الحالة
مغلق و غير مفتوح للمزيد من الردود.

الحيران

زيزوومي جديد
إنضم
30 يناير 2008
المشاركات
33
مستوى التفاعل
0
النقاط
40
غير متصل
السلام عليكم

اخوي عندي مشكله وهو ظهور رقم اينبي غريب والجهاز بطي واظن ان الجهاز رايح فيها


واتمني مساعتكم ؟
 

وعليكم السلام
مرحبا بك بمنتديات زيزوم للأمن والحماية
حمل هذا البرنامج
http://www.zyzoom.net/soft/security/...HijackThis.exe
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:43:02 ص, on 19/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\SRNMIC~1\SOLOCFG.EXE
C:\SRNMIC~1\SOLOSENT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\X-NetStat\xns5.exe
C:\Program Files\X-NetStat\xns5.exe
C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\.IE5\SH971D0E\Zyzoom_HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.149.114.14:8080
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\LIVE SCR.exe
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\RunOnce: [AceUtils] "C:\Program Files\Ace Utilities\au.exe" /ebh
O4 - HKLM\..\RunOnce: [ Privacy Eraser Pro] C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ Privacy Eraser Pro] C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--
End of file - 4318 bytes
 
26/01/1429 04:39:38 م Engine version =5200.2160
26/01/1429 04:39:38 م AntiVirus DAT version =5195.0000
26/01/1429 04:39:38 م Number of detection signatures in EXTRA.DAT =None
26/01/1429 04:39:38 م Names of detection signatures in EXTRA.DAT =None
26/01/1429 04:39:28 م Scan Started XXX-02C3F535C48\xxx On-Demand Scan
26/01/1429 04:40:45 م Deleted xxx c:\documents and settings\xxx\s\xxx@atwola[1].txt\00000000.ie -Atwola(Potentially Unwanted Program)
26/01/1429 04:46:12 م Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask\AD-AWARE SE DEFAULT.SKN
26/01/1429 04:46:14 م Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask\ARROW1.BMP
26/01/1429 04:46:14 م Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask\ARROW1.BMP
26/01/1429 04:46:14 م Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask\ARROW1.BMP
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Scan Summary
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Processes scanned : 28
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Processes detected : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Processes cleaned : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Boot sectors scanned : 3
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Boot sectors detected: 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Boot sectors cleaned : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Files scanned : 12032
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Files with detections: 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx File detections : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Files cleaned : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Files deleted : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Files not scanned : 18
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Scan Summary (Registry Scanning)
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Keys scanned : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Keys detected : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Keys cleaned : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Keys deleted : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Scan Summary ( Scanning)
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx s scanned : 330
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx s detected : 1
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx s cleaned : 0
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx s deleted : 1
26/01/1429 04:51:53 م Scan Summary XXX-02C3F535C48\xxx Run time : 0:12:25
26/01/1429 04:51:53 م Scan Terminated XXX-02C3F535C48\xxx On-Demand Scan
16/07/1429 03:09:29 ص Engine version =5200.2160
16/07/1429 03:09:29 ص AntiVirus DAT version =5195.0000
16/07/1429 03:09:29 ص Number of detection signatures in EXTRA.DAT =None
16/07/1429 03:09:29 ص Names of detection signatures in EXTRA.DAT =None
16/07/1429 03:09:18 ص Scan Started XXX-02C3F535C48\xxx On-Demand Scan
16/07/1429 03:10:16 ص Deleted xxx c:\documents and settings\xxx\s\xxx@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
16/07/1429 03:14:22 ص Not scanned (The file is encrypted) xxx c:\Documents and Settings\xxx\سطح المكتب\Zyzoom_eScan_9.0.742.1.exe\BASE133.AVC
16/07/1429 03:15:21 ص Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask\AD-AWARE SE DEFAULT.SKN
16/07/1429 03:15:21 ص Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask\ARROW1.BMP
16/07/1429 03:15:21 ص Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask\ARROW1.BMP
16/07/1429 03:15:21 ص Not scanned (The file is encrypted) xxx c:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask\ARROW1.BMP
16/07/1429 03:19:05 ص Not scanned (The file is encrypted) xxx c:\System Volume Information\_restore{788938D6-8C09-4782-9C12-023506E8DA1F}\RP32\A0028261.exe\CLICK1.OGG
16/07/1429 03:29:42 ص Not scanned (The file is encrypted) xxx d:\AIO Photoshop.exe\2EA00520\_DETECT.DAT
16/07/1429 03:29:56 ص Not scanned (The file is encrypted) xxx d:\System Volume Information\_restore{788938D6-8C09-4782-9C12-023506E8DA1F}\RP32\A0029277.exe\CLICK1.OGG
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Scan Summary
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Processes scanned : 30
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Processes detected : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Processes cleaned : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Boot sectors scanned : 3
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Boot sectors detected: 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Boot sectors cleaned : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Files scanned : 29647
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Files with detections: 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx File detections : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Files cleaned : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Files deleted : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Files not scanned : 32
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Scan Summary (Registry Scanning)
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Keys scanned : 25441
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Keys detected : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Keys cleaned : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Keys deleted : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Scan Summary ( Scanning)
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx s scanned : 21
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx s detected : 1
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx s cleaned : 0
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx s deleted : 1
16/07/1429 03:33:09 ص Scan Summary XXX-02C3F535C48\xxx Run time : 0:23:51
16/07/1429 03:33:09 ص Scan Complete XXX-02C3F535C48\xxx On-Demand Scan
 
السلام عليكم

اخوي عندي مشكله وهو ظهور رقم اينبي غريب والجهاز بطي واظن ان الجهاز رايح فيها


واتمني مساعتكم ؟

حياك الله يا الحيران


اخي الكريم لا يوجد بجهازك برنامج حماية
لان برنامج AVG Anti-Spyware لا يكفي لحماية جهازك

حدد القيمة التالية واحذفها

O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does.exe

ثم قم بتحميل برنامج كاسبر الخاص بالاكس بي من الرابط التالي ثم حدث البرنامج واعمل فحص شامل لجهازك

http://www.zyzoom.org/vb/t4301.html

ثم ارفع تقرير جديد

http://www.zyzoom.net/soft/security/...HijackThis.exe

بالتوفيق
 
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى