Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Home page prob.[RESOLVED]


  • This topic is locked This topic is locked

#1
Arc-Ange

Arc-Ange

    New Member

  • Member
  • Pip
  • 3 posts
After having run ad-aware and spybot, the problem persist, undected by both of theese.

HijackThis log is:

Logfile of HijackThis v1.99.1

Scan saved at 13:08:38, on 2005/05/25

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\IBM\Director\websrv\dirwbs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINNT\System32\mnmsrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINNT\System32\rundll32.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\IBM\Director\bin\twgipcsv.exe

C:\Program Files\IBM\Director\bin\twgipc.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\WINNT\System32\vmnat.exe

C:\Program Files\IBM\Director\cimom\bin\wmicimserver.exe

C:\WINNT\System32\vmnetdhcp.exe

C:\Program Files\IBM\Director\bin\twgescli.exe

C:\Program Files\IBM\Director\bin\twgmonit.exe

C:\WINNT\System32\wbem\wmiapsrv.exe

C:\Program Files\IBM\Director\bin\nfUMSagent.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINNT\System32\ctfmon.exe

C:\Program Files\C˛ Enterprise V3\C˛ Enterprise.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\Webscanx.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\Program Files\Fichiers communs\Network Associates\On Demand Scanner\Scan32\scan32.exe

C:\Documents and Settings\robpi4\Bureau\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://daosearch.com/search.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mrn

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 144.44.44.44:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [IbmDir] \\intranet\dfs_mrn\ApplicW\Script\Pc\ibmini.cmd

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Disk Keeper] C:\WINNT\System32\Services\{F901D344-2ED6-4FF4-873A-C8E7472B808A}\SECURITY.EXE

O4 - Startup: Mrnconfig.cmd

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Chercher avec Copernic Agent - C:\PROGRA~1\COPERN~1\Web\SEARCH~1.HTM

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.mrn

O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-...sapplet-epf.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix-i.co...nload/ipixx.cab

O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://www.mrn/cabs/mcsimenu.cab

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) -

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.mrn.gouv

O17 - HKLM\Software\..\Telephony: DomainName = intranet.mrn.gouv

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.mrn.gouv

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = intranet.mrn.gouv,mrn,mrn.gouv,foncier.gouv,atlas

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intranet.mrn.gouv

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = intranet.mrn.gouv,mrn,mrn.gouv,foncier.gouv,atlas

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = intranet.mrn.gouv,mrn,mrn.gouv,foncier.gouv,atlas

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: IBM Director Agent Web Server (DirWbs) - Unknown owner - C:\Program Files\IBM\Director\websrv\dirwbs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Oracleoracle8i_homeClientCache - Unknown owner - C:\MrnMicro\Applic\oracle8i\bin\ONRSD.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: IBM Director Support Program (TWGIPC) - IBM Corporation - C:\Program Files\IBM\Director\bin\twgipcsv.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\System32\vmnetdhcp.exe

O23 - Service: VMware NAT Service - Unknown owner - C:\WINNT\System32\vmnat.exe

O23 - Service: IBM Director Agent WMI CIM Server (wmicimserver) - Unknown owner - C:\Program Files\IBM\Director\cimom\bin\wmicimserver.exe



Can someone help me or tell me where i can find info on theese logs?

I know that of theese lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://daosearch.com/search.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mrn

That the first 2 are to be changed/removed. But do i only delete em?
The good home page is http://www.mrn

Edited by Arc-Ange, 25 May 2005 - 12:05 PM.

  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://daosearch.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com

R3 - Default URLSearchHook is missing

O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll

O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll

O4 - HKLM\..\Run: [Disk Keeper] C:\WINNT\System32\Services\{F901D344-2ED6-4FF4-873A-C8E7472B808A}\SECURITY.EXE

Reboot into safe mode and delete:
C:\Program Files\IESearchToolbar <= entire folder
C:\WINNT\System32\Services\{F901D344-2ED6-4FF4-873A-C8E7472B808A} <= entire folder

Regards,
  • 0

#3
Arc-Ange

Arc-Ange

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thx alot,
gonna try it and tell you results
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
:tazz:
  • 0

#5
Arc-Ange

Arc-Ange

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
It worked! problem solved, thx again
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

Please do have a look at my site about removing and preventing spyware.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP