mikizino
(Mikolaj Zelazny)
31 Lipiec 2012 22:02
#1
Witam
Więc tak jak w temacie od cholery ludzi ma z tym programem problem. Piszecie o jakimś OTL ściągnąłem na trybie awaryjnym,nacisnąłem Skanuj i w pewnym momencie wyskoczył mi error “Win32 Error. Code 1722. Serwer RPC jest niedostepny.” Prosiłbym o pomoc jakiś zielony w komputerach nie jestem więc ciężko ze mną nie będzie.
– Dodane 01.08.2012 (Śr) 0:12 –
http://www.wklej.org/id/801559/ OTL (to co mam na pulpicie)
Niestety Extras mi nie stworzyło.
Atis
(Atis)
31 Lipiec 2012 23:00
#2
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE:64bit: - HKLM…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ie … 06&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.14010003&st=12&barid={6605E0D1-D121-4E2D-B82D-F966434247BF} IE - HKLM…\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - SOFTWARE\Classes\CLSID{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32 File not found IE - HKLM…\SearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}: “URL” = http://feed.snap.do/?publisher=SnapdoIM … type=ds&q={searchTerms} IE - HKLM…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ie … 06&sr=0&q={searchTerms} IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817 IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 3&st=12&q={searchTerms}&barid={6605E0D1-D121-4E2D-B82D-F966434247BF} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=110393&ba … 195b89fd38 IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoIM … type=ds&q={searchTerms} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoIM … type=ds&q={searchTerms} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoIM … rchtype=hp IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIM … type=ds&q={searchTerms} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}: “URL” = http://feed.snap.do/?publisher=SnapdoIM … type=ds&q={searchTerms} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=90f8cfed00000000000000195b89fd38 IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{87E2E541-0BC3-414E-83B2-D2FD95FF6E76}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=5N&apn_dtid=YYYYYYYYPL&apn_uid=1D3B8AAF-E287-40E3-BD6A-0792A961C42D&apn_sauid=DA18A7E9-F828-4AE2-A03D-E088FA9F2802& IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ie … 06&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: “URL” = http://www.bigseekpro.com/search/browse … dentifier/{3241FBF4-B656-4232-93C8-49748CF2B1E2}?q={searchTerms} IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817 IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{C005CD27-0886-4954-AF15-BFFDB2698FA7}: “URL” = http://mp3tubetoolbar.com/?tmp=toolbar_ … &Keywords={searchTerms}&clid=4a15b26d2bb841e18bbe1270aec31486 IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{CD329C38-30A8-4B01-8D40-56870A8A0DAB}: “URL” = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 3&st=12&q={searchTerms}&barid={6605E0D1-D121-4E2D-B82D-F966434247BF} FF - prefs.js…browser.search.defaultenginename: “search the web (babylon)” FF - prefs.js…browser.search.order.1: “search the web (babylon)” FF - prefs.js…browser.search.param.yahoo-fr: “chr-greentree_ff&type=723823” FF - prefs.js…browser.startup.homepage: “http://search.babylon.com/?af=110393&babsrc=hp_ss&mntrid=90f8cfed00000000000000195b89fd38 ” FF - prefs.js…keyword.url: “http://search.babylon.com/?af=110393&babsrc=adbartrp&mntrid=90f8cfed00000000000000195b89fd38&q= ” FF - prefs.js…sweetim.toolbar.previous.browser.search.defaultenginename: “search the web (babylon)” FF - prefs.js…browser.startup.homepage: “http://search.babylon.com/?af=110393&babsrc=hp_ss&mntrid=90f8cfed00000000000000195b89fd38 ” FF - prefs.js…sweetim.toolbar.previous.keyword.url: “http://mystart.incredimail.com/mb78/?loc=ff_address_bar&a=6r7wqsymdy&search= ” [2012-02-09 12:08:19 | 000,000,000 | —D | M] (Softonic Toolbar) – C:\Users\standard\AppData\Roaming\mozilla\Firefox\Profiles\n6infq98.default\extensions\ffxtlbra@softonic.com [2012-03-10 10:15:47 | 000,000,000 | —D | M] (TheBflix) – C:\Users\standard\AppData\Roaming\mozilla\Firefox\Profiles\n6infq98.default\extensions\info@bflix.info [2012-07-09 11:53:48 | 000,004,003 | ---- | M] () – C:\Users\standard\AppData\Roaming\Mozilla\Firefox\Profiles\n6infq98.default\searchplugins\sweetim.xml [2012-07-31 20:22:43 | 000,002,401 | ---- | M] () – C:\Users\standard\AppData\Roaming\Mozilla\Firefox\Profiles\n6infq98.default\searchplugins\Web Search.xml [2012-05-13 20:03:00 | 000,000,000 | —D | M] (MP3Tube Toolbar) – C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com [2012-03-10 10:18:01 | 000,002,310 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011-09-19 14:18:24 | 000,002,506 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012-04-01 18:16:27 | 000,002,519 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll File not found O2 - BHO: (ADDICT-THING Class) - {C472B93C-ABE0-9E6C-F840-91B07B032B30} - C:\ProgramData\ADDICT-THING\bhoclass.dll () O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\standard\AppData\Roaming\Nowe Gadu-Gadu_userdata\ggbho.1.dll File not found O3:64bit: - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - No CLSID value found. O3 - HKLM…\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll File not found O3 - HKLM…\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\Run: [browser Infrastructure Helper] C:\Users\standard\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar) O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\RunOnce: [0C1D173D4BA396A900001BB9F875EF60] C:\ProgramData\0C1D173D4BA396A900001BB9F875EF60\0C1D173D4BA396A900001BB9F875EF60.exe () O7 - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\System32\Win32.exe O7 - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Aufgaben Planungsmodul = C:\Windows\system32\WinBioDatabase\svchost.exe O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\standard\AppData\Local\Temp\Rar$EX44.744\IDM6102\crack\IEGetAll.htm File not found O8:64bit: - Extra context menu item: Download with IDM - C:\Users\standard\AppData\Local\Temp\Rar$EX44.744\IDM6102\crack\IEExt.htm File not found O8 - Extra context menu item: Download all links with IDM - C:\Users\standard\AppData\Local\Temp\Rar$EX44.744\IDM6102\crack\IEGetAll.htm File not found O8 - Extra context menu item: Download with IDM - C:\Users\standard\AppData\Local\Temp\Rar$EX44.744\IDM6102\crack\IEExt.htm File not found O20:64bit: - AppInit_DLLs: (protector.dll) - File not found O20 - AppInit_DLLs: (protector.dll) - C:\Windows\SysWow64\protector.dll () [2012-07-31 23:06:02 | 000,000,000 | —D | C] – C:\Users\standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012-07-31 23:06:02 | 000,002,030 | ---- | M] () – C:\Users\standard\Desktop\Live Security Platinum.lnk [2012-07-30 14:52:35 | 000,000,332 | ---- | M] () – C:\Windows\tasks\RunOW.job [2012-01-07 13:26:06 | 000,081,920 | ---- | C] () – C:\Users\standard\AppData\Roaming\chrtmp [2006-05-19 02:41:46 | 000,064,274 | -H-- | C] () – C:\Users\standard\AppData\Roaming\cglogs.dat [2005-05-23 22:57:18 | 000,063,258 | -H-- | C] () – C:\Users\standard\AppData\Roaming\standardlog.dat [2011-12-24 00:19:01 | 000,000,198 | ---- | M] () – C:\Windows\Tasks{1263BBBA-2CFC-4CCD-BBA2-A86107A36BCA}.job :Files C:\ProgramData\0C1D173D4BA396A900001BB9F875EF60 :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Pobierz i uruchom SystemLook_x64
Do okna programu wklej:
Kliknij Look i pokaż raport.
mikizino
(Mikolaj Zelazny)
31 Lipiec 2012 23:19
#3
Atis
(Atis)
31 Lipiec 2012 23:40
#4
Uruchom cmd.exe jako administrator:
Jak uruchomić polecenie z pełnymi uprawnieniami?
Wklej i zatwierdź enterem:
sfc /scanfile=C:\Windows\system32\services.exe
reg delete HKCU\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /f
Zrestartuj system.
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIM … type=ds&q={searchTerms} FF - prefs.js…sweetim.toolbar.previous.browser.search.selectedengine: “sweetim search” O4 - HKU\S-1-5-21-2537684419-2088611278-1015452136-1000…\Run: [iDMan] C:\Users\standard\AppData\Local\Temp\Rar$EX44.744\IDM6102\crack\IDMan.exe /onboot File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\System32\Win32.exe :Files C:\Windows\Installer{38a2c247-8b1b-1a8c-7df2-5e31a558380f} C:\System32\Win32.exe C:\Users\standard\AppData\Local{38a2c247-8b1b-1a8c-7df2-5e31a558380f} C:\Users\standard\AppData\Roaming\WinBioDatabase :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Pokaż nowy raport z SystemLook:
Pobierz i uruchom Farbar Service Scanner
Zaznacz wszystkie pozycje i kliknij Scan.
Pokaż ten raport.
mikizino
(Mikolaj Zelazny)
1 Sierpień 2012 00:01
#5
Atis
(Atis)
1 Sierpień 2012 00:14
#6
Na koniec musisz naprawić usługi uszkodzone przez ZeroAccess (Sirefef)
Rekonstrukcja Zapory systemu Windows
Rekonstrukcja Centrum zabezpieczeń systemu Windows
Windows defender i aktualizacje.
Pobierz i rozpakuj archiwum:
http://sendfile.pl/191604/plik.zip
Kliknij prawym na pliku FIX i wybierz Scal.
Jeżeli masz starą wersję programu to odinstaluj: Java, Adobe Reader, Flash Player.
Nie wiem jakie masz wersje, bo nie pokazałeś logu Extras.
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
Aby usunąć wszystkie punkty przywracania
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes-AntiMalware.
Podczas instalacji kliknij Odrzuć żeby zainstalować tylko darmowy skaner.
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
mikizino
(Mikolaj Zelazny)
1 Sierpień 2012 00:30
#7
Dzięki śliczne,zrobiłem wszystko jak pisałeś,wszystko działa. Jesteś wielki!