Witajcie, niedawno przypałętało się do mnie takie robactwo jak wyżej wymienione w temacie, jest jeszcze trochę innego pobocznego syfu jak SmartWeb, Delta Homes, Mysearch123 i inne, po skanowaniu i usuwaniu RegCleanerPro i AdwCleanerem instalują się ponownie same. Zaczyna to już być denerwujące, więc proszę was o pomoc - poniżej wklejki z mojego skanu FRST
Odinstaluj Crossbrowse,GamesDesktop 008.005010071,GamesDesktop 008.005010072,istartsurf uninstall,MyBrowser 1.0.2V26.08,mystartsearch uninstall,PhraseProfessor 1.10.0.22,SmartWeb.Otwórz notatnik systemowy i wklej:
Task: {06461D91-09CF-40CD-829D-CE402D432F48} - System32\Tasks\baT0oSrJd5LjQ5Ls2ThJN2j = C:\Users\abc\AppData\Roaming\baT0oSrJd5LjQ5Ls2ThJN2j.exe [2015-04-20] () ==== UWAGA
Task: {0BF66B8D-DAC0-4F53-A354-731C47E54697} - System32\Tasks\cr2NK0Ws22G = C:\Users\abc\AppData\Roaming\cr2NK0Ws22G.exe [2015-04-20] () ==== UWAGA
Task: {0F9C981B-FC4C-4B91-9CC8-81041F446995} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Pending Update = C:\Program Files\PhraseProfessor_1.10.0.22\Update\PhraseProfessorAutoUpdateClient.exe [2015-08-14] (PhraseProfessor) ==== UWAGA
Task: {1AFD0C07-D7EA-40A1-97AB-1F5EE499670B} - System32\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-10_user = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-10.exe [2015-08-27] (MyBrowser 1.0.2V26.08) ==== UWAGA
Task: {29FC74FA-C05C-4AF5-9AE8-6B5D9A55169B} - System32\Tasks\{94138C8D-AF9D-4195-AEFE-193D2C356E71} = Iexplore.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=6.11.0.102amp;LastError=404
Task: {30B2EF33-46F5-43AF-8508-781EE1AD4718} - System32\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-4 = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-4.exe [2015-08-27] (MyBrowser 1.0.2V26.08) ==== UWAGA
Task: {3D0F0412-7EC0-4283-8DC1-175D21389BE5} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-08-27] (globalUpdate) ==== UWAGA
Task: {44925DC8-DF47-42B6-8C2B-34AD3771BFC5} - System32\Tasks\SmartWeb Upgrade Trigger Task = C:\Users\abc\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) ==== UWAGA
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden ==== UWAGA
Task: {78BFE0F9-6EE9-44C3-B0F6-7FADCB382C31} - System32\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5 = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5.exe [2015-08-27] (MyBrowser 1.0.2V26.08) ==== UWAGA
Task: {8E85F4B8-BB24-46E3-8A0E-6AB5A2B90F55} - System32\Tasks\{3A2C2976-3AA6-4D62-91C6-C7EFF792C03F} = Iexplore.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsProgressBar
Task: {AD34AC35-BCE9-425D-A53A-EA12550E78A0} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-08-27] (globalUpdate) ==== UWAGA
Task: {ADAC9F2C-11DA-4EC3-890C-E108EEF302FB} - System32\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-6 = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-6.exe [2015-08-27] (MyBrowser 1.0.2V26.08) ==== UWAGA
Task: {AF863DCD-ADE7-499A-8BC6-F2C0111F9AC2} - System32\Tasks\{DEEB760C-A8C5-4A86-9F3F-414449569989} = Iexplore.exe http://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?source=lightinstalleramp;page=tsMain
Task: {B1693FF1-C3B6-4881-BBB2-7A61C7192D01} - System32\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5_user = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5.exe [2015-08-27] (MyBrowser 1.0.2V26.08) ==== UWAGA
Task: {B542803B-61EA-44DF-96BB-396CD4AA0981} - System32\Tasks\Crossbrowse = C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe [2015-08-27] () ==== UWAGA
Task: {D2679DA4-D259-4091-83DC-76D2FA7EDC45} - System32\Tasks\PU47AmABX2gRB = C:\Users\abc\AppData\Roaming\PU47AmABX2gRB.exe [2015-04-20] () ==== UWAGA
Task: {D3DF5A8A-8230-46D7-B6F7-A70604178178} - System32\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-7 = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-7.exe [2015-08-27] (MyBrowser 1.0.2V26.08) ==== UWAGA
Task: {D7C2EC1F-B84B-4FFC-A483-AA12349C5D00} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3881549247-1123564808-947153969-1003UA = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-24] (Facebook Inc.)
Task: {E91B46AC-F460-4D60-9006-EC22F174B4C5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3881549247-1123564808-947153969-1003Core = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-24] (Facebook Inc.)
Task: {F2EB6B15-9FE7-43E4-9EC3-113AF52F6F95} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Core = C:\Program Files\PhraseProfessor_1.10.0.22\Update\PhraseProfessorAutoUpdateClient.exe [2015-08-14] (PhraseProfessor) ==== UWAGA
Task: C:\Windows\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-6.job = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-6.exe ==== UWAGA
Task: C:\Windows\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-7.job = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-1-7.exe ==== UWAGA
Task: C:\Windows\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-10_user.job = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-10.exe ==== UWAGA
Task: C:\Windows\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-4.job = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-4.exe ==== UWAGA
Task: C:\Windows\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5.job = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5.exe ==== UWAGA
Task: C:\Windows\Tasks\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5_user.job = C:\Program Files\MyBrowser 1.0.2V26.08\77009a7f-bc1c-4ebb-af51-9c6ec5fcab67-5.exe ==== UWAGA
Task: C:\Windows\Tasks\baT0oSrJd5LjQ5Ls2ThJN2j.job = C:\Users\abc\AppData\Roaming\baT0oSrJd5LjQ5Ls2ThJN2j.exe ==== UWAGA
Task: C:\Windows\Tasks\cr2NK0Ws22G.job = C:\Users\abc\AppData\Roaming\cr2NK0Ws22G.exe ==== UWAGA
Task: C:\Windows\Tasks\Crossbrowse.job = C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe ==== UWAGA
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3881549247-1123564808-947153969-1003Core.job = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3881549247-1123564808-947153969-1003UA.job = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files\globalUpdate\Update\globalupdate.exe ==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files\globalUpdate\Update\globalupdate.exe ==== UWAGA
Task: C:\Windows\Tasks\PU47AmABX2gRB.job = C:\Users\abc\AppData\Roaming\PU47AmABX2gRB.exe ==== UWAGA
HKLM\...\Run: [gmsd_pl_005010066] = [X]
HKLM\...\Run: [gmsd_pl_005010069] = [X]
HKLM\...\Run: [gmsd_pl_005010070] = [X]
HKLM\...\Run: [gmsd_pl_005010071] = C:\Program Files\gmsd_pl_005010071\gmsd_pl_005010071.exe [3979920 2015-08-25] ()
HKLM\...\Run: [SmartWeb] = C:\Users\abc\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM\...\Run: [gmsd_pl_005010072] = C:\Program Files\gmsd_pl_005010072\gmsd_pl_005010072.exe [3988112 2015-08-26] ()
HKLM\...\RunOnce: [upgmsd_pl_005010071.exe] = C:\Users\abc\AppData\Local\gmsd_pl_005010071\upgmsd_pl_005010071.exe [3332240 2015-08-25] ()
HKLM\...\RunOnce: [upgmsd_pl_005010072.exe] = C:\Users\abc\AppData\Local\gmsd_pl_005010072\upgmsd_pl_005010072.exe [3369104 2015-08-26] ()
HKU\S-1-5-21-3881549247-1123564808-947153969-1003\...\Run: [Facebook Update] = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-24] (Facebook Inc.)
HKU\S-1-5-21-3881549247-1123564808-947153969-1003\...\Run: [apphide] = C:\Program Files\baidu\pps.exe [77824 2015-08-12] ()
HKU\S-1-5-21-3881549247-1123564808-947153969-1003\...\Run: [GoogleChromeAutoLaunch_DBEAE3D1B8A49E529172E88FBE5B8643] = C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [770048 2015-05-11] (Crossbrowse)
Startup: C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-27]
ShortcutTarget: crossbrowse.lnk - C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-26]
ShortcutTarget: SmartWeb.lnk - C:\Users\abc\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
HKU\S-1-5-21-3881549247-1123564808-947153969-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}ei=utf-8fr=b1ie7
SearchScopes: HKU\.DEFAULT - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}form=MSSEDFpc=MSE1
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}form=MSSEDFpc=MSE1
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - {68635511-256D-4C5C-AD3A-21649E46F960} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3881549247-1123564808-947153969-1003 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
BHO: Brak nazwy - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - Brak pliku
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1440662322z=3605b776fe80eaa2dc7b505gfz8zfecq8q4ofofe7mfrom=cmiuid=TOSHIBAXMK1237GSX_Y72JF7GOSXXY72JF7GOS
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hpts=1440662322z=3605b776fe80eaa2dc7b505gfz8zfecq8q4ofofe7mfrom=cmiuid=TOSHIBAXMK1237GSX_Y72JF7GOSXXY72JF7GOS
FF SearchPlugin: C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\2seppa89.default-1440530983471\searchplugins\mystartsearch.xml [2015-08-27]
FF Extension: MyBrowser 1.0.2V26.08 - C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\2seppa89.default-1440530983471\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-08-27]
FF Extension: Default SearchProtected - C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\2seppa89.default-1440530983471\Extensions\defsearchp@gmail.com [2015-08-27]
FF Extension: deskCut - C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\2seppa89.default-1440530983471\Extensions\deskCutv2@gmail.com [2015-08-26]
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx nie znaleziono
CHR HKLM\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\Agata\AppData\Roaming\BabSolution\CR\searchgol.crx nie znaleziono
CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\WebCakeLayers.crx nie znaleziono
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx nie znaleziono
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx nie znaleziono
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx nie znaleziono
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx nie znaleziono
R2 bohotigu; C:\Program Files\407DC576-1440151897-DC11-9287-920E32FE34C7\knso2613.tmp [355328 2015-08-25] () [Brak podpisu cyfrowego]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-27] (globalUpdate) [Brak podpisu cyfrowego] ==== UWAGA
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-27] (globalUpdate) [Brak podpisu cyfrowego] ==== UWAGA
R2 hyverumu; C:\Program Files\407DC576-1440151897-DC11-9287-920E32FE34C7\jnstFAB6.tmp [209920 2015-08-21] () [Brak podpisu cyfrowego]
R2 IHProtect Service; C:\Program Files\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
R2 kefowydy; C:\Program Files\407DC576-1440151897-DC11-9287-920E32FE34C7\hnst127C.tmp [137728 2015-08-21] () [Brak podpisu cyfrowego]
R4 WindowsMangerProtect; C:\ProgramData\DWinManProD\WinManPro.exe [707720 2015-08-26] (DTools LIMITED) ==== UWAGA
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 gopibeko; C:\Users\abc\AppData\Local\407DC576-1440159157-DC11-9287-920E32FE34C7\snsoC3F0.tmp [X]
R1 ppfd_vt_1_10_0_22; C:\Windows\System32\drivers\ppfd_vt_1_10_0_22.sys [56464 2015-08-14] (PhraseProfessor)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
2015-08-27 10:05 - 2015-08-27 10:06 - 00000000 ____ D C:\Program Files\MyBrowser 1.0.2V26.08
2015-08-26 12:14 - 2015-08-26 12:15 - 00000000 ____ D C:\ProgramData\OWinManProO
2015-08-26 11:00 - 2015-08-26 12:20 - 00000000 ____ D C:\AdwCleaner
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\abc\AppData\Roaming\baT0oSrJd5LjQ5Ls2ThJN2j
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\abc\AppData\Roaming\baT0oSrJd5LjQ5Ls2ThJN2j.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\abc\AppData\Roaming\cr2NK0Ws22G
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\abc\AppData\Roaming\cr2NK0Ws22G.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\abc\AppData\Roaming\PU47AmABX2gRB
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\abc\AppData\Roaming\PU47AmABX2gRB.exe
2015-08-24 11:49 - 2015-08-24 11:49 - 0613255 _____ (CMI Limited) C:\Users\abc\AppData\Local\nse90B0.tmp
2015-08-24 14:04 - 2015-08-24 14:04 - 0613255 _____ (CMI Limited) C:\Users\abc\AppData\Local\nsfFE8C.tmp
2015-08-25 15:10 - 2015-08-25 15:10 - 0613255 _____ (CMI Limited) C:\Users\abc\AppData\Local\nsgE380.tmp
2015-08-25 21:52 - 2015-08-25 21:52 - 0613255 _____ (CMI Limited) C:\Users\abc\AppData\Local\nsj18FE.tmp
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/