(( كيف تعرف ان جهازك مخترق بالطريقة الصحيحة ))

السلام عليكم
لو سمحت كنت عايز اعرف هل جهازى مخترق ولا لا

ارجو مساعدتى


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:53:38 م, on 26/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\ColorSoft\AntiARP\AntiARP.exe
F:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Ela-Salaty\Salaty.exe
F:\WINDOWS\system32\LClock\LClock.exe
F:\Program Files\Styler\Styler.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
D:\pramg\Portable Yahoo Messenger 8.1.0.244\Portable Yahoo Messenger 8.1.0.244.exe
F:\DOCUME~1\shady\LOCALS~1\Temp\RarSFX18\PortableYahoo.exe
F:\DOCUME~1\shady\LOCALS~1\Temp\RarSFX18\Yahoo!\Messenger\YahooMessenger.exe
F:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\WINDOWS\system32\cmd.exe
F:\WINDOWS\System32\NOTEPAD.EXE
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AntiARPStandalone] F:\Program Files\ColorSoft\AntiARP\AntiARP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\System32\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\WINDOWS\System32\UberIcon\UberIcon Manager.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: LClock.lnk = F:\WINDOWS\system32\LClock\LClock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: nVienna Sidebar.lnk = F:\WINDOWS\system32\Sidebar\Sidebar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Vienna Dock.lnk = F:\WINDOWS\system32\ViennaDock\Dock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LClock.lnk = F:\WINDOWS\system32\LClock\LClock.exe (User 'Default user')
O4 - .DEFAULT Startup: nVienna Sidebar.lnk = F:\WINDOWS\system32\Sidebar\Sidebar.exe (User 'Default user')
O4 - .DEFAULT Startup: Vienna Dock.lnk = F:\WINDOWS\system32\ViennaDock\Dock.exe (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = F:\Program Files\Ela-Salaty\Salaty.exe
O4 - Startup: LClock.lnk = F:\WINDOWS\system32\LClock\LClock.exe
O4 - Startup: nVienna Sidebar.lnk = F:\WINDOWS\system32\Sidebar\Sidebar.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Startup: Vienna Dock.lnk = F:\WINDOWS\system32\ViennaDock\Dock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - F:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8058 bytes

شكراااا اوى

 

بارك الله فيك شكرا لاكتاشافك لهذه المعلومة

 

ما شاء الله
بارك الله فيك أخي​

 

بارك الله فيك
وجعلك ذخرا للمنتدى
​

 

تقرير عن قائمة البرامج المثبتة

2Shared Toolbar
ACDSee Photo Editor 2008
ACDSee Photo Manager 2009
ACDSee Pro 2.5
Acoustica Effects Pack
Acoustica Mixcraft 4.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS5
Adobe Photoshop Pro CS5 E Silent By BrOnZ X32
Adobe Reader 9 - Arabic
Adobe Shockwave Player 11
Advanced System Optimizer
ALTools Update
ALZip
Ashampoo Burning Studio 2009
CCleaner (remove only)
Clean Virus MSN
Combined Community Codec Pack 2008-09-21 16:18
Conduit Engine
COWON Media Center - jetAudio Plus VX
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DustBuster 2.9.5.1
Express English
FairStars Audio Converter 1.55
FlashCapture v2.1.0.1163
FLVPlayer4Free Free FLV Player 2.7.0.0
FolderIcon XP 1.0 - MeaningData.com
FormatFactory 2.30
FRENSH URGENT DICTIONARY
Golden Al-Wafi Translator
GOM Player
HijackThis 2.0.2
Hotspot Shield 0.941
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1100 series
hp psc 1100 series
Inpaint 2.3
Intel PROSet Wireless
Intel(R) Graphics Media *********** Driver
Intel(R)‎‎ PROSet/Wireless WiFi برنامج
Internet Download Manager
Java(TM) 6 Update 20
Java(TM) 6 Update 23
Junk Mail filter update
Junk Mail filter update
Kaspersky Internet Security 2011
Kaspersky Internet Security 2011
Ma-Config.com
Messenger Plus! Live
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office Access MUI (Arabic) 2010
Microsoft Office Excel MUI (Arabic) 2010
Microsoft Office Groove MUI (Arabic) 2010
Microsoft Office InfoPath MUI (Arabic) 2010
Microsoft Office OneNote MUI (Arabic) 2010
Microsoft Office Outlook MUI (Arabic) 2010
Microsoft Office PowerPoint MUI (Arabic) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proofing (Arabic) 2010
Microsoft Office Publisher MUI (Arabic) 2010
Microsoft Office Shared MUI (Arabic) 2010
Microsoft Office Word MUI (Arabic) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSVCRT
MultiTranse 6.3.3
Muslim Bag
Nero 9.0.9.4 Lite
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
PC Connectivity Solution
RealPlayer
RealUpgrade 1.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shop for HP Supplies
Synaptics Pointing Device Driver
The KMPlayer (remove only)
Unlocker 1.9.0
USB Disk Security 5.0.0.60
VLC media player 0.9.8a
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Communications Platform
Windows Live Messenger
WinRAR archiver
Your Uninstaller! 2008 Version 6.0
أداة التحميل Windows Live Upload Tool
بريد Windows Live
صانع الأفلام من Windows Live
محول الصوتيات 5.2
مساعد تسجيل الدخول إلى Windows Live

 

يعطيكم الف عافييييه ع الششرح ..

ابي اطمن ع لابي سويت اول تقرير بس

 

جزاك الله خيرا

 

السلام عليكم ورحمة الله وبركاته

(1) تقرير HijackThis ​

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:10:57 م, on 19/02/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SpeedBit Video ***********\Video***********.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\ChgService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpeedBitVideo***********] C:\Program Files\SpeedBit Video ***********\Video***********.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Bluetooth] C:\DOCUME~1\hnaz\LOCALS~1\Temp\fmfmpd.exe
O4 - HKCU\..\Run: [Internet Download ***********] C:\Program Files\IDA\ida.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\System32\ChgService.exe
O23 - Service: خدمة تحديث Google (gupdate1ca81107cad8592) (gupdate1ca81107cad8592) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 7970 bytes​

(2) تقرير عن قائمة البرامج المثبتة​

====== معلومات نظام التشغيل ======
X86 WIN_XP 2600 Service Pack 2​

====== قائمة البرامج المثبتة ======
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS
Adobe Reader 8.1.0 - Arabic
Anonymail Pro V-10 Free Edition + XXX-Player
Avira AntiVir Personal - Free Antivirus
Blaze MediaConvert
Blaze MediaConvert
Conduit Engine
Dell Resource CD
Elecard MPEG Player
Express English
Express English
GOM Player
Google Chrome
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media *********** Driver
Intel(R) PRO Network Connections Drivers
Junk Mail filter update
K-Lite Codec Pack 3.01 Full
LightScribe 1.4.136.1
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
mpegable Player
MSVCRT
Nero 7 Essentials
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Samsung ML-1640 Series
Segoe UI
SigmaTel Audio
Skype™ 5.0
SpeedBit Video ***********
TELL ME MORE
VLC media player 0.9.9
Webcam and Screen Recorder 4.8.1
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Toolbar
Windows Live Writer
Windows Media Format Runtime
WinZip
Yahoo! Messenger
أداة التحميل Windows Live Upload Tool
أرشيف وينرار
أمان العائلة في Windows Live
بريد Windows Live
تحديث لـ Windows XP (KB932823-v3)‎
محول الصوتيات 5.9
مساعد تسجيل الدخول إلى Windows Live
معرض صور Windows Live​

(3) تقرير runscanner ​

http://www.eupload.org/shared/62905التقارير.rar​

http://www.eupload.org/shared/62905التقارير.rar​

(4) StartUp​

Start-Up Items; List generated by Start-Up Tool. http://Soft.EM-TNT.com​

CTFMON.EXE

Name:CTFMON.EXECommand:C:\WINDOWS\system32\ctfmon.exeReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:CTF LoaderCompany:Microsoft Corporation​

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

Name:BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}Command:"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"Reg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Nero HomeCompany:Nero AG​

msnmsgr

Name:msnmsgrCommand:"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Windows Live MessengerCompany:Microsoft Corporation​

SpeedBitVideo***********

Name:SpeedBitVideo***********Command:C:\Program Files\SpeedBit Video ***********\Video***********.exeReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Speedbit Video *********** Company:Speedbit Ltd.​

Yahoo! Pager

Name:Yahoo! PagerCommand:"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Yahoo! MessengerCompany:Yahoo! Inc.​

Bluetooth

Name:BluetoothCommand:C:\DOCUME~1\hnaz\LOCALS~1\Temp\fmfmpd.exeReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:n/aCompany:n/a​

Internet Download ***********

Name:Internet Download ***********Command:C:\Program Files\IDA\ida.exe -autorunReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:n/aCompany:n/a​

IMJPMIG8.1

Name:IMJPMIG8.1Command:"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32Reg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Microsoft IMECompany:Microsoft Corporation​

PHIME2002ASync

NameHIME2002ASyncCommand:C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:???????? 2002aCompany:Microsoft Corporation​

PHIME2002A

NameHIME2002ACommand:C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:???????? 2002aCompany:Microsoft Corporation​

igfxtray

Name:igfxtrayCommand:C:\WINDOWS\system32\igfxtray.exeReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:igfxTray ModuleCompany:Intel Corporation​

igfxhkcmd

Name:igfxhkcmdCommand:C:\WINDOWS\system32\hkcmd.exeReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:hkcmd ModuleCompany:Intel Corporation​

igfxpers

Name:igfxpersCommand:C:\WINDOWS\system32\igfxpers.exeReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescriptionersistence ModuleCompany:Intel Corporation​

SigmatelSysTrayApp

Name:SigmatelSysTrayAppCommand:stsystra.exeReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Sigmatel Audio system tray applicationCompany:SigmaTel, Inc.​

NeroFilterCheck

Name:NeroFilterCheckCommand:C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:NeroCheckCompany:Nero AG​

RemoteControl

Name:RemoteControlCommand:"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"Reg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescriptionowerDVD RC ServiceCompany:Cyberlink Corp.​

Adobe Reader Speed Launcher

Name:Adobe Reader Speed LauncherCommand:"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"Reg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Adobe Acrobat SpeedLauncherCompany:Adobe Systems Incorporated​

avgnt

Name:avgntCommand:"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Antivirus System Tray ToolCompany:Avira GmbH​

BluetoothAuthenticationAgent

Name:BluetoothAuthenticationAgentCommand:rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:n/aCompany:n/a​

Samsung PanelMgr

Name:Samsung PanelMgrCommand:C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorunReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Company:​

TkBellExe

Name:TkBellExeCommand:"C:\program files\real\realplayer\update\realsched.exe" -osbootReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:RealNetworks SchedulerCompany:RealNetworks, Inc.​

Adobe Gamma Loader.lnk

Name:Adobe Gamma Loader.lnkCommand:C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXELinkPath:C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnkStatus:enabledDescription:Adobe Gamma LoaderCompany:Adobe Systems, Inc.​

(5) (( الطريقة الصحيحه للتأكد هل جهازك مخترق أو لا ))​

هذي لم تطلع طبق الأصل​

هذي الصورة التي طلعت للي بالبداية ووقفت​

رفع صور​

وش صار يالطيب ؟؟​

..​

 

بارك الله فيك ...........

 

الله يعطيك العافيه خيو بس بدي جرب طريقتك وأشوف وأطبق الأشياء الي قلتلي عليها بس كيف

أسويها معليش تحملني لأني مابعرف كتير بالكمبيوتر

 

العفو أخواني الأعزاء

بخصوص التقارير مثل الهايجاك وغيره يتم طرحها بالقسم المخصص لها وهو :
ركن مشاكـل وحلول الحـاسب

وكل أدوات وطرق فحص الجهاز موجودة في ركن مشاكـل وحلول الحـاسب في الموضوع المثبت على الرابط التالي :
[للمبتدىء والخبير] اداة الصيانة المعتمدة لقسم مشاكل وحلول الحاسب

تقبلوا ودي وشكري وتقديري لكم جميعا
​

 

الله يجزيك الخير

 

الله يعطيك العافية

 

بارك الله فيك

 

بارك الله فيك رغم اني غير محترف الا اني شككة في تلك الطريقة كونها بسيطة .

 

الله يــع'ـطيـكـ ألـــف عــآآفـيــه
5/5

 

شكراً لك على معلوماتك القيمة

 

اخواني هاذا التقرير ياليت احد يشووووووفه وطمني بسرعه برسالة خااااصه تكفووووووون

وهاذا رابط التحميل

http://www.mediafire.com/?3kdtaolecendg55

 

انا عندي مشكله وخايفه ان جهازي مخترق
وكان بودي انزل موضوع علشان احد يساعدني لكن ما اعرف متى اقدر انزل موضوع
لان مشاركاتي غير كافيه
فإذا مافيه مانع انزل استفساري هنا
لاني محتاااااااااااااجه اجااااااااابه شافيه