Help - Search - Members - Calendar
Full Version: Problems
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Olja
May 7 2005, 12:42 PM
Hi giullare.gif (nice new smileys ) cool3.gif
Another problem :(
Yahoo MSN, Quick Time, Winamp, Tunderbird......etc.... everithing on his computer is crashing. Can you help?

Logfile of HijackThis v1.99.1
Scan saved at 22:19:11, on 6.5.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Hajđekdis\HijackThis.exe

O2 – BHO: Google Desktop Search Capture – {7c1ce531-09e9-4fc5-9803-1c2956615786} – C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63-767F-4831-94AC-E683D962C63C} – (no file)
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 – HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 – Extra context menu item: Blokiraj sve slike sa istog servera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj u crnu listu reklama – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Otvori sve linkove na ovoj stranici... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Označi – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Traži – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra button: Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{868BB593-390A-4951-8FB8-1674BB0F2FB0}: NameServer = 161.53.114.135 161.53.114.145
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Mosaic1
May 7 2005, 06:51 PM
Are you getting any error messages? And did this start after a particular install or uninstall? Any changes made around the time this started may help.
Olja
May 7 2005, 07:58 PM
Thanx for the quick response beer.gif

That's friends computer, not mine. He said he instaled Fotonizer, and than he uninstaled it, and deleted everithing conected with Fotonizer from the registry OMG.gif After that problems started... programs crashing. Can we repare registry if it wasn't backed up? Sistem restore maybe? uhm.gif
Mosaic1
May 7 2005, 10:15 PM
You're welcome. The Registry cannot be repaired unless he backed it up first. We have no idea what he may have deleted.

If there is a restore point available, I would say use it. This will take him back to the date of that restore point. All changes made after that date will be lost, other than personal files. Those are not touched.
Olja
May 8 2005, 12:15 PM
Ok, thanx. We'll try that giullare.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.