Разбира се. Приятна вечер.

Разбира се. Приятна вечер.

И на вас

Нямам май проблеми вече.

Не забива толкова както преди.

Благоадаря много

Добре тогава. Ако не си стартирал скрипта от горното съобщение, просто го пропусни. Ще променя инструкциите. Нямаме бърза работа, следващата стъпка може да направиш утре. Ето я:

Следвайте следната инструкция за поправяне на системни файлове със SFC (Windows 7):

• Start и пишете долу в празното поле cmd:
  
  -използвайте клавишна комбинация CTRL+SHIFT+ENTER
  -или десен клик на cmd и клик на Run as administrator
  
• В отворения прозорец (Command prompt) напишете: sfc /scannow и натиснете ENTER. Добре е да разполагате с инсталационен диск на Windows 7, поставен в CD/DVD устройството.
  
  
  
• След като програмата завърши работата си, в отвореното поле на командния прозорец копирайте и поставате следното:
  

  findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

  
  
• Затворете командния прозорец (Command prompt).
  
• Прикачете sfcdetails.txt в следващия си коментар по темата или на rapidshare.
  

Вече го направих:

ComboFix 10-08-07.01 - ASUS 08.2010 г. 22:25:17.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1251.359.1026.18.2013.1210 [GMT 3:00]

Running from: d:\users\ASUS\Desktop\ff1.exe

Command switches used :: d:\users\ASUS\Desktop\CFScript.txt

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::

"d:\programdata\ezsidmv.dat"

"d:\users\All Users\ezsidmv.dat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\programdata\ezsidmv.dat

.

((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))

.

2010-08-07 19:31 . 2010-08-07 19:32 -------- d-----w- d:\users\ASUS\AppData\Local\temp

2010-08-07 19:31 . 2010-08-07 19:31 -------- d-----w- d:\users\Public\AppData\Local\temp

2010-08-07 19:31 . 2010-08-07 19:31 -------- d-----w- d:\users\Default\AppData\Local\temp

2010-08-07 19:23 . 2010-08-07 19:24 -------- d-----w- D:\32788R22FWJFW

2010-08-07 19:12 . 2010-08-07 19:12 119808 ----a-r- d:\users\ASUS\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2010-08-07 19:12 . 2010-08-07 19:12 -------- d-----w- d:\users\ASUS\AppData\Local\Apps

2010-08-07 18:29 . 2010-08-07 18:29 -------- d-----w- d:\program files\PowerISO

2010-08-07 13:06 . 2010-08-07 13:06 63488 ----a-w- d:\users\ASUS\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-07 13:06 . 2010-08-07 13:06 52224 ----a-w- d:\users\ASUS\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-07 13:06 . 2010-08-07 13:06 117760 ----a-w- d:\users\ASUS\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-07 13:06 . 2010-08-07 13:06 -------- d-----w- d:\users\ASUS\AppData\Roaming\SUPERAntiSpyware.com

2010-08-07 13:06 . 2010-08-07 13:06 -------- d-----w- d:\programdata\SUPERAntiSpyware.com

2010-08-07 13:05 . 2010-08-07 13:06 -------- d-----w- d:\program files\SUPERAntiSpyware

2010-08-07 11:56 . 2010-08-07 11:56 -------- d-----w- d:\program files\Sophos

2010-08-07 11:25 . 2010-08-07 11:25 -------- d-----w- d:\windows\system32\Wat

2010-08-07 10:34 . 2009-09-10 05:52 257024 ----a-w- d:\windows\system32\msv1_0.dll

2010-08-07 10:28 . 2010-08-07 10:28 -------- d-----w- d:\program files\Microsoft.NET

2010-08-07 10:27 . 2009-11-25 09:47 99176 ----a-w- d:\windows\system32\PresentationHostProxy.dll

2010-08-07 10:27 . 2009-11-25 09:47 49472 ----a-w- d:\windows\system32\netfxperf.dll

2010-08-07 10:27 . 2009-11-25 09:47 297808 ----a-w- d:\windows\system32\mscoree.dll

2010-08-07 10:27 . 2009-11-25 09:47 295264 ----a-w- d:\windows\system32\PresentationHost.exe

2010-08-07 10:27 . 2009-11-25 09:47 1130824 ----a-w- d:\windows\system32\dfshim.dll

2010-08-07 08:31 . 2010-05-21 05:18 977920 ----a-w- d:\windows\system32\wininet.dll

2010-08-07 08:31 . 2010-05-01 14:49 2326528 ----a-w- d:\windows\system32\win32k.sys

2010-08-07 00:59 . 2010-08-06 14:08 -------- d-----w- d:\windows\Panther

2010-08-06 21:51 . 2010-08-06 21:51 -------- d-----w- d:\users\ASUS\AppData\Roaming\Malwarebytes

2010-08-06 21:51 . 2010-04-29 12:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-08-06 21:51 . 2010-08-06 21:51 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-08-06 21:51 . 2010-08-06 21:51 -------- d-----w- d:\programdata\Malwarebytes

2010-08-06 21:51 . 2010-04-29 12:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-08-06 21:02 . 2010-08-06 21:38 -------- d-----w- d:\program files\qcat

2010-08-06 21:01 . 2010-08-06 21:01 -------- d-----w- D:\KIS9

2010-08-06 20:23 . 2010-08-06 20:23 -------- d-----w- d:\windows\system32\drivers\bg-BG

2010-08-06 20:23 . 2010-08-06 20:23 -------- d-----w- d:\windows\bg-BG

2010-08-06 20:23 . 2010-08-06 20:23 -------- d-----w- d:\windows\system32\wbem\bg-BG

2010-08-06 19:38 . 2010-08-06 19:38 -------- d-----w- d:\users\ASUS\AppData\Roaming\Kaspersky Lab

2010-08-06 18:25 . 2010-08-06 18:25 -------- d-----w- d:\program files\avpbg

2010-08-06 18:04 . 2010-08-06 18:04 932368 ----a-w- d:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-08-06 18:04 . 2010-08-06 18:04 678416 ----a-w- d:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-08-06 18:04 . 2010-08-06 18:04 604688 ----a-w- d:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-08-06 18:04 . 2010-08-06 18:04 522768 ----a-w- d:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-08-06 18:04 . 2010-08-06 18:04 1096208 ----a-w- d:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-08-06 17:51 . 2010-08-06 18:03 97549 ----a-w- d:\windows\system32\drivers\klick.dat

2010-08-06 17:51 . 2010-08-06 18:03 113933 ----a-w- d:\windows\system32\drivers\klin.dat

2010-08-06 17:50 . 2009-12-14 09:44 88632 ----a-w- d:\windows\system32\drivers\CSCrySec.sys

2010-08-06 17:50 . 2009-12-14 09:44 39352 ----a-w- d:\windows\system32\drivers\CSVirtualDiskDrv.sys

2010-08-06 17:50 . 2010-08-06 17:50 -------- dc----w- d:\windows\system32\DRVSTORE

2010-08-06 17:50 . 2010-08-06 17:50 -------- d-----w- d:\program files\Common Files\InfoWatch

2010-08-06 17:23 . 2010-08-06 17:23 420440 ----a-w- d:\programdata\Kaspersky Lab\AVP60MP4\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.4.1424\mcouas.dll

2010-08-06 17:20 . 2010-08-06 17:20 -------- d-----w- d:\programdata\Kaspersky Lab Setup Files

2010-08-06 17:05 . 2010-08-06 17:05 -------- d-----w- d:\program files\uTorrent

2010-08-06 17:05 . 2010-08-07 19:29 -------- d-----w- d:\users\ASUS\AppData\Roaming\uTorrent

2010-08-06 17:03 . 2010-08-07 17:39 -------- d-----w- d:\programdata\Kaspersky Lab

2010-08-06 17:03 . 2010-08-06 17:50 -------- d-----w- d:\program files\Kaspersky Lab

2010-08-06 15:22 . 2010-08-06 15:22 57560 ----a-w- d:\users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-06 14:46 . 2010-08-07 13:04 -------- d-----w- d:\users\ASUS\AppData\Roaming\skypePM

2010-08-06 14:45 . 2010-08-07 19:31 -------- d-----w- d:\users\ASUS\AppData\Roaming\Skype

2010-08-06 14:45 . 2010-08-06 14:45 -------- d-----r- d:\program files\Skype

2010-08-06 14:45 . 2010-08-06 14:45 -------- d-----w- d:\program files\Common Files\Skype

2010-08-06 14:45 . 2010-08-07 19:12 -------- d-sh--w- d:\windows\Installer

2010-08-06 14:45 . 2010-08-06 14:45 -------- d-----w- d:\programdata\Skype

2010-08-06 14:37 . 2010-05-21 11:14 221568 ------w- d:\windows\system32\MpSigStub.exe

2010-08-06 14:31 . 2010-08-06 14:31 -------- d-----w- d:\windows\system32\Macromed

2010-08-06 14:14 . 2010-08-07 17:34 -------- d-----w- d:\windows\system32\wbem\Performance

2010-08-06 14:14 . 2010-01-09 06:52 132608 ----a-w- d:\windows\system32\cabview.dll

2010-08-06 14:14 . 2009-12-29 06:55 172032 ----a-w- d:\windows\system32\wintrust.dll

2010-08-06 14:08 . 2010-08-06 14:08 -------- d-----w- D:\Recovery

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-07 11:25 . 2009-07-14 02:37 -------- d-----w- d:\program files\Windows Mail

2010-08-06 20:23 . 2009-07-14 04:52 -------- d-----w- d:\program files\Windows Sidebar

2010-08-06 20:22 . 2009-07-14 07:49 -------- d-----w- d:\program files\Windows Journal

2010-08-06 20:22 . 2009-07-14 04:52 -------- d-----w- d:\program files\Windows Photo Viewer

2010-08-06 20:22 . 2009-07-14 04:52 -------- d-----w- d:\program files\DVD Maker

2010-08-06 20:22 . 2009-07-14 04:52 -------- d-----w- d:\program files\Windows Defender

2010-08-06 14:50 . 2010-08-06 14:50 0 ---ha-w- d:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-05-27 07:24 . 2010-08-07 08:25 34304 ----a-w- d:\windows\system32\atmlib.dll

2010-05-27 03:49 . 2010-08-07 08:25 293888 ----a-w- d:\windows\system32\atmfd.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2009-12-25 13:42 129552 ----a-w- d:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"PasswordManager"="d:\progra~1\KASPER~1\KASPER~1\KASPER~1\MODULE~1\stpass.exe" [2009-12-24 3037616]

"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="d:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]

"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll d:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MEMSWEEP2;MEMSWEEP2;d:\windows\system32\164E.tmp [x]

R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;d:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;d:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]

S0 KLBG;Kaspersky Lab Boot Guard Driver;d:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;d:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;d:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]

S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;d:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 CSObjectsSrv;CryptoStorage control service;d:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

S3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CDFS

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://www.9384.com/?100013

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\d:\windows\system32\164E.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-08-07 22:34:34

ComboFix-quarantined-files.txt 2010-08-07 19:34

ComboFix2.txt 2010-08-07 17:33

Pre-Run: 54 558 724 096 bytes free

Post-Run: 54 412 906 496 bytes free

- - End Of File - - 2F90D75C382DD92D40434ECB3D26F31C

Ето

sfcdetails.txt

Добре, SFC се опита да поправи само lpremove.exe. Ето заключението на SFC:

Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

Сега има ли повече проблеми и забивания?

Добре, SFC се опита да поправи само lpremove.exe. Ето заключението на SFC:

Сега има ли повече проблеми и забивания?

НЕ.

:clap: :clap: :clap: .

Мисля че прюключихме.

Благодаря ти много

Много .

Много.

Много.

След като няма повече оплаквания от Windows, маркирам проблема като решен.

Сега деинсталирай ComboFix: Start -> с Copy/Paste въведи командата ff1 /Uninstall и натисни OK.

Може да ги изтриеш другите програми, които използвахме в тази тема. Ако желаеш, остави MBAM за сканиране. Тази програмка те спаси.

От мен приятна вечер и успех!

Редактирано 8 август 201015 г. от nologo (преглед на промените)