Logi do sprawdzenia.

[Łowca Androidów]

Witam.
Proszę o sprawdzenei logów:
FRST:
http://www.wklej.org/id/1670018/txt/
Additional:
http://www.wklej.org/id/1670016/txt/

[ordynat]

1) Odinstaluj
Roll Around (HKLM-x32\...\Roll Around) (Version: 2.0.5555.10065 - Roll Around)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
HDQ-1.2cV07.01 (HKLM-x32\...\HDQ-1.2cV07.01) (Version: 1.35.12.18 - HDQ-1.2cV07.01)

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

3)

Locked "7c300620d690dcaa" service could not be unlocked. <===== ATTENTION
U5 7c300620d690dcaa; C:\Windows\System32\Drivers\7c300620d690dcaa.sys [77776 2014-03-29] () <===== ATTENTION Necurs Rootkit?

Użyj TDSSKiller >TDSSKiller

4) Otwórz Notatnik i wklej w nim:

Task: {05BCE72F-A3D8-4D3C-A854-EF17140952E4} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-3 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-3.exe <==== ATTENTION
Task: {13FB8B27-D0B0-4073-B5F6-342279A76CD7} - System32\Tasks\AmiUpdXp => C:\Users\Łukasz\AppData\Local\22898\Updater.exe <==== ATTENTION
C:\Program Files (x86)\HDQ-1.2cV07.01
C:\Users\Łukasz\AppData\Local\22898
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {17AD4BF0-C5C1-4C37-9F52-7035D13FFB9F} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-7 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-7.exe <==== ATTENTION
Task: {50CFB23B-0085-44DF-A954-C9B0A00D4451} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-11 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-11.exe <==== ATTENTION
Task: {67DC4DFE-6F05-4BDC-B14A-42218DB03141} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-2 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-2.exe <==== ATTENTION
Task: {88A820CD-60FE-47A2-88A2-3D09DC5916D7} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-1 => C:\Program Files (x86)\HDQ-1.2cV07.01\HDQ-1.2cV07.01-codedownloader.exe <==== ATTENTION
Task: {91D45F4D-5302-49DA-85B1-851F66AC4A9F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {959C841F-2F21-4DED-90C5-1B8200FEE161} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-6 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-6.exe <==== ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Task: {9C310B78-6D5C-4921-AFDF-4ACFA7292802} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {B19323BD-32FC-4ABC-A8CD-F11A9A9C9EE4} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-5 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-5.exe <==== ATTENTION
Task: {BE698DFC-CB79-4493-A897-789C7E42ED2E} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {BF3DB682-0731-4084-968D-9D5CD8E3210F} - System32\Tasks\AVG_SYS_TASK_0215pit => C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe [2015-02-17] ()
Task: {C3A2CB13-09C5-402F-811E-5120926B7DB4} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-07] (globalUpdate) <==== ATTENTION
Task: {CB31C0F8-DDC9-46CD-B5EB-9E0598FE5637} - System32\Tasks\AVG_SYS_TASK_0215pit_DELETE => C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe [2015-02-17] ()
Task: {D2530C41-3650-4895-AFF8-9AF30C22C7EA} - System32\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-4 => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-4.exe <==== ATTENTION
C:\Program Files (x86)\globalUpdate
C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe
Task: {F4C32D89-EA98-4363-B56F-43C9983AB72F} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {F664B2DD-45F1-441F-B985-714C5DC85798} - System32\Tasks\{47D247CA-A2E5-4D02-8768-FFDBC954ABF8} => pcalua.exe -a C:\Users\Łukasz\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
C:\Users\Łukasz\AppData\Roaming\mystartsearch
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\A
ukasz\AppData\Local\22898\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVGNOJW.job => C:\Users\ý˙ukasz\AppData\Roaming\AVGNOJW.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215pit.job => C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215pit_DELETE.job => C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe
Task: C:\Windows\Tasks\DMHMP.job => C:\Users\ý˙ukasz\AppData\Roaming\DMHMP.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-1.job => C:\Program Files (x86)\HDQ-1.2cV07.01\HDQ-1.2cV07.01-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-11.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-2.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-3.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-4.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-5.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-5_user.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-6.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\f4b32426-ba2e-4e2c-b3ba-e04380e13889-7.job => C:\Program Files (x86)\HDQ-1.2cV07.01\f4b32426-ba2e-4e2c-b3ba-e04380e13889-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\NEDS.job => C:\Users\ý˙ukasz\AppData\Roaming\NEDS.exe <==== ATTENTION
Task: C:\Windows\Tasks\VJJEGDU.job => C:\Users\ý˙ukasz\AppData\Roaming\VJJEGDU.exe <==== ATTENTION
C:\Users\ý˙ukasz\AppData\Roaming\NEDS.exe
C:\Users\ý˙ukasz\AppData\Roaming\VJJEGDU.exe
HKLM-x32\...\Run: [mbot_pl_126] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2556698617-805754974-2825200628-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2556698617-805754974-2825200628-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2556698617-805754974-2825200628-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923&q={searchTerms}
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
Toolbar: HKU\S-1-5-21-2556698617-805754974-2825200628-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2556698617-805754974-2825200628-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-01-07] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-01-07] (globalUpdate)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mystartsearch.xml [2014-12-08]
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1418032678&from=amt&uid=WDCXWD1600AVVS-63L2B0_WD-WCAUZ029892398923"
CHR HKLM-x32\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Users\Łukasz\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.2.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - C:\Users\UKASZ~1\AppData\Local\Temp\ccex.crx [Not Found]
OPR Extension: (HDQ-1.2cV07.01) - C:\Users\Łukasz\AppData\Roaming\Opera Software\Opera Stable\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-07] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-07] (globalUpdate) [File not signed]
S2 Service Mgr RollAround; "C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe" [X]
S2 Update Mgr RollAround; "C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe" [X]
U5 7c300620d690dcaa; C:\Windows\System32\Drivers\7c300620d690dcaa.sys [77776 2014-03-29] () <===== ATTENTION Necurs Rootkit?
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf
C:\Program Files (x86)\Roll Around
C:\Users\Łukasz\AppData\Roaming\OpenCandy
C:\Program Files (x86)\0004ee02-697a-4ce7-8134-29c3f248dd8f
C:\Program Files (x86)\7f66b76f-6d74-4a6c-9a8e-0ee21414e4dd
C:\Program Files (x86)\SupTab
C:\Users\Łukasz\AppData\Roaming\AVGNOJW
C:\Users\Łukasz\AppData\Roaming\NEDS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.


5) Zrób nowe logi FRST.
.

[Łowca Androidów]

Zwiększyła sie częstotliwośc wyświetlania reklam w chrome

Logi:

TDSSKiller:
http://wklej.org/id/1670254/txt/

Nowy FRST:
http://wklej.org/id/1670398/txt/

Additional:
http://wklej.org/id/1670401/txt/

[ordynat]

Zwiększyła sie częstotliwośc wyświetlania reklam w chrome

Logi tego nie potwierdzają - nie ma już żadnego reklamiarza, ani w Chrome, ani w ogóle.

Natomaast jest problem z Rootkitem NECURS.
Log z TDSSKiller jest dziwnie krótki, i niczego nie wykrył.
Jeszcze raz użyj tego TDSSKillera.
Powinien wykryć 7c300620d690dcaa.sys

Jeśli nie wykryje, to użyjesz http://www.fixitpc.pl/topic/8-dezynfekcja-zbi%C3%B3r-narz%C4%99dzi-usuwaj%C4%85cych/#entry57587

Potem zrobisz nowy log FRST - już bez Additional.
.

[Łowca Androidów]

TDSSKiller nic nie wykrył:
http://wklej.org/id/1671064/txt/

FRST:
http://wklej.org/id/1671068/txt/

[ordynat]

Otwórz Notatnik i wklej w nim:

C:\Users\Łukasz\AppData\Local\Temp\{9AFF1CCA-4161-4C7F-AED0-76AAAC8749C2}.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.
Uruchom FRST i kliknij przycisk Fix.

Kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

TDSSKiller - usuń ręcznie.

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST
.