Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avg detects "hidden driver" in Windows/system32/drivers... [

Started by betyar , Dec 28 2008 07:32 AM

  • This topic is locked This topic is locked

#16
JSntgRvr
Posted 28 December 2008 - 02:05 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
The fix was read as follows:

Suspect::C:\cxhfsbpt.exeC:\ikuiiv.exeC:\13202273C:\oruocu.exec:\windows\system32\crashc:\documents and settings\Nándi\Application Data\netstat.batc:\windows\Setup1.exe


It should be read as:

Suspect::
C:\cxhfsbpt.exe
C:\ikuiiv.exe
C:\13202273
C:\oruocu.exe
c:\windows\system32\crash
c:\documents and settings\Nándi\Application Data\netstat.bat
c:\windows\Setup1.exe


Consequently, no files were collected.

That usually happens when Notepad was set to wordwrap or a program, other than Notepad was used to create the script.

Please Open Notepad. Select Format from the menu. Make sure Wordwrap is not checked.

Using Notepad, and only Notepad, please repeat the process on post 11 after the Kaspersky scan.
  • 0

Advertisements

#17
betyar
Posted 28 December 2008 - 03:32 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
this is NOT my day... :)

after the scan I repeat the procedure.thanks for your patience.

there is an another interesting problem.I cannot open the homepage of skype.I noticed it for approx. 2 weeks.at the left corner of the browswer this flashes for a moment:

res://ieframe.dll/dnserror.htm

Edited by betyar, 28 December 2008 - 03:40 PM.

  • 0

#18
betyar
Posted 28 December 2008 - 04:37 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I'm ready with everything.I sent the zip file again.Kaspersky didn't find anything.
  • 0

#19
JSntgRvr
Posted 28 December 2008 - 05:38 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::C:\cxhfsbpt.exeC:\ikuiiv.exec:\windows\Setup1.exe

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

Concerning your last question:

Can you connect to other sites? How do you connect to skype? A direct link or you need to type the address?
  • 0

#20
betyar
Posted 29 December 2008 - 03:21 AM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ready,here are the logs
combofix log:


ComboFix 08-12-28.01 - Nándi 2008-12-29 9:55:03.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1038.18.511.247 [GMT 1:00]
Running from: c:\documents and settings\Nándi\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Nándi\Asztal\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\cxhfsbpt.exe
C:\ikuiiv.exe
c:\windows\Setup1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cxhfsbpt.exe
C:\ikuiiv.exe
c:\windows\Setup1.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-28 20:41 . 2008-12-28 20:40 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 20:41 . 2008-12-28 20:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-28 17:27 . 2008-12-28 17:27 4,096 --a------ c:\windows\system32\crash
2008-12-28 14:11 . 2008-12-28 14:11 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 23:17 . 2008-12-27 23:22 107 --a------ c:\documents and settings\Nándi\Application Data\netstat.bat
2008-12-27 23:04 . 2008-12-27 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2008-12-26 08:38 . 2008-12-27 23:00 <DIR> d-------- c:\program files\a-squared Free
2008-12-25 23:12 . 2008-12-25 23:12 <DIR> d-------- c:\documents and settings\Nándi\Application Data\Malwarebytes
2008-12-25 23:12 . 2008-12-25 23:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-25 21:03 . 2008-12-25 21:03 <DIR> d-------- c:\program files\Avira GmbH
2008-12-25 18:03 . 2008-12-25 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-12-25 11:18 . 2008-12-25 11:26 <DIR> d-------- c:\program files\AviSynth 2.5
2008-12-25 11:17 . 2008-12-25 11:27 <DIR> d-------- c:\program files\Gabest
2008-12-25 00:58 . 2008-12-25 10:30 99 --a------ c:\windows\cdplayer.ini
2008-12-25 00:25 . 2008-12-25 00:51 <DIR> d-------- c:\documents and settings\Nándi\Application Data\DAEMON Tools Pro
2008-12-25 00:25 . 2008-12-25 00:25 <DIR> d-------- c:\documents and settings\Nándi\Application Data\DAEMON Tools
2008-12-25 00:24 . 2008-12-25 00:24 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-25 00:24 . 2008-12-25 00:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-25 00:16 . 2008-12-25 00:28 <DIR> d-------- c:\documents and settings\Nándi\Application Data\DAEMON Tools Lite
2008-12-25 00:16 . 2008-12-25 00:16 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-24 22:38 . 2008-12-24 22:38 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-24 22:16 . 2008-12-24 22:16 <DIR> d-------- c:\documents and settings\Nándi\Application Data\Moyea
2008-12-24 22:15 . 2008-12-24 22:15 <DIR> d-------- c:\program files\Moyea
2008-12-24 00:14 . 2008-12-25 17:42 <DIR> d-------- c:\documents and settings\Nándi\Application Data\Vso
2008-12-24 00:14 . 2008-12-25 17:42 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-24 00:14 . 2008-12-25 17:42 47,360 --a------ c:\documents and settings\Nándi\Application Data\pcouffin.sys
2008-12-24 00:13 . 2008-12-25 18:33 <DIR> d-------- c:\program files\DVDFab 5
2008-12-23 22:39 . 2008-12-23 22:39 2 --a------ C:\13202273
2008-12-23 22:39 . 2008-12-23 22:39 0 --a------ C:\oruocu.exe
2008-12-23 20:48 . 2008-12-23 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SlySoft
2008-12-23 20:46 . 2008-12-23 20:46 <DIR> d-------- c:\program files\SlySoft
2008-12-21 22:23 . 2008-12-24 21:00 43 --a------ c:\windows\gswin32.ini
2008-12-21 18:34 . 2008-12-21 18:34 <DIR> d-------- c:\program files\Lavasoft
2008-12-21 18:34 . 2008-12-21 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-19 14:08 . 2008-12-19 14:08 <DIR> d-------- c:\documents and settings\Nándi\Application Data\Netscape
2008-12-19 14:07 . 2008-12-19 14:07 <DIR> d-------- c:\program files\Netscape
2008-12-18 22:42 . 2008-12-18 22:48 <DIR> d-------- c:\program files\PageFix 2.0
2008-12-18 22:41 . 2008-12-18 22:41 73,216 --a------ c:\windows\ST6UNST.EXE
2008-12-18 15:03 . 2008-12-18 15:03 268 --ah----- C:\sqmdata05.sqm
2008-12-18 15:03 . 2008-12-18 15:03 244 --ah----- C:\sqmnoopt05.sqm
2008-12-18 13:23 . 2008-12-18 13:23 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 19:40 --------- d-----w c:\program files\Java
2008-12-28 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-28 15:44 --------- d-----w c:\documents and settings\Nándi\Application Data\skypePM
2008-12-28 15:44 --------- d-----w c:\documents and settings\Nándi\Application Data\Skype
2008-12-27 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 18:15 --------- d-----w c:\program files\BCDC++
2008-12-27 12:36 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-26 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spontania4IM
2008-12-25 20:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 21:38 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-24 21:38 --------- d-----w c:\program files\Common Files\Real
2008-12-24 20:07 --------- d-----w c:\program files\HTML Guardian 7
2008-12-24 20:06 --------- d-----w c:\program files\FreePDF_XP
2008-12-18 14:50 --------- d-----w c:\program files\TextAloud
2008-12-17 18:21 --------- d-----w c:\documents and settings\Nándi\Application Data\VoipBuster
2008-12-13 15:43 --------- d-----w c:\documents and settings\Nándi\Application Data\zweitgeist
2008-12-13 15:28 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-19 17:21 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll
2008-11-18 17:33 --------- d-----w c:\program files\CDex_170b2
2008-11-11 20:23 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-01-20 09:40 8,161,280 -c--a-w c:\program files\HTML Guardian 7.msi
2007-12-13 19:22 12,972,544 ----a-w c:\program files\gs854w32.exe
2007-12-13 19:13 1,581,056 ----a-w c:\program files\FreePDFXP3.24.EXE
2007-02-06 21:05 24,192 ----a-w c:\documents and settings\Nándi\usbsermptxp.sys
2007-02-06 21:05 24,192 ----a-w c:\documents and settings\Nándi\usbsermptxp.sys
2007-02-06 21:04 22,768 ----a-w c:\documents and settings\Nándi\usbsermpt.sys
2007-02-06 21:04 22,768 ----a-w c:\documents and settings\Nándi\usbsermpt.sys
2008-09-17 17:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091720080918\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-28_23.28.14,43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-29 08:43:01 16,384 ----atw c:\windows\temp\Perflib_Perfdata_224.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-11-24 9017648]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.3ivx"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"d:\\games\\age2\\empires2.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Spontania4IM\\spontaniavideo.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\voipbuster.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 HF30Sys;HF30Sys;\??\c:\program files\Everstrike Software\Hide Folder 3.1\HF30XP.sys [2007-02-23 67888]
R3 HF30Kbd;HF30Kbd;\??\c:\program files\Everstrike Software\Hide Folder 3.1\HF30Kbd2K.sys [2007-02-23 9856]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys []
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.port.hu/pls/tv/tv.prog
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Nándi\Application Data\Mozilla\Firefox\Profiles\7nan50ea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.port.hu/pls/w/tv.prog
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 09:57:01
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-29 9:58:46
ComboFix-quarantined-files.txt 2008-12-29 08:57:39
ComboFix2.txt 2008-12-28 22:29:42
ComboFix3.txt 2008-12-28 22:10:24

Pre-Run: 10 864 713 728 bájt szabad
Post-Run: 10,858,647,552 bájt szabad

196 --- E O F --- 2008-12-18 08:01:39



hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:11, on 2008.12.29.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.port.hu/pls/tv/tv.prog
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1225746414218
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6485 bytes


usually I type the adress of skype,but I tried to reach the site through google too.I didn't realised that I cannot reach other homepages.
  • 0

#21
JSntgRvr
Posted 29 December 2008 - 09:42 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • You will see a setting called “Use the following DNS Server Addresses”. Type the following values for the preferred and alternate DNS Servers respectively.
    208.67.222.222
    208.67.220.220
  • Press OK twice to get out of the properties screen

Test and let me know.
  • 0

#22
betyar
Posted 29 December 2008 - 10:00 AM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi JSntgRvr!

thanks for your answer!I followed your instructions,but it still doesn't work.
  • 0

#23
JSntgRvr
Posted 29 December 2008 - 10:12 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
How you connect to the Internet?
  • 0

#24
betyar
Posted 29 December 2008 - 12:16 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
through cable.

otherwise,can I install back AVG,or wait for a while?

and another question:could you recommend me a good firewall,that can be used by beginners like me?I've heared that comodo is difficult to set for a beginner...

and there is something that I haven't mentioned yet:sometimes the arrow of my mouse suddenly "jumps" from one place to another.I think I've red it somewhere that it might refer to some infection too.

Edited by betyar, 29 December 2008 - 12:43 PM.

  • 0

#25
JSntgRvr
Posted 29 December 2008 - 04:15 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Hi, betyar :)

Lets concentrate on your connection first. So you connect to a modem provided by the Cable company. Your connection is not wireless, meaning, a cable is connected to both, your computer and the Modem. There is no router involved. Is that how you connect?

Lets check some settings on your system:
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen
  • Restart the computer
Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:


netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer and re-try the connection.
  • 0

Advertisements

#26
betyar
Posted 29 December 2008 - 05:05 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
yes,exactly,no router.

ok,I try the above mentioned.
  • 0

#27
JSntgRvr
Posted 29 December 2008 - 05:08 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Keep me posted.
  • 0

#28
betyar
Posted 29 December 2008 - 05:13 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
nothing happened,still page not found appears instead of skype homepage.
  • 0

#29
JSntgRvr
Posted 29 December 2008 - 05:20 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Download the enclosed folder. Save and extract its contents to the desktop. It is a batch file. Once extracted doubleclick on the Test.bat file and post the report it shall produce.
  • 0

#30
betyar
Posted 29 December 2008 - 05:29 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
here is the result:


Helyi kapcsolat:
Csom˘pont IP-cˇme: [10.1.3.232] Hat˘k”r azonosˇt˘ja: []



NetBIOS helyi n‚vt bl zat



N‚v Tˇpus ľllapot

-------------------------------------------------

NANDI <00> EGYEDI Regisztr lt

MUNKACSOPORT <00> CSOPORT Regisztr lt

NANDI <20> EGYEDI Regisztr lt



Windows IP konfiguráció



Állomásnév. . . . . . . . . . . . . . : nandi

Elsődleges DNS-utótag . . . . . . . . :

Csomóponttípus. . . . . . . . . . . . : Kevert

IP útválasztás engedélyezve . . . . . : Nem

WINS-proxy engedélyezve . . . . . . . : Nem



Ethernet-adapter Helyi kapcsolat:



Kapcsolatspecifikus DNS-utótag. . . . :

Leírás. . . . . . . . . . . . . . . . : NVIDIA nForce MCP Networking Controller

Fizikai cím . . . . . . . . . . . . . : 00-50-8D-62-A1-4F

DHCP engedélyezve . . . . . . . . . . : Igen

Automatikus konfiguráció engedélyezve : Igen

IP-cím. . . . . . . . . . . . . . . . : 10.1.3.232

Alhálózati maszk. . . . . . . . . . . : 255.255.248.0

Alapértelmezett átjáró. . . . . . . . : 10.1.0.1

DHCP kiszolgáló . . . . . . . . . . . : 10.250.0.1

DNS-kiszolgálók . . . . . . . . . . . : 195.228.3.2

195.228.240.249

Elsődleges WINS-kiszolgáló. . . . . . : 10.250.0.1

Bérleti jog kezdete . . . . . . . . . : 2008. december 30. 0:10:48

Bérleti jog vége. . . . . . . . . . . : 2008. december 30. 6:10:48



Yahoo.com [68.180.206.184] pingel‚se 32 b jt m‚retű adatokkal:



V lasz 68.180.206.184: b jt=32 id‹=202 ms TTL=40

V lasz 68.180.206.184: b jt=32 id‹=216 ms TTL=40

V lasz 68.180.206.184: b jt=32 id‹=216 ms TTL=40

V lasz 68.180.206.184: b jt=32 id‹=201 ms TTL=40



68.180.206.184 ping-statisztik ja:

Csomagok: kld”tt = 4, fogadott = 4, elveszett = 0 (0% vesztes‚g),

Oda-vissza Łt ideje k”zelˇt‹legesen, milliszekundumban:

minimum = 201ms, maximum = 216ms,  tlag = 208ms



Google.com [74.125.45.100] pingel‚se 32 b jt m‚retű adatokkal:



V lasz 74.125.45.100: b jt=32 id‹=162 ms TTL=244

V lasz 74.125.45.100: b jt=32 id‹=147 ms TTL=244

V lasz 74.125.45.100: b jt=32 id‹=135 ms TTL=244

V lasz 74.125.45.100: b jt=32 id‹=131 ms TTL=244



74.125.45.100 ping-statisztik ja:

Csomagok: kld”tt = 4, fogadott = 4, elveszett = 0 (0% vesztes‚g),

Oda-vissza Łt ideje k”zelˇt‹legesen, milliszekundumban:

minimum = 131ms, maximum = 162ms,  tlag = 143ms

Ezek a Windows szolg ltat sok indultak el:

Alkalmaz si r‚teg  tj r˘szolg ltat sa
Ati HotKey Poller
Automatikus frissˇt‚sek
Biztons gi fi˘kkezel‹
Biztons gi k”zpont
COM+ esem‚nyrendszer
DCOM kiszolg l˘folyamat-indˇt˘
DHCP-gyf‚l
DNS-gyf‚l
Elosztott hivatkoz sk”vet‹ gyf‚l
Esem‚nynapl˘
Feladattemez‹
GEARSecurity
HF30Service
Hibajelent‚si szolg ltat s
H l˘zati helyfigyel‚s (NLA - Network Location Awareness)
H l˘zati kapcsolatok
IPSEC szolg ltat sok
Java Quick Starter
Kiszolg l˘
Kompatibilit s a gyors felhaszn l˘v lt shoz
Konfigur ci˘mentes vezet‚k n‚lkli h l˘zat
Kriptogr fiai szolg ltat sok
Logikai lemezkezel‹
Machine Debug Manager
Munka llom s
M sodlagos bejelentkez‚s
Nyomtat sisor-kezel‹
Plug and Play
Rendszer-helyre llˇt˘ szolg ltat s
Rendszeresem‚ny jelz‚se
Rendszerh‚j hardverfigyel‚se
SSDP keres‹szolg ltat s
SŁg˘ ‚s t mogat s
TCP/IP NetBIOS t mogat˘
Termin lszolg ltat sok
T rcs z˘
T vel‚r‚si csatlakoz skezel‹
T voli elj r shˇv s (RPC)
T voli rendszerleˇr˘ adatb zis
T‚m k
V‚dett t rol˘
WebClient
Windows audi˘
Windows id‹
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows tűzfal/internetkapcsolat megoszt sa (ICS)

A parancs sikeresen v‚grehajt˘dott.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP