Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help

Started by pisco35 , Apr 17 2005 08:30 AM

  • Please log in to reply

#1
pisco35
Posted 17 April 2005 - 08:30 AM

pisco35

    New Member

  • Member
  • Pip
  • 1 posts
Hello there ! I always get this startup page: http://default.home, I run the hijackthis and I got the following log:

Logfile of HijackThis v1.99.1
Scan saved at 15:17:06, on 17/04/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Landmark\EDM\Common Files\JRE_1.4.1\bin\client\DSImpServ.exe
C:\Landmark\EDM\Common Files\JRE_1.4.1\bin\client\DSRegistryService.exe
C:\Program Files\Schlumberger\RPM\MSSQL$SLBRPM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nutsrv4.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\TASKMGRU.EXE
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
C:\WINNT\System32\MSIMN32.EXE
C:\Landmark\VIP\dtvip\exec\VIPrshServer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\LANDMARK\LAM\bin\lmgrd.exe
C:\flexlm\lmgrdslb.exe
C:\Program Files\Schlumberger\RPM\MSSQL$SLBRPM\Binn\sqlagent.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINNT\System32\TASKMGRU.EXE
C:\WINNT\System32\MSIMN32.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.19.130.200:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.19;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINNT\System32\SEARCH~1.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: BHDP Class - {1A1488CB-8028-49ba-AD19-18D13CDC650F} - C:\WINNT\bhoass.dll
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINNT\stlbd.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [TASKMGRU] C:\WINNT\System32\TASKMGRU.EXE
O4 - HKCU\..\Run: [MSIMN32] C:\WINNT\System32\MSIMN32.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc...m::/on-line.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C: oo.mht!http://www.hotoffers...m::/dropper.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.188.110....chm::/file.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsorad...bTelecomInt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3F11EC-AFC2-41A5-A0C6-17C22895F19D}: NameServer = 196.194.64.11,193.251.152.29,193.194.75.35,193.194.64.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C3F11EC-AFC2-41A5-A0C6-17C22895F19D}: NameServer = 196.194.64.11,193.251.152.29,193.194.75.35,193.194.64.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C3F11EC-AFC2-41A5-A0C6-17C22895F19D}: NameServer = 196.194.64.11,193.251.152.29,193.194.75.35,193.194.64.11
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Flexlm slb service - GLOBEtrotter Software Inc. - C:\LANDMARK\LAM\bin\lmgrd.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: Démon Hummingbird Jconfig (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: LGC EDM Data Receiver (E-Mail) - - C:\Landmark\EDM\Common Files\JRE_1.4.1\bin\client\MailService.exe
O23 - Service: LGC EDM Data Receiver (File System) - - C:\Landmark\EDM\Common Files\JRE_1.4.1\bin\client\DSImpServ.exe
O23 - Service: LGC EDM Simultaneous Activity Monitor - - C:\Landmark\EDM\Common Files\JRE_1.4.1\bin\client\DSRegistryService.exe
O23 - Service: LGC License Application Manager - GLOBEtrotter Software Inc. - C:\Landmark\LAM\bin\lmgrd.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINNT\System32\nutsrv4.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\System32\HPZipm12.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Could you help me fix this problem

regards :tazz:
  • 0

Advertisements

#2
insipid
Posted 24 April 2005 - 06:30 AM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
Hi and welcome to GTG, I apologize for the delay getting to your log, the helpers here are very busy. If you are still having malware troubles, I will be glad to help.

Please run through the steps outlined in this Topic
Post back a fresh log when done please

If you have resolved this issue please let us know.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP