16] [not signed]
FF Extension: NoSquint - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\nosquint@urandom.ca [2013-08-16] [not signed]
FF Extension: Classic Compact Options - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\notreal.ccoptions@environmentalchemistry.com [2013-08-16] [not signed]
FF Extension: SkipScreen - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\SkipScreen@SkipScreen [2013-08-16] [not signed]
FF Extension: Google Translator for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\translator@zoli.bod [2013-08-16] [not signed]
FF Extension: ColorfulTabs - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-08-16] [not signed]
FF Extension: URL Fixer Plus RU and UA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{18957df9-7f03-405d-a021-b847769de1a5} [2013-08-16] [not signed]
FF Extension: wmlbrowser - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} [2013-08-16] [not signed]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-08-16] [not signed]
FF Extension: BetterPrivacy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2013-08-16] [not signed]
FF Extension: Download Statusbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013-08-16] [not signed]
FF Extension: Tab Mix Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\extensions\{dc572301-7619-498c-a57d-39143191b318} [2013-08-16] [not signed]
FF Extension: CensureBlock - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\censureblock@gmail.com [2013-08-16] [not signed]
FF Extension: Custom Buttons - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\custombuttons@xsms.org [2013-08-16] [not signed]
FF Extension: Link Alert - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\linkalert.conlan@addons.mozilla.com [2013-08-16] [not signed]
FF Extension: MinimizeToTray revived (MinTrayR) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\mintrayr@tn123.ath.cx [2013-08-16] [not signed]
FF Extension: RequestPolicy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\requestpolicy@requestpolicy.com [2013-08-16] [not signed]
FF Extension: Toolbar Buttons - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2013-08-16] [not signed]
FF Extension: Flashblock - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-08-16] [not signed]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2013-08-16] [not signed]
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-08-16] [not signed]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-16] [not signed]
FF Extension: FXChrome - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32} [2013-08-16] [not signed]
FF Extension: Fasterfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91} [2013-08-16] [not signed]
FF Extension: Memory Fox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-08-16] [not signed]
FF Extension: Menu Editor - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2013-08-16] [not signed]
FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-08-16] [not signed]
FF Extension: Mouse Gestures Redox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hinzuilf.USERHOM-U73F82G\Extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2013-08-16] [not signed]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2015-11-14] [not signed]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-11-14] [not signed]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2015-11-14] [not signed]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2015-11-14] [not signed]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2015-11-14] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://rompy.ru/","hxxp://kinorai.net/","hxxp://www.videokub.me/","hxxp://mlik.me/"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Диск Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-19]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Video Downloader professional) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-11-19]
CHR Extension: (RSS) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhafkagcdhnhamiaecajogjcfgienom [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-19]
CHR Extension: (RDS bar (seo: тиц, pr, dmoz, yandex)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho [2015-11-19]
CHR Extension: (Ghostery) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-11-19]
CHR Extension: (RSS Subscription Extension (от Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-11-19]
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-19]
CHR Extension: (Голосовой ввод текста - Speechpad.ru) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehlbpmpoabkgenppepoaihkacolpdcf [2015-11-19]
CHR Extension: (SiteBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2015-11-19]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19]
CHR Extension: (RSS Feed Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-11-19]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2015-11-14]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-03-26]
- Закройте все программы, временно выгрузите антивирус, файрволл и прочее защитное ПО.
- Откройте папку с распакованной утилитой uVS и запустите файл start.exe. В открывшимся окне выберите пункт "Запустить под текущим пользователем".
- Выделите и правой кнопкой мыши скопируйте следующий скрипт в буфер обмена:
Код:;uVS v3.86.7 [http://dsrt.dyndns.org] ;Target OS: NTv6.1 v385c BREG delall %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ELICPJHCIDHPJOMHIBIFFOJPINPMMPIL\1.97.51_0\VIDEO DOWNLOADER PROFESSIONAL delall %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLIPCAFLAOCIHNMLHNHCFOMBGMMFGLHO\3.2015.110.122_0\RDS BAR (SEO: ТИЦ, PR, DMOZ, YANDEX) restart
- В uVS выберите пункт меню "Скрипт" => "Выполнить скрипт находящийся в буфере обмена..."
- Нажмите на кнопку "Выполнить" и дождитесь окончания работы программы. Прошу учесть, что компьютер может быть перезагружен.