Cityadspix.com - jak to powstrzymać?


(Jarekmachos) #1

Witam , mam pewien problem.

 

Otóż , gdy korzystam z Chroma , często gdy cokolwiek kliknę , wyskakuje mi strona cityadspix.com , która przekierowywuje mnie na aliexpress.com.

Jak to $!*#!@ usunąć!? To naprawdę mnie denerwuje.

 

Z góry dziękuje za pomoc.


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Jarekmachos) #3

FRST - http://wklej.org/id/1567070/

Addition - http://wklej.org/id/1567071/


(Atis) #4

http://whois.domaintools.com/94.249.192.115

Zainfekowany jest router: http://forum.dobreprogramy.pl/wirus-reklama-amazon-t486597/


(Jarekmachos) #5

Dzięki , jak na razie problem ustał.


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2868224 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2868224 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2947382301-1386515756-2943963481-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2868224 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2868224 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
S4 LMIRfsClientNP; No ImagePath
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
C:\AdwCleaner
C:\ProgramData\hash.dat
Task: {0DD8FB53-7EEF-4A71-A0A7-27EF3B4A751F} - System32\Tasks\{0B8BFB5F-7D2D-46FA-BDE1-43532D39B657} => K:\Install.exe
Task: {0EE440B7-5835-4AA9-8ECC-B37FFCC80E40} - System32\Tasks\{D6F7F49A-1ADE-4959-932F-4CEA8B22ACD6} => C:\Users\Jarek\Downloads\Test.Drive.Unlimited.PL\1.test_drive_unlimited_pl_patch_vistapl\TDU_VISTA_PATCH.exe
Task: {1642A926-49C0-434C-90A5-5E452FC01140} - System32\Tasks\{B740E099-015D-452D-885B-EBD44966F150} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.1.0.112.259&amp;LastError=404
Task: {2F364D10-8017-44E3-85B0-0D040F3F530F} - System32\Tasks\{35F606D2-B669-48E1-BDA2-E456DC084011} => E:\Gry\NFS Underground\Speed.exe
Task: {4CC1B2CC-8D1E-4FB9-9AF1-DB439F7F67A3} - System32\Tasks\{9E275F84-9C6E-4159-BCF1-84C83AFFDA8B} => pcalua.exe -a "C:\Users\Jarek\Desktop\Gry\Do gier\imgtool20\imgtool20\IMGTool.exe" -d "C:\Users\Jarek\Desktop\Gry\Do gier\imgtool20\imgtool20"
Task: {5D591D1C-6533-475A-945D-6A86C57515FE} - System32\Tasks\{E2EB7190-87A6-49D6-B349-B2E4317BACA3} => C:\Users\Jarek\Desktop\Programy\G-IMG\G-IMG.exe
Task: {6B5E994C-DEAA-46FB-BDFC-0769DC00D860} - System32\Tasks\{AA1D5215-0BA4-48E0-81F6-0C359E32BD1A} => C:\Users\Jarek\Downloads\KKR2 PL\setup.exe
Task: {74134B72-91AC-44EE-8F4A-C9565BD4DDF0} - System32\Tasks\{A0E8912B-2479-4179-8618-959AA6A4F3D2} => pcalua.exe -a K:\SetupUbi.exe -d K:\
Task: {75342031-E09D-4103-9F64-808C119896A8} - System32\Tasks\{1F168454-DBC3-4CE7-86B0-D9B0F7778A85} => E:\Gry\Worms 3D\Launcher.exe
Task: {774D34EA-757B-4393-A686-E920256EE07F} - System32\Tasks\{97BE565A-EC13-4083-89F5-F43D4E3A2B54} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112.259/pl/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=404&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {A8F2BAF2-9CED-47A0-9E30-1292D53A55FA} - System32\Tasks\{6EAB2D3B-E0D0-464B-931D-F2A3581F0FDE} => pcalua.exe -a "E:\Gry\NFS Carbon\EAUninstall.exe"
Task: {B02EF4B3-B94F-4F87-ADBE-049A2AD4A488} - System32\Tasks\{30059D06-C162-4FD9-B66F-6C43C815E9BC} => C:\Users\Jarek\AppData\Roaming\Splitscreen Studios\Dino Storm\Launcher.exe
Task: {B5AE810E-BDF7-4A99-B197-1E839E539BA9} - System32\Tasks\{BDC982E0-E2F6-4EF1-8F6E-C8889B100A13} => pcalua.exe -a "C:\Users\Jarek\Downloads\Multimedia Fusion 2 + Extras\Multimedia Fusion 2 Plus Extras\extensions\MMF2ExtPack2.exe" -d "C:\Users\Jarek\Downloads\Multimedia Fusion 2 + Extras\Multimedia Fusion 2 Plus Extras\extensions"
Task: {CA40C937-E3B6-4735-928E-F8D33836408A} - System32\Tasks\{2B4F1B5F-711E-4BDA-9C4B-517E767DE5AD} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/pl/go/help.faq.installer?LastError=1603
Task: {D6783411-637A-4D01-AD9E-3800C49ECC6A} - System32\Tasks\{1131AB72-1F95-465B-AA2E-59CF2416A000} => pcalua.exe -a "C:\Users\Jarek\Downloads\Multimedia Fusion 2 + Extras\Multimedia Fusion 2 Plus Extras\Multimedia_Fusion_2_Extension_Pack_1_241_Update_Serial_No_Libs_\update\mmf2 241.exe" -d "C:\Users\Jarek\Downloads\Multimedia Fusion 2 + Extras\Multimedia Fusion 2 Plus Extras\Multimedia_Fusion_2_Extension_Pack_1_241_Update_Serial_No_Libs_\update"
Task: {D7E4FD3F-CD54-4D8E-87B7-E52C7EF1B95A} - System32\Tasks\{EFF20D9F-2E37-4093-84A2-BDF01F044A2E} => E:\Gry\GTA SA\GTA San Andreas\gta_sa.exe
Task: {DE373DC6-A1F0-4152-BB3B-3BDF5AA4E590} - System32\Tasks\{E37C2625-13F0-4B41-92EE-A863539819C9} => E:\Gry\Worms 4 Mayhem\Worms 4 Mayhem\Tecsetup.exe
Task: {FDA9F940-109A-4941-9D06-D1AB080E9E82} - System32\Tasks\{B95E4475-074E-48EB-8AB3-DC85B673150A} => pcalua.exe -a "C:\Users\Jarek\Desktop\Minecraft Multiplayer.exe" -d C:\Users\Jarek\Desktop
Task: {FEFE0DD9-F522-4B12-AE85-6BDD9FD10EE1} - System32\Tasks\{CE6AAD5B-CFC3-4F51-89FE-AEE25DA2879C} => E:\Gry\GTA SA\GTA San Andreas\gta_sa.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Jarekmachos) #7

Oto raporty :

 

Fixlog - http://wklej.org/id/1567398/

FRST - http://wklej.org/id/1567399/


(Atis) #8

Nadal masz zainfekowany router.

Skasuj folder C:\FRST

Odinstaluj:

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Adobe Reader XI (11.0.08)

Java 7 Update 51

Java 7 Update 67

Microsoft Silverlight

Zainstaluj:

Flash Player 16.0.0.235 ActiveX

Flash Player 16.0.0.235 Plugin

Adobe Reader XI 11.0.10

Flash Player 16.0.0.235 ActiveX

Java 8 Update 25

Service Pack 1 x64 (903.2 MB)

Internet Explorer 11