Alex84

Dobra Panowie, robie formata.

1. Co wgrać z Antyivirusów, Firewalli etc.
2. Robić coś z routerem?
3. Co jeszcze wgrać.

kurcze to ja już nie wiem :/ może pozostałosci po firewallu że nie mogę sluchac radia, grać w CS'a, łączyć się z FTP :/ kurcze jak to usunąć bo pozatym jak usunołem jednego trojana to net już mi nie muli...nie mogę nawet meczu obejżec na sopcascie :/:/:/

hmm, a może coś jest z routerem bo 2 komputer który jest podłączny do niego ma te same obiawy?

dobra daje sobie chyba spokój. robie formata i mam pytanie czy to utnie te problemy? (DNS, złe dopasowanie obrazu na ekranie?)

ok daje loga z combofixa po fixwareout

ComboFix 08-05-09.1 - Olek 2008-05-12 21:04:47.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1552 [GMT 2:00]
Running from: E:\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-12 to 2008-05-12  )))))))))))))))))))))))))))))))
.

2008-05-12 20:39 . 2008-05-12 20:42	<DIR>	d--------	C:\fixwareout
2008-05-11 16:03 . 1999-12-17 10:13	49,664	--a------	C:\WINDOWS\unvise32.exe
2008-05-08 16:03 . 2008-05-08 16:36	<DIR>	d--------	C:\Program Files\Symantec
2008-05-08 14:43 . 2008-05-08 14:58	249,856	---------	C:\WINDOWS\Setup1.exe
2008-05-08 14:43 . 2008-05-08 14:58	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2008-05-08 14:35 . 2008-05-08 14:35	<DIR>	d--------	C:\Documents and Settings\Olek\Dane aplikacji\Symantec
2008-05-08 14:15 . 2008-05-08 16:36	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-08 14:14 . 2008-05-08 16:37	<DIR>	d--------	C:\Program Files\Common Files\Symantec Shared
2008-05-07 20:32 . 2008-05-07 20:32	<DIR>	d--------	C:\!KillBox
2008-04-27 17:16 . 2008-04-27 17:16	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-26 11:57 . 2008-05-09 23:49	320	--a------	C:\WINDOWS\HAFASWIN.INI
2008-04-26 11:57 . 2008-04-26 11:57	21	--a------	C:\WINDOWS\progman.ini
2008-04-23 21:33 . 2008-05-03 10:23	791,224	--a------	C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-16 08:15 . 2007-10-12 15:14	3,734,536	--a------	C:\WINDOWS\system32\d3dx9_36.dll
2008-04-16 08:15 . 2007-10-12 15:14	1,374,232	--a------	C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-16 08:15 . 2007-10-02 09:56	444,776	--a------	C:\WINDOWS\system32\d3dx10_36.dll
2008-04-16 08:15 . 2007-10-22 03:39	267,272	--a------	C:\WINDOWS\system32\xactengine2_10.dll
2008-04-12 18:14 . 2008-04-12 18:14	<DIR>	d--hs----	C:\found.000
2008-04-12 02:09 . 2008-01-01 01:00	60,273	--a------	C:\WINDOWS\system32\pthreadGC2.dll
2008-04-12 02:09 . 2008-04-10 17:50	7,680	--a------	C:\WINDOWS\system32\ff_vfw.dll
2008-04-12 02:09 . 2008-04-10 17:50	6,144	--a------	C:\WINDOWS\system32\ff_acm.acm
2008-04-12 02:09 . 2008-01-01 01:00	547	--a------	C:\WINDOWS\system32\ff_vfw.dll.manifest

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 19:06	79,867,680	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-12 19:06	2,318,880	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-12 18:59	---------	d-----w	C:\Documents and Settings\Olek\Dane aplikacji\Skype
2008-05-12 18:56	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-12 18:40	223,328	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-12 18:40	1,076,156	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-12 14:47	---------	d-----w	C:\Documents and Settings\Olek\Dane aplikacji\MyPhoneExplorer
2008-05-12 12:53	---------	d-----w	C:\Documents and Settings\Olek\Dane aplikacji\skypePM
2008-05-11 14:25	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-06 20:51	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-27 21:28	---------	d-----w	C:\Program Files\Java
2008-04-27 15:15	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-27 15:15	22,328	----a-w	C:\Documents and Settings\Olek\Dane aplikacji\PnkBstrK.sys
2008-04-27 15:15	2,337,865	----a-w	C:\WINDOWS\system32\pbsvc.exe
2008-04-27 15:15	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-04-26 22:25	---------	d-----w	C:\Documents and Settings\Olek\Dane aplikacji\Tibia
2008-04-17 13:46	96,645	----a-w	C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 13:46	87,941	----a-w	C:\WINDOWS\system32\drivers\klick.dat
2008-04-15 20:11	---------	d-----w	C:\Program Files\TibiaTek Development Team
2008-04-07 04:32	---------	d-----w	C:\Program Files\Opera
2008-04-04 21:00	3,086,336	----a-w	C:\WINDOWS\system32\flvvideo.dll
2008-03-13 19:49	---------	d-----w	C:\Program Files\Avanquest update
2008-03-13 19:49	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-03-13 19:47	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-03-13 19:44	---------	d-----w	C:\Program Files\Common Files\Teleca Shared
2008-03-13 19:44	---------	d-----w	C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-13 19:44	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-02-15 13:40	32	----a-w	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"AQQ"="E:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-04-28 21:15 1209328]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856]
"SpybotSD TeaTimer"="e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55 1667584]
"Uniblue RegistryBooster 2"="E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-12 17:34 1910040]
"AlcoholAutomount"="e:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:23 221568]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:26 22014760]
"Sony Ericsson PC Suite"="e:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 09:29 872448]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WinampAgent"="e:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"UnlockerAssistant"="E:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"isDeleteMe"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:44 395776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"aux1"= ctwdm32.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"E:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"E:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"E:\\Program Files\\SopCast\\SopCast.exe"=
"E:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TibiaTek\\TibiaTek Bot\\TibiaTekBot.exe"=
"E:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"E:\\Program Files\\Valve\\hl.exe"=
"E:\\Program Files\\Valve\\hlds.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"E:\\Program Files\\TVAnts\\Tvants.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27015:UDP"= 27015:UDP:1
"27016:UDP"= 27016:UDP:2
"27015:TCP"= 27015:TCP:3

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 ALSysIO;ALSysIO;C:\DOCUME~1\Olek\USTAWI~1\Temp\ALSysIO.sys []
S3 ddsxeiservice;ddsxeiservice2;E:\Program Files\sXe Injected\ddsxei.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 08:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 21:06:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 21:06:56
ComboFix-quarantined-files.txt  2008-05-12 19:06:44

Pre-Run: 12,753,391,616 bajtów wolnych
Post-Run: 12,751,327,232 bajtów wolnych

173

i daje jeszcze screna z programu ACTIVE PORTS. a i czy może mój router (Pentagram Cerberus P 6311-072) jest zainfekowany?



pozdrawiam

ok jak wrócę, do domu później to poskanuje. Daje jeszcze netstat