Analyse thisfor me plz

Discussion in 'Chit Chat' started by alzz, Feb 7, 2011.

  1. alzz

    alzz MDL Novice

    Jul 3, 2010
    36
    9
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:13:48 PM, on 2/7/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\svchost.exe
    G:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\RTHDCPL.EXE
    G:\Program Files\Microsoft Security Client\msseces.exe
    G:\Program Files\Vista Drive Icon\DrvIcon.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\TCB Networks\StrokeIt\StrokeIt.exe
    G:\Documents and Settings\Me\My Documents\tbs\taskbarshuffle.exe
    E:\uTorrent\App\uTorrent\uTorrent.exe
    G:\Program Files\Styler\Styler.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    E:\Malwarebytes\MalwarebytesPortable.exe
    E:\Malwarebytes\App\Malwarebytes\mbam.exe
    G:\Documents and Settings\Me\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - G:\Program Files\FindXer\FindeXer.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [MSC] "G:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [DrvIcon] G:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Malwarebytes\App\Malwarebytes\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StrokeIt] G:\Program Files\TCB Networks\StrokeIt\StrokeIt.exe
    O4 - HKCU\..\Run: [Taskbar Shuffle] G:\Documents and Settings\Me\My Documents\tbs\taskbarshuffle.exe
    O4 - HKCU\..\Run: [uTorrent] "E:\uTorrent\App\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Styler.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296745214390
    O20 - AppInit_DLLs: RemoveFocusRect.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
    O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 4280 bytes
     
  2. BobSheep

    BobSheep MDL Guru

    Apr 19, 2010
    2,326
    1,358
    90
    #2 BobSheep, Feb 7, 2011
    Last edited: Feb 7, 2011
    You can analyse it yourself by pasting the results into the text box http://www.hijackthis.de/en and click analyse.

    You have 4 possibly nasty things.

    G:\Program Files\Microsoft Security Client\msseces.exe
    Possibly nasty! According to our database this process runs normally in c:\programme\microsoft security essentials\! Check if you know this process and arrange a viruscheck where required. Microsoft.

    G:\Program Files\TCB Networks\StrokeIt\StrokeIt.exe
    Possibly nasty! According to our database this process runs normally in c:\programme\strokeit\! Check if you know this process and arrange a viruscheck where required. Erkennung von Mausgesten

    G:\Documents and Settings\Me\My Documents\tbs\taskbarshuffle.exe
    Possibly nasty! According to our database this process runs normally in c:\programme\taskbar shuffle\! Check if you know this process and arrange a viruscheck where required. Taskbar Shuffle

    E:\uTorrent\App\uTorrent\uTorrent.exe
    Possibly nasty! According to our database this process runs normally in c:\programme\! Check if you know this process and arrange a viruscheck where required. Torrent Application
     
  3. alzz

    alzz MDL Novice

    Jul 3, 2010
    36
    9
    0
    Thanks for the link :) Was attacked while cr*cking a customizing tool. Got too desperate. Thanks again!