Trojan weelsof i coś jeszcze

Dla specjalistów Bezpieczeństwo
#1

Złapałem trojana weelsof “Policja…” i byc może coś jescze.Potworzyły sie nowe katalogi etc.

Komputer się całkowicie nie zablokował. Jest problem z instalacją niektórych programów.

Ale ani Malwarebytes ani Dr.Web, ESET Online niczego nie widzą

 

http://wklej.org/id/1700783/

http://wklej.org/id/1700782/

http://www.wklej.org/id/1700781/

 

Z góry dzięki za pomoc

 

Skor

 

#2

Niczego nie złapałeś skoro system nie został zablokowany.

Jeżeli czegoś nie można instalować, to jak zwykle w takich przypadkach podejrzany jest Comodo.

Odinstaluj GeekBuddy.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

BootExecute: autocheck autochk * BootDefrag.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000 -> DefaultScope {AB5AA116-F8F0-4474-975D-6E77BCDD7F6D} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000 -> {AB5AA116-F8F0-4474-975D-6E77BCDD7F6D} URL = http://startsear.ch/?aff=1&q={searchTerms}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 lvupdtio; \??\C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys [X]
S0 ubtc; System32\drivers\srtfr.sys [X]
2015-05-01 02:14 - 2015-05-01 02:14 - 00000000 ____ D () C:\Users\Bartek\Doctor Web
2015-05-01 02:08 - 2015-05-01 02:08 - 00000000 ____ D () C:\Users\Bartek\AppData\Local\F-Secure
C:\1234abc2008-11-03 22:59 - 2008-11-03 22:59 - 0024064 _____ () C:\Users\Bartek\AppData\Roaming\UserTile.png
2009-07-07 21:51 - 2014-09-08 22:07 - 0001356 _____ () C:\Users\Bartek\AppData\Local\d3d9caps.dat
2014-06-27 20:10 - 2014-06-27 20:10 - 0000000 _____ () C:\Users\Bartek\AppData\Local\{FC8BD655-D337-4786-9AD6-C7DB09692992}
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{C529C7EF-A3AF-45F2-8A47-767B33AA5CC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{D969A300-E7FF-11D0-A93B-00A0C90F2719}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{E08BF9C5-191E-4B15-8F67-2622B4DB5580}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{F46316E4-FB1B-46EB-AEDF-9520BFBB916A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1313389747-3327392464-3893987863-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File Path
Task: {40139C49-D1CF-49B6-9ECB-E716ED080277} - System32\Tasks\{4C48519F-D96E-4C32-B072-A8D1F81B5297} => pcalua.exe -a "C:\Program Files\Opera\Launcher.exe" -c /uninstall
Task: {F422FA78-AB47-43A5-88F5-C88DAF2C821F} - \GlaryInitialize 3 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKU\S-1-5-21-1313389747-3327392464-3893987863-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
Folder: C:\1234abc
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.