Wirus sweet-page

Dla specjalistów Bezpieczeństwo
#1

Witam, przychodze dzisiaj do Was z podobnym problemem co ostatnio, a mianowicie wirus ktory sie zainstalowal przy sciaganiu programu. Uwaznie czytalam wszystko co trzeba bylo kliknac i niestety znow ten wirus sie zainstalowal…

 

FRST: http://wklej.org/id/1690832/

Addition: http://wklej.org/id/1690833/

 

Wcześniej komputer został przeskanowany ADW Cleanerem.

#2

Otwórz notatnik systemowy i wklej:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1428828326from=coruid=126614527_331762_98938C08
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1428828326from=coruid=126614527_331762_98938C08q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1428828326from=coruid=126614527_331762_98938C08
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1428828326from=coruid=126614527_331762_98938C08q={searchTerms}
HKU\S-1-5-21-2475122796-767496637-2679531404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1428828326from=coruid=126614527_331762_98938C08
HKU\S-1-5-21-2475122796-767496637-2679531404-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1428828326from=coruid=126614527_331762_98938C08
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2475122796-767496637-2679531404-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1428828326from=coruid=126614527_331762_98938C08q={searchTerms}
CHR HomePage: Default - hxxp://www.sweet-page.com/?type=hpts=1428828326from=coruid=126614527_331762_98938C08
CHR StartupUrls: Default - "hxxp://www.sweet-page.com/?type=hpts=1428828326from=coruid=126614527_331762_98938C08"
S2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
2015-04-18 11:23 - 2015-04-18 12:04 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.