skinus,bdo,pcts.tray.exe
Started by
roha
, Aug 03 2008 04:51 PM
1 reply to this topic
#1
Posted 03 August 2008 - 04:51 PM
Register to Remove
#2
Posted 04 August 2008 - 06:06 PM
hi,
you didnt post the entire hjt log. its missing the bottom half. it should look like this: of course yours will look a little different than mine does:
Logfile of HijackThis v1.99.1
Scan saved at 6:54:53 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\AntiPhorm\AntiPhorm_Lite.exe
C:\Program Files\Wireshark\wireshark.exe
C:\Program Files\Cain\Cain.exe
C:\Program Files\Network Stumbler\NetStumbler.exe
C:\Program Files\Legion\Legion.exe
C:\Program Files\Ulteo\Virtual Desktop\Virtual Desktop.exe
C:\Program Files\Ulteo\Virtual Desktop\colinux\colinux-daemon.exe
C:\Program Files\Ulteo\Virtual Desktop\xming\Xming.exe
C:\Program Files\Ulteo\Virtual Desktop\colinux\colinux-slirp-net-daemon.exe
C:\Program Files\Ulteo\Virtual Desktop\pulse\pulseaudio.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\da\Desktop\malware\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\VISUAL~2\NTXcontext.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~2\NTXtoolbar.htm (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
you didnt post the entire hjt log. its missing the bottom half. it should look like this: of course yours will look a little different than mine does:
Logfile of HijackThis v1.99.1
Scan saved at 6:54:53 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\AntiPhorm\AntiPhorm_Lite.exe
C:\Program Files\Wireshark\wireshark.exe
C:\Program Files\Cain\Cain.exe
C:\Program Files\Network Stumbler\NetStumbler.exe
C:\Program Files\Legion\Legion.exe
C:\Program Files\Ulteo\Virtual Desktop\Virtual Desktop.exe
C:\Program Files\Ulteo\Virtual Desktop\colinux\colinux-daemon.exe
C:\Program Files\Ulteo\Virtual Desktop\xming\Xming.exe
C:\Program Files\Ulteo\Virtual Desktop\colinux\colinux-slirp-net-daemon.exe
C:\Program Files\Ulteo\Virtual Desktop\pulse\pulseaudio.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\da\Desktop\malware\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\VISUAL~2\NTXcontext.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~2\NTXtoolbar.htm (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
How Can I Reduce My Risk?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users