isfann 0 Report post Posted May 1, 2005 salam.....nak tanya arr.... aku punya pc kena infect dgn trojan @ virus dialer la...tiap kali aku restart pc... dialer stimix aku tukar ke no lain... (login name dll.. semua tukar... tiap kali aku kena create dialer baru....kalo nak tenet...)aku dan scan guna norton.... hijack disk.. adware... = result dia tak menunjukkan yang aku kena virus @ trojan....so.. sesaper yang penah kena kes cam aku ni... sila beri tunjuk ajar camner nak meremovekan benda ni...tima kasih... Quote Share this post Link to post Share on other sites
dzulcarnine 2 Report post Posted May 1, 2005 masuk control panel, uninstall jer benda tu kat add/remove program Quote Share this post Link to post Share on other sites
isfann 0 Report post Posted May 1, 2005 aku dah check kat add/remove program... takder dalam tu le beb... camner arrr.. rimas aku nengok dialer ni... Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 1, 2005 apapun, post lah HijackThis log kat sini. Quote Share this post Link to post Share on other sites
isfann 0 Report post Posted May 1, 2005 Logfile of HijackThis v1.99.0Scan saved at 11:53:55 PM, on 01-05-2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\CTHELPER.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\Webroot\Accelerate\accelerate.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Program Files\CursorXP\CursorXP.exeC:\Program Files\SEC\Natural Color\NaturalColorLoad.exeC:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\System32\mdm.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\isfanx\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /SO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [ntdetect32] C:\Documents and Settings\isfanx\Desktop\New Folder (2)\Project1.exe 840O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimizedO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [Kapsules] C:\Program Files\Carbon 6\Kapsules\Kapsules.exeO4 - HKCU\..\Run: [Project1] C:\Documents and Settings\isfanx\Desktop\startup\Project1.exeO4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exeO4 - Startup: IntelligentWakeUp.lnk = C:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: NaturalColorLoad.lnk = ?O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cabO16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AFD5469C-5C76-4F2C-A6D3-3F24F5270E13}: NameServer = 10.251.3.2O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeader apa2 yang mencurigakan tak?... Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 1, 2005 (edited) adoiii... Norton ni buat hal lagi..aku tak berani la nak komen HijackThis ko ni, sebab aku tak tau PC ko mcm mana.cuba la try pki software ni plak utk detect dialer @ trojan yg mungkin ada:http://www.download.com/3000-2239-10262215...page&tag=buttonp/s: Norton mmg lemah nak detect trojan & dialer. a-squared (a2) Free ni ko leh buat backup scanner utk Norton. Edited May 1, 2005 by joetbg_x Quote Share this post Link to post Share on other sites
isfann 0 Report post Posted May 1, 2005 ok.. aku try dgn link yang ko bagi tu... selalunya.. sebelm ni cara aku = format jerk... (maleh nak pikir...) tapi kali ni aku nak try carik solution dia dulu.. maleh dah nak format... heheehe Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 1, 2005 format mmg la selesai masalah.format ibarat "bunuh diri", mmg selesai masalah dunia ni. tp mujur la komputer takde nyawa. bleh idup semula lepas format. Quote Share this post Link to post Share on other sites
civ3 9 Report post Posted May 1, 2005 buang mende useless ni:O4 - HKLM\..\Run: [ntdetect32] C:\Documents and Settings\isfanx\Desktop\New Folder (2)\Project1.exe 840O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3O4 - HKCU\..\Run: [Kapsules] C:\Program Files\Carbon 6\Kapsules\Kapsules.exeO4 - HKCU\..\Run: [Project1] C:\Documents and Settings\isfanx\Desktop\startup\Project1.exeO4 - Startup: IntelligentWakeUp.lnk = C:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exeO4 - Global Startup: NaturalColorLoad.lnk = ?O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cabO16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cabO16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cabO21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dl Quote Share this post Link to post Share on other sites
isfann 0 Report post Posted May 1, 2005 wokeyy.. aku dah buang... Quote Share this post Link to post Share on other sites
TonikCapGajah2013 175 Report post Posted May 1, 2005 (edited) Try guna software nieSpy Emergencyataua2hijackfree Edited May 1, 2005 by OngBok Quote Share this post Link to post Share on other sites
civ3 9 Report post Posted May 2, 2005 (edited) microsoft antispyware kau gunelah benda nie pun boleh gakz...lavasoft Edited May 2, 2005 by civ3 Quote Share this post Link to post Share on other sites
isfann 0 Report post Posted May 2, 2005 semua benda yang korang suggestkan tu = semua aku sedang pakai... dan masih tak deteck.... at last... aku guna webroot spy sweeper... = terus hilang dialer tu.... hantam gak swares ni yek.. Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 2, 2005 problem selesai pki Webroot SpySweeper? hmm...kat folder mana lokasi trojan dialer tu ada? Quote Share this post Link to post Share on other sites