עבור לתוכן

בקשר לתוכנה שמוצאת מרגלים

על-ידי הלווין
ב תוכנה

Featured Replies

פורסם

מי יכול להמליץ לי על תוכנה בחינם שהיא הכי טובה למציאת מרגלים במחשב ?

  • ציטוט
    • פורסם
    • מחבר

    מה לא הבנת ?

  • ציטוט
    • פורסם

    אתה אולי מתכוון לרוגלות?

  • ציטוט
    • פורסם
    • מחבר

    האם מרגלים ורוגלות זה לא אותו הדבר ?

    אם לא אז מה ההבדל ביניהם ?

  • ציטוט
    • פורסם

    תודה רבה אבל בקשר לתוכנה של ה HijackThis

    איך אני משתמש בה ? אחרי שאני לוחץ על SCAN,מה אני צריך לעשות ?

    כלומר איזה ריבועים של מה שחשוד לסמן ?

    אחרי שסרקת עם הHijackThis אתה שומר את הlog ומעלה אותו או פשוט עושה העתק הדבק של הlog אל הtextbox בלינק הבא

    http://hijackthis.de/

    ואז לוחץ Analyze .

  • ציטוט
    • פורסם

    תנסה את combofix או smitfraundfix הם ברמה קצת יותר גבוהה

  • ציטוט
    • פורסם
    • מחבר

    אחרי שסרקת עם הHijackThis אתה שומר את הlog ומעלה אותו או פשוט עושה העתק הדבק של הlog אל הtextbox בלינק הבא

    http://hijackthis.de/

    ואז לוחץ Analyze .

    אני עשיתי את זה ורשום שם רמות של בטיחות,אז מה כן צריך לסמן מזה ?

    http://hijackthis.de/#anl

    HijackThis log file analysis

    HijackThis opens you a possibility to find and fix nasty entries on your computer easier.

    Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.

    A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page.

    Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program.

    Service & Support

    HijackThis.de Supportforum Deutsch | English

    Forospyware.com (Spanish) www.forospyware.com

    Malwarecrypt.com www.malwarecrypt.com

    Computerhilfen www.computerhilfen.com

    Did you know...?

    ..., that you can also use the MD5-Hash function of HijackThis in order to get a better analyzing result?

    Log file

    You can paste a logfile in this textbox

    or you can choose a logfile from your computer

    Show the visitors ratings

    Help us to keep this free service online! Please give us a small donation via PayPal.

    We couldn't detect any active process of a firewall on your system. Possible reasons:

    (1.) You are using the windows firewall or a hardware firewall.

    (2.) You are using a firewall of an unknown vendor.

    (3.) You are using a firewall, but for unknown reasons it is disabled

    (4.) You don't use any firewall at all.

    We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.

    Actions Entry Kind Visitor's assessment Information

    Logfile of Trend Micro HijackThis v2.0.4

    This should be the newest version.

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    This should be the newest version.

    Boot mode: Normal

    Very safe This entry was classified from our visitors as good.

    C:\WINDOWS\System32\smss.exe

    Very safe

    This entry was classified from our visitors as good.

    C:\WINDOWS\system32\winlogon.exe

    Very safe

    This entry was classified from our visitors as good.

    C:\WINDOWS\system32\services.exe

    Safe

    This entry was classified from our visitors as good.

    C:\WINDOWS\system32\lsass.exe

    Very safe

    This entry was classified from our visitors as good.

    C:\WINDOWS\system32\svchost.exe

    Safe

    This entry was classified from our visitors as good.

    C:\WINDOWS\System32\svchost.exe

    Very safe

    This entry was classified from our visitors as good.

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    Very safe

    Part of Lavasoft Ad-Aware

    C:\Program Files\AVG\AVG9\avgchsvx.exe

    Very safe This is a unknown process.

    This entry was classified from our visitors as good.

    C:\Program Files\AVG\AVG9\avgrsx.exe

    Very safe Safe (4.71 / 5.00)

    C:\Program Files\AVG\AVG9\avgcsrvx.exe

    Safe Safe (4.25 / 5.00)

    C:\WINDOWS\system32\spoolsv.exe

    Safe

    This entry was classified from our visitors as good.

    C:\Program Files\Creative\Shared Files\CTAudSvc.exe

    Very safe Safe (4.24 / 5.00)

    C:\WINDOWS\Explorer.EXE

    Very safe

    This entry was classified from our visitors as good.

    C:\Program Files\AVG\AVG9\avgwdsvc.exe

    Very safe Safe (4.45 / 5.00)

    C:\WINDOWS\system32\RUNDLL32.EXE

    Safe

    This entry was classified from our visitors as good.

    C:\PROGRA~1\AVG\AVG9\avgtray.exe

    Very safe Safe (4.68 / 5.00)

    C:\WINDOWS\system32\CTXFIHLP.EXE

    Very safe

    This entry was classified from our visitors as good.

    C:\WINDOWS\system32\ctfmon.exe

    Very safe

    This entry was classified from our visitors as good.

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    Very safe

    Possibly nasty! According to our database this process runs normally in c:\programme\msn messenger\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    Very safe Not dangerous, but unnecessary.

    This entry was classified from our visitors as good.

    C:\Program Files\Creative\Console Launcher\ConsoLCu.exe

    Safe (4.36 / 5.00)

    C:\Documents and Settings\øîé\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

    Safe (3.64 / 5.00)

    C:\Program Files\TechniSat DVB\bin\Server4PC.exe

    Very safe

    TechniSat DVB

    C:\Program Files\TechniSat DVB\bin\Server4PC.exe

    Very safe

    TechniSat DVB

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    Very safe

    This entry was classified from our visitors as good.

    C:\Program Files\AVG\AVG9\avgemc.exe

    Very safe

    Possibly nasty! According to our database this process runs normally in c:\programme\grisoft\.*\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.

    C:\Program Files\AVG\AVG9\avgnsx.exe

    Safe Safe (4.08 / 5.00)

    C:\Program Files\AVG\AVG9\avgcsrvx.exe

    Safe Safe (4.25 / 5.00)

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    Safe Safe (4.36 / 5.00)

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    Very safe Safe (4.47 / 5.00)

    C:\WINDOWS\system32\wuauclt.exe

    Neutral

    Windows Update AutoUpdate Client

    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

    Very safe This is a unknown process.

    This entry was classified from our visitors as good.

    C:\Program Files\Internet Explorer\iexplore.exe

    Safe

    This entry was classified from our visitors as good.

    C:\Program Files\Internet Explorer\iexplore.exe

    Safe

    This entry was classified from our visitors as good.

    C:\Program Files\Internet Explorer\iexplore.exe

    Safe

    This entry was classified from our visitors as good.

    C:\Program Files\Internet Explorer\iexplore.exe

    Safe

    This entry was classified from our visitors as good.

    C:\Program Files\CCleaner\CCleaner.exe

    Very safe

    C-Cleaner

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    Very safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/

    Very safe This page has been identified as safe.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    Safe This entry was classified from our visitors as good.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    Safe This entry was classified from our visitors as good.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    Safe This entry was classified from our visitors as good.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    Safe This entry was classified from our visitors as good.

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

    Safe This entry was classified from our visitors as good.

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    Safe Unknown application. This entry was classified from our visitors as good.

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

    Neutral LinkScannerIE.dll - LinkScanner, http://linkscanner.explabs.com/linkscann er/default.asp

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    SDhelper.dll - Spybot - Search & Destroy, http://spybot.eon.net.au/

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    Safe Unknown application.

    Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.

    O2 - BHO: òåæø äëðéñä ùì Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    WindowsLiveLogin.dll - Microsoft Windows_Live, http://ideas.live.com/

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    Safe This entry was classified from our visitors as good.

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    Safe This entry was classified from our visitors as good.

    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

    Safe Safe (4.61 / 5.00)

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    Safe This entry was classified from our visitors as good.

    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

    Safe This entry was classified from our visitors as good.

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    Safe Safe (4 / 5.00)

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    Very safe This entry was classified from our visitors as good.

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    Very safe Microsoft s MSN Messenger 6

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\øîé\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    Safe (3.74 / 5.00)

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    Very safe This entry was classified from our visitors as good.

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    Neutral Office related

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    Neutral Office related

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    Very safe Office related

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    Safe Office related

    O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe

    Safe

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    Safe (4.63 / 5.00)

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    Safe (4.64 / 5.00)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    Safe This entry was classified from our visitors as good.

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    Safe This entry was classified from our visitors as good.

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Safe This entry was classified from our visitors as good.

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Safe This entry was classified from our visitors as good.

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

    This entry has been identified as safe.

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1277659466670

    This entry has been identified as safe.

    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    Very safe Check if you know this site and fix it if you do not. This entry was classified from our visitors as good.

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    Neutral This entry has been identified as safe.

    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab

    Neutral This entry has been identified as safe.

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    Safe Check if you know this site and fix it if you do not. This entry was classified from our visitors as good.

    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

    This entry has been identified as safe.

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

    Safe (4.31 / 5.00)

    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

    Safe Unnecessary (deactivated) entry that can be fixed.

    O22 - SharedTaskScheduler: ëìé äèòéðä îøàù ùì Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

    Safe (3.88 / 5.00)

    O22 - SharedTaskScheduler: ùøú (Daemon) ùì îèîåï ÷èâåøéåú øëéáéí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

    Safe (3.88 / 5.00)

    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

    Safe This service (avgemc.exe) was identified as a good one.

    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

    Very safe Safe (4.45 / 5.00)

    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

    Safe Safe (3.93 / 5.00)

    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

    Safe Safe (4.24 / 5.00)

    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

    This service (dmadmin.exe) was identified as a good one.

    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

    This service (services.exe) was identified as a good one.

    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

    This service (imapi.exe) was identified as a good one.

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    Very safe This service (AAWService.exe) was identified as a good one.

    O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

    This service (mnmsrvc.exe) was identified as a good one.

    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

    This service (services.exe) was identified as a good one.

    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

    This service (sessmgr.exe) was identified as a good one.

    O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

    This service (smlogsvc.exe) was identified as a good one.

    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    This service (wmiapsrv.exe) was

  • ציטוט

    • ארכיון

    דיון זה הועבר לארכיון ולא ניתן להוסיף בו תגובות חדשות.

    עבור לרשימת הדיונים

    דיונים חדשים