"Nieprawidłowa aplikacja win32"

Witam, teraz ja od 2 godzin walczę prawdopodobnie z rootkitem. Od razu zaznaczam, że jestem zielony w tej sprawie i narazie moja walka ogranicza się do czytania różnych forów i poradników. Problem jest podobny do powyższego: po zassaniu jakiegoś badziewia z e-mule zniknęły ikonki avast. Przy próbie otwarcia tego programu pojawia się znajomy komunikat, że “coś tam coś tam” nie jest prawidłową aplikacją win32. Komputer jakbu lekko zamulony. NIe bardzo wiem od czego zacząć… odinstalowałem avast i pspróbuję zaraz wrzucić kasperskiego. W międzyczasie zassałęm takie coś safebootKeyRepair i otzrymałem takie coś:

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

========================

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

~~\SafeBoot\Minimal\Base

~~\SafeBoot\Minimal\Boot Bus Extender

~~\SafeBoot\Minimal\Boot file system

~~\SafeBoot\Minimal\dmboot.sys

~~\SafeBoot\Minimal\dmio.sys

~~\SafeBoot\Minimal\dmload.sys

~~\SafeBoot\Minimal\dmserver

~~\SafeBoot\Minimal\File system

~~\SafeBoot\Minimal\Filter

~~\SafeBoot\Minimal\PCI Configuration

~~\SafeBoot\Minimal\Primary disk

~~\SafeBoot\Minimal\RpcSs

~~\SafeBoot\Minimal\SCSI Class

~~\SafeBoot\Minimal\sermouse.sys

~~\SafeBoot\Minimal\System Bus Extender

~~\SafeBoot\Minimal\vga.sys

~~\SafeBoot\Minimal\vgasave.sys

~~\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}

========================

Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist!

Proszę o pomoc, jakie czynnosci powinienem dalej wykonać…

Wykonaj skan Dr. Web CureIt

Skanowanie wykonane ale nie bardzo mam co wkleić gdyż pojawił się blue screen. Spisałem tylko , że prwdopodobną przyczyną problemów jest coś takiego: QnGN4vF$.sys. Dodam tylko że tryb awaryjny nie działa. Z blue screena musiałem wyjść poprzez restart i po załadowaniu pojawiła mi się info z Microsoft że po jakimś krytycznym błędzie system działa znowy poprawnie ( czy jakoś tak) wysłałem raport i mam to:

Blue screen error caused by a device or driver

You received this message because a hardware device, its driver, or related software has caused a blue screen error. This type of error means the computer has shut down abruptly to protect itself from potential data corruption or loss. In this case, we were unable to detect the specific device or driver that caused the problem.

Troubleshooting


The following troubleshooting steps might prevent the blue screen error from recurring. Try them in the order given. If one step does not solve the problem, then move on to the next one.

Step 1: Download and install the latest updates and device drivers for your computer

Use Windows Update to check for and install updates:

Go online to the Windows Update website:

Windows Update

Note

If Microsoft Update is installed, you’ll be taken to the Microsoft Update website.

Click Custom to check for available updates.

In the left pane, under Select by Type, click each of the following links to view all available updates:

High Priority

Software, Optional

Hardware, Optional

Select the updates you want, click Review and install updates, and then click Install Updates.

If you recently added a new hardware device to your computer, go online to the manufacturer’s website to see if a driver update is available.

If you recently added a new program to your computer, go online to the manufacturer’s website to see if an update is available.

Step 2: Remove any new hardware or software to isolate the cause of the blue screen

If you received the blue screen error after adding a new hardware device or program, and downloading updates didn’t solve the problem, try removing the device or program and restarting Windows. If removing the new device or program allows Windows to start without the error, contact the device or program’s manufacturer to get product updates or to learn about any known issues with the device or program.

Step 3: Scan your computer for viruses

Many blue screen errors can be caused by computer viruses or other types of malicious software.

If you have an antivirus program installed on your computer, make sure it is up to date with the latest antivirus definitions and perform a complete scan of your system. Check your antivirus product’s website for information on getting the latest updates.

If you do not have antivirus software installed on your computer, we recommend using a web-based scanner to check your computer for malware. Many of the top antivirus software providers offer this service free of charge on their websites.

To see a list of Microsoft and third-party providers of antispyware, anti-malware, and antivirus software, go online to the following website:

Security software: Downloads and trials

To see a list of antivirus software vendors, go online to the following Knowledge Base article:

List of antivirus software vendors

Tip

Consider scanning your computer using more than one web-based antivirus scanner, even if you have an antivirus program installed on your computer. This will help make sure that you are using the most up-to-date antivirus definitions and allows you to benefit from the different strengths of each antivirus software manufacturer. If you do run multiple antivirus products, make sure you run only one product at a time. Running multiple antivirus products simultaneously can produce incorrect results.

Step 4: Check your hard disk for errors

You can help solve some computer problems and improve the performance of your computer by making sure that your hard disk has no errors.

Click Start, and then click My Computer.

Right-click the hard disk drive that you want to check, and then click Properties.

Click the Tools tab, and then, under Error-checking, click Check Now.

To automatically repair problems with files and folders that the scan detects, select Automatically fix file system errors. Otherwise, the disk check will report problems but not fix them.

To perform a thorough disk check, select Scan for and attempt recovery of bad sectors. This scan attempts to find and repair physical errors on the hard disk itself, and it can take much longer to complete.

To check for both file errors and physical errors, select both Automatically fix file system errors and Scan for and attempt recovery of bad sectors.

Click Start.

Depending upon the size of your hard disk, this might take several minutes or longer. For best results, don’t use your computer for any other tasks while it’s checking for errors.

Note

If you select Automatically fix file system errors for a disk that is in use (for example, the partition that contains Windows), you’ll be prompted to reschedule the disk check for the next time you restart your computer.

For more information, go online to read the following article:

How to perform disk error checking in Windows XP

Step 5: Restore your computer to an earlier state

If the blue screen error occurred after installing a system or program update, consider using the System Restore feature to remove the changes. System Restore uses “restore points” that have been saved on your computer to return your system to a point in time before the problem began. This won’t fix the problem, but it can make your computer work again.

Do one of the following:

If Windows doesn’t start:

Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.

Use your arrow keys to select Safe Mode with Command Prompt, and then press ENTER.

For more information about safe mode start up options, go online to read an article in the Microsoft Knowledge Base:

Click to read KB315222

If you are prompted to select a version of Windows, select the correct version, and then press ENTER.

Log on to the computer using the Administrator account or an account that has administrator credentials.

Type the following command at a command prompt, and then press ENTER:

[systemroot]\system32\restore\rstrui.exe

(Where [systemroot] is the drive and directory where your Windows system files are located – for example, “C:\Windows”)

Follow the instructions that appear on the screen to restore the computer to an earlier state.

Or, if Windows starts:

Log on to Windows using an administrator account.

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

On the Welcome to System Restore page, select Restore my computer to an earlier time, and then click Next.

On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. You might receive a message that lists configuration changes that System Restore will make. Review this list, and then click OK.

On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows configuration, and then restarts the computer.

Log on to the computer as an administrator.

When the System Restore Restoration Complete page appears, click OK.

Advanced troubleshooting

The following steps can help determine what is causing a blue screen error and provide additional options for solving the problem. Try the above troubleshooting steps first before trying these advanced troubleshooting steps.

This section is intended for advanced computer users, such as software developers and network administrators. If you are not comfortable with advanced troubleshooting procedures, we recommend that you perform these steps with someone who is.

Step 1: Start Windows in safe mode

Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.

Use your arrow keys to select Safe Mode, and then press ENTER.

For more information about safe mode start up options, go online to read an article in the Microsoft Knowledge Base:

Click to read KB315222

If you are prompted to select a version of Windows, select the correct version, and then press ENTER.

Step 2: Collect more information about your computer

To continue troubleshooting this problem, you will need to collect more information about your computer, and then use it to find more information online.

Use Event Viewer to find specific information about this problem

Event Viewer is an advanced tool that displays detailed information about significant events on your computer. It can be helpful when troubleshooting problems and errors with Windows and other programs.

Click Start, click Run, type EVENTVWR, and then click OK.

Click Application.

Click View, and then click Filter.

In the Event Source drop-down menu, click any one of the following: Save Dump, System Error, or Windows Error Reporting.

In the Event ID field, type 1001, and then click OK.

Review each event listed and write down the bugcheck code (for example, 0x000000D1 or 0x0000008E).

Go to the next step to search the Internet for a solution.

Perform an Internet search

Use the information you collected in the previous step to search the Internet for more help. If you find troubleshooting steps, make sure that they apply to your specific computer before you follow them.

Go online to search the Internet for specific bugcheck codes you found using Event Viewer. For example, search for “0x000000D1” or “0x0000008E”.

Go online to search the Internet for the driver name. For example, search for “portcls.sys”.

Go online to search the Internet using different combinations of text, such as “Blue Screen” or “Stop Error” along with the driver or device name. For example, you could search for “portcls.sys bluescreen”.

Step 3: Roll back or disable the problem driver

Start Device Manager. To do this, click Start, click Run, type devmgmt.msc, and then click OK.

Based on the driver and device information you obtained in Step 2 above, double-click the device that you have determined might be causing the problem.

If you think the problem was caused by a recent update of the driver, click the Driver tab, and then click the Roll Back Driver button. If the problem did not coincide with a recent updating of the driver, then click the Disable button instead.

Step 4: Determine whether a third-party program is causing the problem

Click Start, click Run, type msconfig, and then click OK.

Click the General tab, click Selective Startup, clear the Load startup items check box, and then select the Load System Services check box.

Click OK, and then restart the computer.

If Windows starts, go to Step 5. If Windows does not start, go to Step 7.

Step 5: Identify the conflicting program

Because of the number of programs that might be listed, we recommend that you use the following process of elimination:

Click Start, click Run, type msconfig, and then click OK.

Click the Startup tab.

Select approximately half of the listed items, and then click OK.

Restart the computer.

If Windows does not start, restart Windows in safe mode.

Repeat this process until you have identified the program that is causing the problem.

Once you determine that a specific program is causing the problem, we recommend that you remove it if you are not using it.

How do I uninstall a program?

Click Start, click Control Panel, and then click Add or Remove Programs.

Click Change or Remove Programs, click the program you want to remove, and then click Change/Remove or Remove.

Note

If the program that you want to uninstall isn’t listed, it might not have been written for this version of Windows. To uninstall the program, check the information that came with the program.

If you do not want to remove the program, contact the software manufacturer for a solution to the problem.

Step 6: Disable all third-party services

Disable all third-party services to find out whether the problem is being caused by one of them.

Warning

The following procedure describes how to turn off third-party services. Be careful not to disable Microsoft services, because doing so will turn off System Restore and cause you to lose all system restore points.

Click Start, click Run, type msconfig, and then click OK.

Click the Services tab, and then click the Hide all Microsoft services check box to filter the list to third-party services only.

Click Disable all to disable the listed third-party services.

Restart the computer and check to see if the problem has gone away. If it has, you know that one of the disabled third-party services is causing the problem. Go to step 7 to identify which service is causing the problem.

Step 7: Locate and disable the third-party service causing the problem

Warning

The following procedure describes how to turn off third-party services. Be careful not to disable Microsoft services, because doing so will turn off System Restore and cause you to lose all system restore points.

Because of the number of services that might be listed, we recommend that you use the following process of elimination:

Click Start, click Run, type msconfig, and then click OK.

Click the Services tab, and then click the Hide all Microsoft services check box to filter the list to third-party services only.

Disable approximately half the services on the list, and then click OK.

Restart the computer in normal mode.

If Windows starts, then the problem service is among those you disabled. Repeat the process of enabling services in msconfig and restarting Windows until you determine which one causes Windows to not start in normal mode (this is the service that is causing the problem).

If Windows does not start, then the problem service is among those you left enabled. Repeat the process of disabling services and restarting Windows until you determine which one causes Windows to start in normal mode (this is the service that is causing the problem).

If you have determined which service is causing the problem, we recommend that you disable it and contact the service’s manufacturer for information on how to solve the problem. Also, make sure you re-enable any of the other services you disabled for diagnostic purposes.

Help! !!

Wygląda na Bagle. Na początek użyj programów z tej strony

http://www.bezpieczenstwosystemow.pl/in … pic=4518.0

Potem pobierasz ComboFix

viewtopic.php?p=1170959#p1170959

Uruchamiasz i wklejasz loga. Wklejaj na www.wklej.org a tutaj tylko link do wklejki.

Z tego co zdążyłem się dowiedzieć to z dużym prawdopodobieństwem jest Bagle i to jakiś wyjątkowo złośliwy; obawiam się, że programy takie jak hjackthis czy combofix mogą nic nie dać - wczoraj próbowałem tym pierwszym i jak odpaliłem program i klikam Do a system scan and save a logfile po tej operacji zacznie się skanowanie i … lipa - nie tworzy się raport błedów , program tak jakby się wyłączył. Albo jestem gapa albo nie obędzie się bez interwencji fachmana… Po pracy jak wrócę to pokombinuje jeszcze wg Waszych wskazówek, zobaczymy czy combofix coś pokaże…

dzięki za zainteresowanie i czekam na dalszą pomoc, pozdrawiam…

Pobierz Combofixa stad nazwa specjalnie zmieniona inaczej Bagle zainfekuje instalke zanim zostanie ona uruchomiona

http://rapidshare.com/files/235849623/123.com.exe.html

Tak czytam sobie w necie i mam wątpliwości czy napewno użycie combofixa nie wyrządzi mojemu kompowi jakiejś krzywdy :wink: Jest jakaś alternatywa?

Alternatywą jest np format dysków. A tak poważnie, proszę użyć Combofixa i to szybko zanim cokolwiek się uruchamia. Szkodę twojemu komputerowi w chwili obecnej wyrządza Bagle a nie Combofix. Skoro czytasz w internecie to przeczytaj jak należy poprawnie użyć tego narzędzia http://www.searchengines.pl/index.php?s … ntry395642 a najlepiej przeczytaj to o usuwaniu Bagle to zrozumiesz dlaczego zmieniłem nazwę Combofixa http://www.searchengines.pl/Usuwanie-ro … 06680.html

Dzięki za poradę; za jakieś 2-3 godziny jestem w domu i biorę się za leczenie; szczegóły operacji wrzucę oczywiście na forum…

Dodane 22.05.2009 (Pt) 17:17

Zaczęły się schody i to na samym początku tzn. wyłączyłem przywracanie sytemu. Niestety przy próbie naprawy awaryjnego pojawaiają się problemy: po wyborze awaryjnego z obsługą sieci pojawia aię czarny ekran , lecą jakieś pliki a następnie komunikat: Przepraszamy ale program nie otworzył się prawidłowo itp… na dole śmiga stoper i po jakiś 30 sek. włącza się tryb normalny…

czekam na dalsze wsklazówki, tymczasem zasysam kasperskiego i combofix i zapisuję oczywiście pod innymi nazwami…

Dodane 22.05.2009 (Pt) 19:12

Były problemy, ale udało się, choć wydaje mi się że combofixa odpaliłem w trybie normalnym

oto log : http://www.wklej.org/id/94078/

za kilka chwil jak się uda raport z kasperskiego…

Dodane 22.05.2009 (Pt) 20:55

Jednak nie tak za kilka chwil… Kasperski wykrył już 40 syfów a dopiero 42% skanowania. Raport bedzie zatem późno w nocy albo jutro rano. Teraz prosiłbym o odniesienie się do logu z combofixa - da się coś z tego wywróżyć…?

Dodane 22.05.2009 (Pt) 21:56

Sorry, że ciągle coś dopisuję, ale muszę sprecyzować nieco: Kasperski wykrył te syfy które wcześniej znalazł combofix ,np:

detected: Trojan program Trojan-Downloader.Win32.Bagle.auz File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\winupgro.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\1229109.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\190890.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\213453.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\216937.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\231250.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\232625.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\242750.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\251375.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\265125.exe.vir

detected: Trojan program Trojan-Downloader.HTML.Agent.ok File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\3323109.exe.vir

detected: Trojan program Trojan-Downloader.HTML.Agent.ok File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\3325000.exe.vir

detected: Trojan program Trojan-Downloader.HTML.Agent.ok File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\3326390.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\3412109.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\355031.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\3556312.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\366406.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\371484.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\3782750.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\382015.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\383609.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\408437.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\443500.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\463281.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\493296.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\612718.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\615578.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\617750.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\637734.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\638390.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\646468.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\685000.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\708718.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\768484.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\drivers\downld\935812.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Dane aplikacji\m\flec006.exe.vir

detected: Trojan program Trojan-Downloader.Win32.Bagle.auz File: C:\Qoobox\Quarantine\C\Program Files\Nowe Gadu-Gadu\gg.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir

detected: virus Email-Worm.Win32.Bagle.of File: C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir

detected: Trojan program Trojan.Win32.Agent.bptr File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\414750.exe.vir

Nie wiem czy ma to znaczenie ale może powinienem usunąć folder C:\Qoobox\ przed odpaleniem antyvira.

Da się coś wywróżyć z powyższych fusów?

Dodane 23.05.2009 (So) 0:10

http://www.wklej.org/id/94229/

Dodane 23.05.2009 (So) 9:18

Usunąłem co wskazał kaspersky, włączyłem przywracanie systemu, zrobiłem czyszczenie rejestru Ccleanerem, usunąłem folder C:\Qoobox, usunąłem Combo i Kasper, ponowny skan “Mój Komputer” wykonany - kaspersky twierdzi , że czysto…

Czy coś jeszcze Szanowna Służbo E-zdrowia?

A kto twierdził że masz go uruchomić w awaryjnym skoro ten tryb był uszkodzony przez Bagle. Sprawdź czy teraz działa tryb awaryjny

Dokładnie tak miałeś zrobić, usuń ręcznie foldery C: \Qoobox + C:\ SDFix oraz instalkę Combofix z dysku.

Odinstaluj Kasperski Virus Removal Tool

Przeczyść system oraz rejestr CCleaner

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj system Dr.WEB CureIt! pełne skanowanie Jeśli skaner coś znajdzie daj raport na forum

Avast pewno nie działa jeśli tak to trzeba będzie go przeinstalować

W międzyczasie zrobiłem jescze raz skanowanie combofixem: oto log: http://www.wklej.org/id/94309/

Za chwilę sprwadzę czy działa awaryjny…

Starczy powyższy log z combo czy konieczne jest skanowanie Dr.WEB Curelt?

Zrób o co prosiłem w poście powyżej w takiej kolejności jak podałem. Jak skaner nic nie znajdzie znaczy że nie masz wirusów.

Dodatkowo usuń ręcznie folder C:\ Combnadziady utworzył go Combofix

Skaner nic nie znalazł, wnioskuję zatem, że komp czysty :slight_smile:

Wielkie dzięki dla wszystkich życzliwych, szczególnie dla spandaupol… pozdrawiam…