Fjernet Antivirus XP 2008 ,mistet internett

[vestland]

Hei

 

Har hatt / eller har Antivirus XP 2008 viruset på pc' en. Har brukt forskjellige

programmer for å rese opp, men den er enda ikke helt i form...

 

Problemet nå er at den ikke klarer å koble seg opp til internett. Feilmeldingen er: Finner ikke server.

 

Legger med filen fra combofix loggen hvis noen her kan hjelpe til å tolke den.

 

ComboFix 08-10-18.03 - Arne 2008-10-19 20:52:29.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.500 [GMT 2:00]

Running from: F:\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SYSREST.SYS

-------\Legacy_TDSSSERV

-------\Service_TDSSserv

 

 

((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))

.

 

2008-10-19 17:49 . 2008-10-19 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-10-19 17:41 . 2008-10-19 17:41 <DIR> d-------- C:\Program Files\Yahoo!

2008-10-19 17:41 . 2008-10-19 17:42 <DIR> d-------- C:\Program Files\CCleaner

2008-10-19 17:27 . 2008-10-19 17:35 <DIR> d-------- C:\Program Files\RegCure

2008-10-16 21:13 . 2008-10-16 21:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-16 21:13 . 2008-10-16 21:13 <DIR> d-------- C:\Documents and Settings\Arne\Application Data\Malwarebytes

2008-10-16 21:13 . 2008-10-16 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-16 21:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-16 21:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-20 00:58 . 2008-09-20 00:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Google

2008-09-19 20:45 . 2008-09-19 20:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-09-19 20:38 . 2008-09-19 20:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe

2008-09-19 20:38 . 2008-09-19 20:44 30,254 --a------ C:\WINDOWS\DIIUnin.dat

2008-09-19 20:38 . 2008-09-19 20:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif

2008-09-19 20:33 . 2008-09-19 20:48 <DIR> d-------- C:\Program Files\Diablo II

2008-09-19 20:26 . 2008-09-19 20:26 <DIR> d-------- C:\Program Files\PowerISO

2008-09-19 20:16 . 2008-09-19 20:16 126,976 --a------ C:\WINDOWS\War3Unin.exe

2008-09-19 20:16 . 2008-09-19 23:15 23,656 --a------ C:\WINDOWS\War3Unin.dat

2008-09-19 20:16 . 2008-09-19 20:16 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-09-19 20:11 . 2008-09-21 17:55 <DIR> d-------- C:\Program Files\Warcraft III

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-19 23:03 --------- d-s---w C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft

2008-09-19 16:26 --------- d-----w C:\Program Files\Valve

2008-08-25 20:56 --------- d-----w C:\Documents and Settings\Arne\Application Data\setup_1096_MTUzNXwzNXww_[1]

2008-04-13 15:29 60,968 ----a-w C:\Documents and Settings\Åse Margrethe\GoToAssistDownloadHelper.exe

2008-04-13 15:29 60,968 ----a-w C:\Documents and Settings\Åse Margrethe\GoToAssistDownloadHelper.exe

2007-01-18 15:10 34,552 ----a-w C:\Documents and Settings\Svanhild\Application Data\GDIPFONTCACHEV1.DAT

2006-12-01 16:23 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2006-11-06 17:23 34,552 ----a-w C:\Documents and Settings\Arne\Application Data\GDIPFONTCACHEV1.DAT

2006-03-10 10:10 8 --sh--r C:\WINDOWS\system32\1D63B32A7E.sys

2006-03-10 10:10 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 68856]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-02 344064]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 761945]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]

"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-07 504080]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-04 185896]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 C:\WINDOWS\soundman.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=

"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=

"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\lemer249\\counter-strike\\hl.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\lemer249\\condition zero\\hl.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\lemer249\\deathmatch classic\\hl.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\lemer249\\day of defeat\\hl.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\svenor\\counter-strike\\hl.exe"=

"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"C:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\lemer249\\condition zero deleted scenes\\hl.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Documents and Settings\\Svanhild\\Desktop\\Counter-Strike 1.6 LAN\\CS.exe"=

 

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]

R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2005-07-26 140064]

S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 77072]

.

Contents of the 'Scheduled Tasks' folder

 

2008-09-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

 

2008-10-19 C:\WINDOWS\Tasks\RegCure Program Check.job

- C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21]

 

2008-10-19 C:\WINDOWS\Tasks\RegCure.job

- C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21]

 

2008-10-19 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Åse Margrethe\Application Data\Mozilla\Firefox\Profiles\3ekv78hz.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-19 20:58:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\CA\Etrust Antivirus\InoRpc.exe

C:\Program Files\CA\Etrust Antivirus\InoRT.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-10-19 21:03:15 - machine was rebooted [Åse Margrethe]

ComboFix-quarantined-files.txt 2008-10-19 19:03:09

 

Pre-Run: 46 407 659 520 bytes free

Post-Run: 47,345,442,816 byte ledig

 

162 --- E O F --- 2008-10-12 08:18:21

[norbat]

Klikk: Start->Kjør

Skriv: netsh winsock reset catalog

Restart pc'n

[vestland]

Dessverre fremdeles like dø internett. Har også mistet oppstartsbilde på pc en ( har nå bare blå bakgrunn tidligere hadde jeg den vanlige med gressbakker) hvis det sier noe om hva mer som er feil.

[norbat]

Overfør og kjør winsockfix

 

Når ble linja kuttet - etter combofix?

[vestland]

Mistet internett når jeg fikk viruset. Internett virket ikke på det tidspunktet som jeg kjørte combofix.

 

Hva mener du når du sier overfør ( ?) og kjør winsockfix?? Hva skal jeg overføre og hvordan kjører jeg winsockfix??

[norbat]

Når du ikke har intenett på pc'n så må du laste ned winsockfix på den pc'n som du sitter på nå og overføre programmet til den andre pc'n. Legg programmet på skrivebordet og kjør programmet.

[J@9]

Prøv dette:

Start --> kjør, skriv cmd og trykk enter.. skriv ping hw.no og se om du får svar.. hvis du får svar er det bare en bagatell feil.. vært borti det samme.. viste seg at proxy innstillingene til internett hadde blitt slått på av en eller anna merkelig grunn.

[vestland]

Yes!, du fiksa det! :!: Nå er jeg oppe på internett igjen! Takk skal du ha!