|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-03-2004, 08:22 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 8
OS: 2k,Me and XP
|
whats wrong with this HJT log?please.
Greetings everyone,
Can somebody say me if its something wrong in my OS by having a look through the log file?!Logfile of HijackThis v1.98.2 Scan saved at 13:00:38, on 03-10-2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000) Running processes: C:\WINNT2K\System32\smss.exe C:\WINNT2K\system32\winlogon.exe C:\WINNT2K\system32\services.exe C:\WINNT2K\system32\lsass.exe C:\WINNT2K\system32\svchost.exe C:\WINNT2K\system32\spoolsv.exe C:\Programas\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINNT2K\System32\svchost.exe C:\WINNT2K\System32\nvsvc32.exe C:\WINNT2K\system32\regsvc.exe C:\WINNT2K\system32\MSTask.exe C:\WINNT2K\system32\ZoneLabs\vsmon.exe C:\WINNT2K\Explorer.EXE C:\WINNT2K\System32\WBEM\WinMgmt.exe C:\WINNT2K\system32\svchost.exe C:\Programas\McAfee\McAfee VirusScan\VsStat.exe C:\Programas\McAfee\McAfee VirusScan\Vshwin32.exe C:\Programas\Ficheiros comuns\Network Associates\McShield\Mcshield.exe C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programas\McAfee\McAfee VirusScan\Avconsol.exe C:\progra~1\sibs\mbnet\mbnet.exe C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe C:\Programas\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Programas\Meaya\Popup Ad Filter\PopFilter.exe C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe C:\WINNT2K\System32\RUNDLL32.EXE C:\Programas\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Programas\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\Programas\Zone Labs\ZoneAlarm\zapro.exe C:\WINNT2K\system32\cdplayer.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINNT2K\System32\hpoipm07.exe C:\WINNT2K\System32\wuauclt.exe C:\Programas\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\vasco1\Definições locais\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programas\Copernic Agent\Web\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zmail.pt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@2070,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2K\System32\msdxm.ocx O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programas\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programas\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT2K\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [MBNet] c:\progra~1\sibs\mbnet\mbnet.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT2K\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT2K\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKCU\..\Run: [Popup Ad Filter] C:\Programas\Meaya\Popup Ad Filter\PopFilter.exe O4 - HKCU\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT2K\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programas\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Programas\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programas\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: Allow Popups - C:\Programas\Meaya\Popup Ad Filter\WhiteGetUrl.js O8 - Extra context menu item: Search Using Copernic Agent - C:\Programas\Copernic Agent\Web\SearchExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT2K\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT2K\System32\msjava.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/cc/mbnetbrws.cab O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/cc/mbnetbrws.cab |
|
     
|
|
10-03-2004, 09:32 AM
|
#3 (permalink) | |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,960
OS: Vista Home Premium, SP 27
|
Quote:
I also see nothing wrong with the log,either, although there are bad guys that hide from HJT. Can you tell us why you suspect a problem? BTW, IE5, even with the service packs, is wholly inadequate protection on the net, today. I would recommend that you pay a visit to windows update and get IE6, SP1. |
|
|
|
|
|
10-09-2004, 04:28 PM
|
#4 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 8
OS: 2k,Me and XP
|
Suspicion foundation.
The MBnet.exe refers a cyber credit card app. and therefore, harmless.
All started since i've installed a free AV software and made dat files updates...my system become infected with several malware and running slow, hanging by much applications, some shortcuts in desktop been deactivated and in the program folder just showed empty. In Me os the repairing tools were vanished so as the restore points(could not execute Restrui.exe). |
|
|
|
|
10-10-2004, 07:24 AM
|
#5 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,960
OS: Vista Home Premium, SP 27
|
Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this site to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.
Download and install Spybot S&D. Run Spybot and click on the Search for Updates button. Install any updates if they are available. Next click on the Check for Problems button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro. |
|
|
|
|
| Thread Tools | |
|
|
