Problem z usunięciem nextbestgame.org

Dla specjalistów Bezpieczeństwo
#1

Witam, od jakiś 5 dniu przy starcie systemu uruchamia mi się opera, a w tym strona nextbestgame.org. Adwcleaner nie pomógł, a ccleaner nawet nie chce się otworzyć, tak samo regedit;/ Wrzucam logi z OTL i FRST… Średnio się na tym znam, ale z tego co widziałam będzie to potrzebne do usunięcia tego świństwa.

 

OTL:  http://wklej.org/id/1722824/

 

 

 

FRST: http://wklej.org/id/1722828/

 

           http://wklej.org/id/1722829/

 

 

Proszę bardzo o pomoc.

#2

W panelu sterowania odinstaluj:

Bundled software uninstaller

Feature Update Service

Wsys Control 10.2.1.2652

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://zivlingamer.org && exit
HKU\S-1-5-21-4196207916-4137491889-1814843966-1001\...\Run: [iLivid] => "C:\Users\DELL\AppData\Local\iLivid\iLivid.exe" -autorun
IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
CHR Extension: (No Name) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-10-22]
CHR Extension: (Bookmark Manager) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-22]
S4 0148311407664794mcinstcleanup; C:\Users\DELL\AppData\Local\Temp\014831~1.EXE [821568 2011-02-10] (McAfee, Inc.)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]
2015-05-27 09:41 - 2015-05-27 09:41 - 00864648 _____ () C:\Users\DELL\Downloads\yet_another_cleaner_sk_7478087.exe
2015-05-27 08:12 - 2015-05-27 08:13 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\DELL\Downloads\SpyHunter-Installer.exe
2015-05-27 07:54 - 2015-05-27 07:55 - 00000000 ____ D () C:\AdwCleaner
2014-06-01 09:53 - 2014-06-01 09:53 - 0001226 _____ () C:\Program Files (x86)\trace.log
2014-06-01 09:53 - 2014-06-01 09:53 - 0004282 _____ () C:\Program Files (x86)\updater.log
Task: {8D20AD4D-AF05-4C02-9F2E-9CAEE51E242D} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453343
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453343
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453343
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453343
HKU\S-1-5-21-4196207916-4137491889-1814843966-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453343
HKU\S-1-5-21-4196207916-4137491889-1814843966-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453343
URLSearchHook: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll No File
URLSearchHook: HKU\S-1-5-21-4196207916-4137491889-1814843966-1001 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453344&type=default&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453344&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453344&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453344&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4196207916-4137491889-1814843966-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453344&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4196207916-4137491889-1814843966-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD10JPVT-75A1YT0_WX91EC1DZPX8EC1DZPX8&ts=1382453344&type=default&q={searchTerms}
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: BitTorrentControl_v12 Toolbar -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -> C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll No File
Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll No File
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Raport z usuwania fixlog: http://wklej.org/id/1722848/

 

Raport z AdwCleaner: http://wklej.org/id/1722857/

 

Raport z FRST: http://wklej.org/id/1722859/

 

Po restarcie systemu, nie otwiera mi się już opera i nie ma nextbestgame :slight_smile:

#4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-05-27 10:31 - 2015-05-27 10:33 - 00000000 ____ D () C:\AdwCleaner
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 17 ActiveX

Adobe Flash Player 17 NPAPI

Adobe Flash Player 18 PPAPI

Adobe Reader X

Java 7 Update 45

Zainstaluj:

Flash Player 17.0.0.188 NPAPI

Flash Player 17.0.0.188 ActiveX

Flash Player 17.0.0.188 PPAPI

Java 8 Update 45

Adobe Reader XI 11.0.11

#5

Zrobiłam wszystko jak było napisane :slight_smile:

 

Dziękuję bardzo za pomoc! :slight_smile: