| [Question] System SnapShot |
08/08/2007 17:48:45 (+0700) | #1 | 77778 |
LeVuHoang
HVA Friend
|
Joined: 08/03/2003 16:54:07
Messages: 1155
Offline
|
|
Hoàng vừa làm một công cụ tương tự như HijackThis để dễ dàng hơn trong việc chuẩn đoán bệnh của PC. Mong mọi người dùng thử và cho ý kiến.
Download:
http://fasthelper.fire-lion.com/download/SystemSnapShot.zip
Một log mẫu:
Code:
; [FireLion] System SnapShot 1.0
; Scan time at 8/8/2007 4:48:06 AM
[System Information]
Microsoft Windows: Vista Professional Build 6000 (6.0.6000)
Product Name: Windows Vista (TM) Ultimate 6000.vista_rtm.061101-2205
Computer Name: LEVUHOANG
Language: English (United States)
User Name: LeVuHoang
Boot Mode: Normal Mode
UpTime: 0 Days 6 Hours 32 Minutes 35 Seconds
CPU: GenuineIntel 2x2671.40 MHz
RAM Total: 2048 MB
RAM Free: 1993 MB
Windows Folder: C:\Windows\
System32 Folder: C:\Windows\system32\
LocalIP: 192.168.164.1
DNS: 210.245.31.130, 210.245.31.10
Microsoft Internet Explorer: 7.0.6000.16473
[MD5 = Running Processes]
e87b968f3d49117445893eb0503fe34f = C:\Windows\system32\Dwm.exe
fd8c53fb002217f6f888bcf6f5d7084d = C:\Windows\Explorer.EXE
d96cda05732f68c5fdb3c547c939c98a = C:\Windows\WindowsMobile\wmdc.exe
2200c98c049de1a7638ea0edba1c8882 = D:\Program Files\Grisoft\AVG7\avgcc.exe
15b7664c3dfd193bd8d9ce822d066e23 = D:\Program Files\VMware\VMware Workstation\hqtray.exe
90d8800e1a586264d6cea517bbf811a9 = D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
c05fbac11f29b4eee0a4ef62fdd99933 = C:\Program Files\FireLion Softwares\FastHelper\FastHelper.exe
43632977504b323f8a41bf7a9965c453 = C:\Program Files\Windows Sidebar\sidebar.exe
8a2017375d2d3367b758610474546c04 = D:\Program Files\Skype\Phone\Skype.exe
92e7a264d21d5c8ef2639d26f6689733 = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
e2878cc39db71606f2f77186a0fd16de = D:\Program Files\UniKey\UniKeyNT.exe
c4281ad865739e71fd1e4dac19a68d60 = C:\Program Files\MSN Messenger\msnmsgr.exe
1226e9fae5b8508801ec974e3c9d9c14 = C:\Windows\system32\taskeng.exe
bcd9cbf0621f9a6767276a2e0bf1dd15 = C:\Users\LeVuHoang\AppData\Roaming\Google\Google Talk\googletalk.exe
43632977504b323f8a41bf7a9965c453 = C:\Program Files\Windows Sidebar\sidebar.exe
201503baef280ee6bad62afebe7b442f = D:\Program Files\VMware\VMware Workstation\vmware.exe
e169eef3c383d7a86f11b60220822a34 = D:\Program Files\Mozilla Firefox\firefox.exe
916fbc677fb4274d5a5049a40c492eea = D:\Program Files\FileZilla\FileZilla.exe
01b4c50fb23888e91d098f2259922477 = E:\Program Files\Borland\Projects\FireLion\FastHelper\Bin\SystemSnapShot.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Mobile-based device management = %windir%\WindowsMobile\wmdc.exe
AVG7_CC = d:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
vmware-tray = "D:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
VMware hqtray = "D:\Program Files\VMware\VMware Workstation\hqtray.exe"
Adobe Reader Speed Launcher = "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
FastHelper = "C:\Program Files\FireLion Softwares\FastHelper\FastHelper.exe" /startup
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Skype = "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Yahoo! Pager = "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
UniKey = D:\Program Files\UniKey\UniKeyNT.exe
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
googletalk = C:\Users\LeVuHoang\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
[Services]
ACPI = system32\drivers\acpi.sys
AcrSch2Svc = "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
Adobe LM Service = "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
adp94xx = \SystemRoot\system32\drivers\adp94xx.sys
adpahci = \SystemRoot\system32\drivers\adpahci.sys
adpu160m = \SystemRoot\system32\drivers\adpu160m.sys
adpu320 = \SystemRoot\system32\drivers\adpu320.sys
AeLookupSvc = %systemroot%\system32\svchost.exe -k netsvcs
AFD = \SystemRoot\system32\drivers\afd.sys
agp440 = \SystemRoot\system32\drivers\agp440.sys
aic78xx = \SystemRoot\system32\drivers\djsvs.sys
AJXNZSETOQ = C:\Users\LEVUHO~1\AppData\Local\Temp\AJXNZSETOQ.exe
ALG = %SystemRoot%\System32\alg.exe
aliide = \SystemRoot\system32\drivers\aliide.sys
amdagp = \SystemRoot\system32\drivers\amdagp.sys
amdide = \SystemRoot\system32\drivers\amdide.sys
AmdK7 = \SystemRoot\system32\drivers\amdk7.sys
AmdK8 = \SystemRoot\system32\drivers\amdk8.sys
Apache2.2 = "D:\AppServ\Apache2.2\bin\httpd.exe" -k runservice
Appinfo = %SystemRoot%\system32\svchost.exe -k netsvcs
Apple Mobile Device = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
AppMgmt = %SystemRoot%\system32\svchost.exe -k netsvcs
arc = \SystemRoot\system32\drivers\arc.sys
arcsas = \SystemRoot\system32\drivers\arcsas.sys
AsIO = system32\drivers\AsIO.sys
AsyncMac = system32\DRIVERS\asyncmac.sys
atapi = system32\drivers\atapi.sys
AudioEndpointBuilder = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Audiosrv = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Avg7Alrt = d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc = d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AvgClean = \SystemRoot\System32\Drivers\avgclean.sys
AvgCoreSvc = d:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
AVGEMS = d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
AvgMfx86 = \SystemRoot\System32\Drivers\avgmfx86.sys
AvgTdi = \SystemRoot\System32\Drivers\avgtdi.sys
BFE = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
BITS = %SystemRoot%\System32\svchost.exe -k netsvcs
blbdrive = \SystemRoot\system32\drivers\blbdrive.sys
Bonjour Service = "C:\Program Files\Bonjour\mDNSResponder.exe"
bowser = system32\DRIVERS\bowser.sys
BrFiltLo = \SystemRoot\system32\drivers\brfiltlo.sys
BrFiltUp = \SystemRoot\system32\drivers\brfiltup.sys
Browser = %SystemRoot%\System32\svchost.exe -k netsvcs
Brserid = system32\DRIVERS\BrSerId.sys
BrSerWdm = \SystemRoot\system32\drivers\brserwdm.sys
BrUsbMdm = \SystemRoot\system32\drivers\brusbmdm.sys
BrUsbSer = system32\DRIVERS\BrUsbSer.sys
BTHMODEM = \SystemRoot\system32\drivers\bthmodem.sys
BthServ = %SystemRoot%\system32\svchost.exe -k bthsvcs
CamthWDM = system32\DRIVERS\CamthWDM.sys
cdfs = system32\DRIVERS\cdfs.sys
cdrom = system32\DRIVERS\cdrom.sys
CertPropSvc = %SystemRoot%\system32\svchost.exe -k netsvcs
circlass = \SystemRoot\system32\drivers\circlass.sys
CLFS = System32\CLFS.sys
clr_optimization_v2.0.50727_32 = %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
cmdide = \SystemRoot\system32\drivers\cmdide.sys
Compbatt = \SystemRoot\system32\drivers\compbatt.sys
COMSysApp = %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
crcdisk = system32\drivers\crcdisk.sys
Crusoe = \SystemRoot\system32\drivers\crusoe.sys
CryptSvc = %SystemRoot%\system32\svchost.exe -k NetworkService
CSC = system32\drivers\csc.sys
CscService = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
DBSERVER = "C:\Program Files\Control Microsystems\ClearSCADA\DBServer.exe"
DcomLaunch = %SystemRoot%\system32\svchost.exe -k DcomLaunch
DfsC = System32\Drivers\dfsc.sys
DFSR = %SystemRoot%\system32\DFSR.exe
Dhcp = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
disk = system32\drivers\disk.sys
Dnscache = %SystemRoot%\system32\svchost.exe -k NetworkService
dot3svc = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
DPS = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
drmkaud = system32\drivers\drmkaud.sys
DXGKrnl = \SystemRoot\System32\drivers\dxgkrnl.sys
E1G60 = system32\DRIVERS\E1G60I32.sys
EapHost = %SystemRoot%\System32\svchost.exe -k netsvcs
Ecache = System32\drivers\ecache.sys
ehRecvr = %systemroot%\ehome\ehRecvr.exe
ehSched = %systemroot%\ehome\ehsched.exe
ehstart = %windir%\system32\svchost.exe -k LocalServiceNoNetwork
elxstor = \SystemRoot\system32\drivers\elxstor.sys
EMDMgmt = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Eventlog = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
EventSystem = %SystemRoot%\system32\svchost.exe -k LocalService
FastHelper = C:\Program Files\FireLion Softwares\FastHelper\ResidentShield.exe
Fax = %systemroot%\system32\fxssvc.exe
fdc = system32\DRIVERS\fdc.sys
fdPHost = %SystemRoot%\system32\svchost.exe -k LocalService
FDResPub = %SystemRoot%\system32\svchost.exe -k LocalService
FileInfo = system32\drivers\fileinfo.sys
Filetrace = system32\drivers\filetrace.sys
FileZilla Server = d:\Program Files\FileZilla Server\FileZilla Server.exe
flpydisk = system32\DRIVERS\flpydisk.sys
FltMgr = system32\drivers\fltmgr.sys
FontCache3.0.0.0 = %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
fvevol = System32\DRIVERS\fvevol.sys
gagp30kx = \SystemRoot\system32\drivers\gagp30kx.sys
gpsvc = %systemroot%\system32\svchost.exe -k netsvcs
hcmon = \??\C:\Windows\system32\Drivers\hcmon.sys
HdAudAddService = system32\drivers\HdAudio.sys
HDAudBus = system32\DRIVERS\HDAudBus.sys
HidBth = \SystemRoot\system32\drivers\hidbth.sys
HidIr = \SystemRoot\system32\drivers\hidir.sys
hidserv = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
HidUsb = system32\DRIVERS\hidusb.sys
hkmsvc = %SystemRoot%\System32\svchost.exe -k netsvcs
HpCISSs = \SystemRoot\system32\drivers\hpcisss.sys
HTTP = system32\drivers\HTTP.sys
i2omp = \SystemRoot\system32\drivers\i2omp.sys
i8042prt = system32\DRIVERS\i8042prt.sys
iaStorV = \SystemRoot\system32\drivers\iastorv.sys
idsvc = "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
iirsp = \SystemRoot\system32\drivers\iirsp.sys
IKEEXT = %systemroot%\system32\svchost.exe -k netsvcs
IntcAzAudAddService = system32\drivers\RTKVHDA.sys
intelide = system32\drivers\intelide.sys
intelppm = system32\DRIVERS\intelppm.sys
IPBusEnum = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
IpFilterDriver = system32\DRIVERS\ipfltdrv.sys
iphlpsvc = %SystemRoot%\System32\svchost.exe -k NetSvcs
IPMIDRV = \SystemRoot\system32\drivers\ipmidrv.sys
IPNAT = system32\DRIVERS\ipnat.sys
IRENUM = system32\drivers\irenum.sys
isapnp = \SystemRoot\system32\drivers\isapnp.sys
iScsiPrt = system32\DRIVERS\msiscsi.sys
iteatapi = \SystemRoot\system32\drivers\iteatapi.sys
iteraid = \SystemRoot\system32\drivers\iteraid.sys
kbdclass = system32\DRIVERS\kbdclass.sys
kbdhid = \SystemRoot\system32\drivers\kbdhid.sys
KeyIso = %SystemRoot%\system32\lsass.exe
KSecDD = System32\Drivers\ksecdd.sys
KtmRm = %SystemRoot%\System32\svchost.exe -k NetworkService
LanmanServer = %SystemRoot%\system32\svchost.exe -k netsvcs
LanmanWorkstation = %SystemRoot%\System32\svchost.exe -k LocalService
LICENCESERVER = "C:\Program Files\Control Microsystems\ClearSCADA\LicenceServer.exe"
lltdio = system32\DRIVERS\lltdio.sys
lltdsvc = %SystemRoot%\System32\svchost.exe -k LocalService
lmhosts = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
lmimirr = system32\DRIVERS\lmimirr.sys
LMIRfsDriver = \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
LSI_FC = \SystemRoot\system32\drivers\lsi_fc.sys
LSI_SAS = \SystemRoot\system32\drivers\lsi_sas.sys
LSI_SCSI = \SystemRoot\system32\drivers\lsi_scsi.sys
luafv = \SystemRoot\system32\drivers\luafv.sys
mchInjDrv = \??\C:\Windows\system32\Drivers\mchInjDrv.sys
Mcx2Svc = %SystemRoot%\system32\svchost.exe -k LocalService
megasas = \SystemRoot\system32\drivers\megasas.sys
MMCSS = %SystemRoot%\system32\svchost.exe -k netsvcs
Modem = system32\drivers\modem.sys
monitor = system32\DRIVERS\monitor.sys
mouclass = system32\DRIVERS\mouclass.sys
mouhid = \SystemRoot\system32\drivers\mouhid.sys
MountMgr = System32\drivers\mountmgr.sys
mpio = \SystemRoot\system32\drivers\mpio.sys
mpsdrv = System32\drivers\mpsdrv.sys
MpsSvc = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Mraid35x = \SystemRoot\system32\drivers\mraid35x.sys
MRxDAV = \SystemRoot\system32\drivers\mrxdav.sys
mrxsmb = system32\DRIVERS\mrxsmb.sys
mrxsmb10 = system32\DRIVERS\mrxsmb10.sys
mrxsmb20 = system32\DRIVERS\mrxsmb20.sys
msahci = \SystemRoot\system32\drivers\msahci.sys
msdsm = \SystemRoot\system32\drivers\msdsm.sys
MSDTC = %SystemRoot%\System32\msdtc.exe
msisadrv = system32\drivers\msisadrv.sys
MSiSCSI = %systemroot%\system32\svchost.exe -k netsvcs
msiserver = %systemroot%\system32\msiexec /V
MSKSSRV = system32\drivers\MSKSSRV.sys
MSPCLOCK = system32\drivers\MSPCLOCK.sys
MSPQM = system32\drivers\MSPQM.sys
mssmbios = system32\DRIVERS\mssmbios.sys
MSTEE = system32\drivers\MSTEE.sys
MTsensor = system32\DRIVERS\ASACPI.sys
Mup = System32\Drivers\mup.sys
mysql = d:\AppServ\MySQL\bin\mysqld-nt --defaults-file=d:\AppServ\MySQL\my.ini mysql
napagent = %SystemRoot%\System32\svchost.exe -k NetworkService
NativeWifiP = system32\DRIVERS\nwifi.sys
NDIS = system32\drivers\ndis.sys
NdisTapi = system32\DRIVERS\ndistapi.sys
Ndisuio = system32\DRIVERS\ndisuio.sys
NdisWan = system32\DRIVERS\ndiswan.sys
NetBIOS = system32\DRIVERS\netbios.sys
netbt = System32\DRIVERS\netbt.sys
Netlogon = %systemroot%\system32\lsass.exe
Netman = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
netprofm = %SystemRoot%\System32\svchost.exe -k LocalService
NetTcpPortSharing = "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
nfrd960 = \SystemRoot\system32\drivers\nfrd960.sys
NlaSvc = %SystemRoot%\System32\svchost.exe -k NetworkService
NPF = system32\drivers\npf.sys
nsi = %systemroot%\system32\svchost.exe -k LocalService
nsiproxy = system32\drivers\nsiproxy.sys
ntrigdigi = \SystemRoot\system32\drivers\ntrigdigi.sys
nvlddmkm = system32\DRIVERS\nvlddmkm.sys
nvraid = \SystemRoot\system32\drivers\nvraid.sys
nvstor = \SystemRoot\system32\drivers\nvstor.sys
nv_agp = \SystemRoot\system32\drivers\nv_agp.sys
odserv = "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
OemBiosDevice = System32\drivers\royal.sys
ohci1394 = system32\DRIVERS\ohci1394.sys
OpcEnum = C:\Windows\system32\OpcEnum.exe
ose = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
p2pimsvc = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
p2psvc = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Parport = \SystemRoot\system32\drivers\parport.sys
partmgr = System32\drivers\partmgr.sys
Parvdm = \SystemRoot\system32\drivers\parvdm.sys
PcaSvc = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
pci = system32\drivers\pci.sys
pciide = system32\drivers\pciide.sys
pcmcia = \SystemRoot\system32\drivers\pcmcia.sys
PEAUTH = system32\drivers\peauth.sys
pla = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
PlugPlay = %SystemRoot%\system32\svchost.exe -k DcomLaunch
PNRPAutoReg = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
PNRPsvc = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
PolicyAgent = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
PptpMiniport = system32\DRIVERS\raspptp.sys
Processor = \SystemRoot\system32\drivers\processr.sys
ProfSvc = %systemroot%\system32\svchost.exe -k netsvcs
ProtectedStorage = %SystemRoot%\system32\lsass.exe
PSched = system32\DRIVERS\pacer.sys
ql2300 = \SystemRoot\system32\drivers\ql2300.sys
ql40xx = \SystemRoot\system32\drivers\ql40xx.sys
QWAVE = %windir%\system32\svchost.exe -k LocalService
QWAVEdrv = \SystemRoot\system32\drivers\qwavedrv.sys
Ramdisk = system32\DRIVERS\ramdisk.sys
RapiMgr = %SystemRoot%\system32\svchost.exe -k WindowsMobile
RasAcd = System32\DRIVERS\rasacd.sys
RasAuto = %SystemRoot%\system32\svchost.exe -k netsvcs
Rasl2tp = system32\DRIVERS\rasl2tp.sys
RasMan = %SystemRoot%\system32\svchost.exe -k netsvcs
RasPppoe = system32\DRIVERS\raspppoe.sys
rdbss = system32\DRIVERS\rdbss.sys
RDPCDD = System32\DRIVERS\RDPCDD.sys
rdpdr = system32\DRIVERS\rdpdr.sys
RDPENCDD = system32\drivers\rdpencdd.sys
RemoteAccess = %SystemRoot%\system32\svchost.exe -k netsvcs
RemoteRegistry = %SystemRoot%\system32\svchost.exe -k regsvc
rpcapd = "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
RpcLocator = %SystemRoot%\system32\locator.exe
RpcSs = %SystemRoot%\system32\svchost.exe -k rpcss
RRamdisk = system32\DRIVERS\rramdisk.sys
rspndr = system32\DRIVERS\rspndr.sys
RTL8187 = system32\DRIVERS\RTL8187.sys
RtlProt = system32\DRIVERS\rtlprot.sys
SamSs = %SystemRoot%\system32\lsass.exe
SANDRA = \??\d:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Sandra.sys
SandraDataSrv = d:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
SandraTheSrv = d:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
sbp2port = \SystemRoot\system32\drivers\sbp2port.sys
SCardSvr = %SystemRoot%\system32\svchost.exe -k LocalService
Schedule = %systemroot%\system32\svchost.exe -k netsvcs
SCPolicySvc = %SystemRoot%\system32\svchost.exe -k netsvcs
SDRSVC = %SystemRoot%\system32\svchost.exe -k SDRSVC
seclogon = %windir%\system32\svchost.exe -k netsvcs
SENS = %SystemRoot%\system32\svchost.exe -k netsvcs
Sentinel = \SystemRoot\System32\Drivers\SENTINEL.SYS
SentinelProtectionServer = "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
Serenum = system32\DRIVERS\serenum.sys
Serial = system32\DRIVERS\serial.sys
sermouse = \SystemRoot\system32\drivers\sermouse.sys
SessionEnv = %SystemRoot%\System32\svchost.exe -k netsvcs
sffdisk = \SystemRoot\system32\drivers\sffdisk.sys
sffp_mmc = \SystemRoot\system32\drivers\sffp_mmc.sys
sffp_sd = \SystemRoot\system32\drivers\sffp_sd.sys
sfloppy = \SystemRoot\system32\drivers\sfloppy.sys
SharedAccess = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection = %SystemRoot%\System32\svchost.exe -k netsvcs
sisagp = \SystemRoot\system32\drivers\sisagp.sys
SiSRaid2 = \SystemRoot\system32\drivers\sisraid2.sys
SiSRaid4 = \SystemRoot\system32\drivers\sisraid4.sys
slsvc = %SystemRoot%\system32\SLsvc.exe
SLUINotify = %SystemRoot%\system32\svchost.exe -k LocalService
Smb = system32\DRIVERS\smb.sys
snapman = system32\DRIVERS\snapman.sys
SNMPTRAP = %SystemRoot%\System32\snmptrap.exe
Spooler = %SystemRoot%\System32\spoolsv.exe
sptd = System32\Drivers\sptd.sys
srv = System32\DRIVERS\srv.sys
srv2 = System32\DRIVERS\srv2.sys
srvnet = System32\DRIVERS\srvnet.sys
SSDPSRV = %SystemRoot%\system32\svchost.exe -k LocalService
stisvc = %SystemRoot%\system32\svchost.exe -k imgsvc
swenum = system32\DRIVERS\swenum.sys
swprv = %SystemRoot%\System32\svchost.exe -k swprv
Symc8xx = \SystemRoot\system32\drivers\symc8xx.sys
Sym_hi = \SystemRoot\system32\drivers\sym_hi.sys
Sym_u3 = \SystemRoot\system32\drivers\sym_u3.sys
SysMain = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
TabletInputService = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
TapiSrv = %SystemRoot%\System32\svchost.exe -k NetworkService
TBS = %SystemRoot%\System32\svchost.exe -k LocalService
Tcpip = System32\drivers\tcpip.sys
Tcpip6 = system32\DRIVERS\tcpip.sys
tcpipreg = System32\drivers\tcpipreg.sys
TDPIPE = system32\drivers\tdpipe.sys
TDTCP = system32\drivers\tdtcp.sys
tdx = system32\DRIVERS\tdx.sys
TermDD = system32\DRIVERS\termdd.sys
TermService = %SystemRoot%\System32\svchost.exe -k NetworkService
Themes = %SystemRoot%\System32\svchost.exe -k netsvcs
THREADORDER = %SystemRoot%\system32\svchost.exe -k LocalService
tifsfilter = system32\DRIVERS\tifsfilt.sys
timounter = system32\DRIVERS\timntr.sys
TrkWks = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
truecrypt = System32\drivers\truecrypt.sys
TrustedInstaller = %SystemRoot%\servicing\TrustedInstaller.exe
tssecsrv = System32\DRIVERS\tssecsrv.sys
tunmp = system32\DRIVERS\tunmp.sys
tunnel = system32\DRIVERS\tunnel.sys
uagp35 = \SystemRoot\system32\drivers\uagp35.sys
udfs = system32\DRIVERS\udfs.sys
ufad-ws60 = "D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "D:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml
UI0Detect = %SystemRoot%\system32\UI0Detect.exe
uliagpkx = \SystemRoot\system32\drivers\uliagpkx.sys
uliahci = \SystemRoot\system32\drivers\uliahci.sys
UlSata = \SystemRoot\system32\drivers\ulsata.sys
ulsata2 = \SystemRoot\system32\drivers\ulsata2.sys
umbus = system32\DRIVERS\umbus.sys
UmRdpService = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
UnlockerDriver5 = \??\d:\Program Files\Unlocker\UnlockerDriver5.sys
upnphost = %SystemRoot%\system32\svchost.exe -k LocalService
usbccgp = system32\DRIVERS\usbccgp.sys
usbcir = \SystemRoot\system32\drivers\usbcir.sys
usbehci = system32\DRIVERS\usbehci.sys
usbhub = system32\DRIVERS\usbhub.sys
usbohci = \SystemRoot\system32\drivers\usbohci.sys
usbprint = system32\DRIVERS\usbprint.sys
usbscan = system32\DRIVERS\usbscan.sys
USBSTOR = system32\DRIVERS\USBSTOR.SYS
usbuhci = system32\DRIVERS\usbuhci.sys
usnjsvc = "C:\Program Files\MSN Messenger\usnsvc.exe"
Uvnc_service = "d:\Program Files\UltraVNC\uvnc_service.exe" -service
UxSms = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
vds = %SystemRoot%\System32\vds.exe
vga = system32\DRIVERS\vgapnp.sys
VgaSave = \SystemRoot\System32\drivers\vga.sys
viaagp = \SystemRoot\system32\drivers\viaagp.sys
ViaC7 = \SystemRoot\system32\drivers\viac7.sys
viaide = \SystemRoot\system32\drivers\viaide.sys
VMAuthdService = D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
vmkbd = \??\C:\Windows\system32\drivers\VMkbd.sys
vmm = \??\C:\Windows\system32\Drivers\vmm.sys
VMnetAdapter = system32\DRIVERS\vmnetadapter.sys
VMnetBridge = system32\DRIVERS\vmnetbridge.sys
VMnetDHCP = C:\Windows\system32\vmnetdhcp.exe
VMnetuserif = \??\C:\Windows\system32\drivers\vmnetuserif.sys
vmount2 = "C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"
vmserverdWin32 = D:\Program Files\VMware\VMware Server\vmserverdWin32.exe
vmusb = System32\Drivers\vmusb.sys
VMware NAT Service = C:\Windows\system32\vmnat.exe
vmx86 = \??\C:\Windows\system32\Drivers\vmx86.sys
vnccom = System32\Drivers\vnccom.SYS
vncdrv = system32\DRIVERS\vncdrv.sys
volmgr = system32\drivers\volmgr.sys
volmgrx = System32\drivers\volmgrx.sys
volsnap = system32\drivers\volsnap.sys
VPCNetS2 = system32\DRIVERS\VMNetSrv.sys
vsmraid = \SystemRoot\system32\drivers\vsmraid.sys
VSS = %systemroot%\system32\vssvc.exe
vstor2 = \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
vstor2-ws60 = \??\D:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
W32Time = %SystemRoot%\system32\svchost.exe -k LocalService
WacomPen = \SystemRoot\system32\drivers\wacompen.sys
Wanarp = system32\DRIVERS\wanarp.sys
Wanarpv6 = system32\DRIVERS\wanarp.sys
wbengine = "%systemroot%\system32\wbengine.exe"
WcesComm = %SystemRoot%\system32\svchost.exe -k WindowsMobile
wcncsvc = %SystemRoot%\System32\svchost.exe -k LocalService
WcsPlugInService = %SystemRoot%\system32\svchost.exe -k wcssvc
Wd = \SystemRoot\system32\drivers\wd.sys
Wdf01000 = system32\drivers\Wdf01000.sys
WdiServiceHost = %SystemRoot%\System32\svchost.exe -k wdisvc
WdiSystemHost = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
WebClient = %SystemRoot%\system32\svchost.exe -k LocalService
Wecsvc = %SystemRoot%\system32\svchost.exe -k NetworkService
wercplsupport = %SystemRoot%\System32\svchost.exe -k netsvcs
WerSvc = %SystemRoot%\System32\svchost.exe -k WerSvcGroup
WinDefend = %SystemRoot%\System32\svchost.exe -k secsvcs
WinHttpAutoProxySvc = %SystemRoot%\system32\svchost.exe -k LocalService
Winmgmt = %systemroot%\system32\svchost.exe -k netsvcs
WinRM = %SystemRoot%\System32\svchost.exe -k NetworkService
WINUSB = system32\DRIVERS\WinUSB.SYS
Wlansvc = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
WmiAcpi = \SystemRoot\system32\drivers\wmiacpi.sys
wmiApSrv = %systemroot%\system32\wbem\WmiApSrv.exe
WMPNetworkSvc = "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
WPCSvc = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
WPDBusEnum = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
ws2ifsl = \SystemRoot\system32\drivers\ws2ifsl.sys
wscsvc = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
WSearch = %systemroot%\system32\SearchIndexer.exe /Embedding
wuauserv = %systemroot%\system32\svchost.exe -k netsvcs
WUDFRd = system32\DRIVERS\WUDFRd.sys
wudfsvc = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
yukonwlh = system32\DRIVERS\yk60x86.sys
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = about:blank
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\Windows\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
StartupPrograms = rdpclip
CfgDll = RDPCFGEX.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
{8C7461EF-2B13-11d2-BE35-3078302C2030} = %SystemRoot%\system32\browseui.dll
{E31004D1-A431-41B8-826F-E902F9D95C81} = %SystemRoot%\System32\DreamScene.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} = D:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} = D:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} = D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{111CAA23-6F4F-42AC-8555-B48C1D87BBAB} = C:\Windows\system32\gigagetbho_v10.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} = d:\Program Files\FlashGet\jccatch.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} =
{F156768E-81EF-470C-9057-481BA8380DBA} = d:\Program Files\FlashGet\getflash.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\system32\ieframe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
{30351349-7B7D-4FCC-81B4-1E394CA267EB} = D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{FED7043D-346A-414D-ACD7-550D052499A7} = d:\Program Files\Illustrate\dBpoweramp\dBShell.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute = autocheck autochk *
HKEY_CURRENT_USER\Control Panel\Desktop
SCRNSAVE.EXE = C:\Windows\system32\ssBranded.scr
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
avgwlntf = avgwlntf.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
000000000001 = C:\Windows\system32\mswsock.dll
000000000002 = C:\Windows\system32\mswsock.dll
000000000003 = C:\Windows\system32\mswsock.dll
000000000004 = C:\Windows\system32\mswsock.dll
000000000005 = C:\Windows\system32\mswsock.dll
000000000006 = C:\Windows\system32\mswsock.dll
000000000007 = C:\Windows\system32\mswsock.dll
000000000008 = C:\Windows\system32\mswsock.dll
000000000009 = C:\Windows\system32\mswsock.dll
000000000010 = C:\Windows\system32\mswsock.dll
000000000011 = C:\Windows\system32\mswsock.dll
000000000012 = C:\Windows\system32\mswsock.dll
000000000013 = C:\Windows\system32\mswsock.dll
000000000014 = C:\Windows\system32\mswsock.dll
000000000015 = C:\Windows\system32\mswsock.dll
000000000016 = C:\Windows\system32\mswsock.dll
000000000017 = C:\Windows\system32\mswsock.dll
000000000018 = C:\Windows\system32\mswsock.dll
000000000019 = C:\Windows\system32\mswsock.dll
000000000020 = C:\Windows\system32\mswsock.dll
000000000021 = C:\Windows\system32\mswsock.dll
000000000022 = C:\Windows\system32\mswsock.dll
000000000023 = C:\Windows\system32\mswsock.dll
000000000024 = C:\Windows\system32\mswsock.dll
000000000025 = C:\Windows\system32\mswsock.dll
000000000026 = C:\Windows\system32\mswsock.dll
000000000027 = C:\Windows\system32\mswsock.dll
000000000028 = C:\Windows\system32\mswsock.dll
000000000029 = C:\Windows\system32\mswsock.dll
000000000030 = C:\Windows\system32\mswsock.dll
[Hosts]
127.0.0.1 localhost
::1 localhost
|
|
|
 |
|
| [Question] System SnapShot |
08/08/2007 20:56:22 (+0700) | #2 | 77789 |
![[Avatar]](/hvaonline/images/avatar/6d8fd617dbf3e2c1e12be59585cdb1f9.jpg "[Avatar]")
|
tmd
Member
![[Minus]](/hvaonline/templates/viet/images/minus.gif "[Minus]") |
0 |
![[Plus]](/hvaonline/templates/viet/images/plus.gif "[Plus]")
|
|
Joined: 28/06/2006 03:39:48
Messages: 2951
Offline
|
|
| Log chỉ dành cho dân không bị cận, viễn. NÓi vui vậy thôi, log nhiều chi tiết hơn hijackthis. |
|
| 3 giai đoạn của con... người, ban đầu dek biết gì thì phải thăm dò, sau đó biết rồi thì phải thân thiết, sau cùng khi quá thân thiết rồi thì phải tình thương mến thương. Nhưng mà không thương được thì ... |
|
|
|
| [Question] System SnapShot |
09/08/2007 03:27:24 (+0700) | #3 | 77870 |
LeVuHoang
HVA Friend
|
Joined: 08/03/2003 16:54:07
Messages: 1155
Offline
|
|
Cái log này gần đầy đủ như cái autorun của Sysinternals, như vậy mới... chắc ăn  ). Còn hijack thì cũng chưa đầy đủ lắm.
Thông thường thì chỉ cần coi Running Process và Run là đủ rồi. Nếu không phát hiện ra gì lạ thì mới xem phần sau. |
|
|
|
|
| [Question] System SnapShot |
10/08/2007 22:32:04 (+0700) | #4 | 78263 |
Mr.Khoai
Moderator
|
Joined: 27/06/2006 01:55:07
Messages: 954
Offline
|
|
Cám ơn anh LeVuHoang. Có thêm một tool rất có ích cho anh em
khoai |
|
|
|
|
| [Question] Re: System SnapShot |
10/08/2007 22:47:19 (+0700) | #5 | 78268 |
![[Avatar]](/hvaonline/images/avatar/3f44f3018ff71ff4a7d22a98f3babb55.png "[Avatar]")
|
quanta
Moderator
|
Joined: 28/07/2006 14:44:21
Messages: 7265
Location: $ locate `whoami`
Offline
|
|
Chào LeVuHoang
Tớ có vài góp ý thế này:
1. Sao Hoàng không làm cái Progress bar, sau khi tớ chí vào Create SnapShot, nó "đơ" ra một lúc, rồi hiện ra "Log file save to:..."
2. Hoàng nên cho User chọn folder to save log file |
|
| Let's build on a great foundation! |
|
|
|
| [Question] System SnapShot |
11/08/2007 05:29:43 (+0700) | #6 | 78345 |
LeVuHoang
HVA Friend
|
Joined: 08/03/2003 16:54:07
Messages: 1155
Offline
|
|
ah, tại Hoàng định làm đơn giản đó mà. Người dùng cuối thì cũng không cần phải biết nhiều, click 1 cái rồi send file thôi  |
|
|
|
|
| [Question] Re: System SnapShot |
12/08/2007 04:33:31 (+0700) | #7 | 78483 |
![[Avatar]](/hvaonline/images/avatar/291409c55e2d4893c4d679e0884a994e.jpg "[Avatar]")
|
Ghost Ship
Member
|
|
0 |
|
|
Joined: 21/03/2007 12:10:46
Messages: 467
Location: Đáy biển
Offline
|
|
Em thấy Hijackthis lợi ở chỗ nó có web phân tích kết quả scan. Như vậy sẽ nhanh và tiện hơn tự phân tích bo bằng mắt rất nhiều.
Nó còn có chức năng Fix Checked nữa, nhanh hơn vào tìm xóa bo trong registry.
Nhiều key kô phải do malware tạo ra mà là key của OS bị malware lợi dụng thì được Fix rất chính xác. nhiều người nếu xử lý thủ công khéo còn del những key này luôn.
Mà em vẫn kô biết sử dụng cái MD5 như thế nào  ( em thấy kết quả cái chuỗi ấy của các file trên máy em lại khác với md5 của các file mà bác Hoàng post trên kia mà chuối ấy ở trên trang web của hijackthis cũng khác. tại sao lại như vậy?
Em tìm hiểu về nó mấy hôm nay nhưng vẫn mơ hồ quá. bác nào chỉ hộ em với! Hic thấy người ta nói về nó nhiều quá mà mình chả biết nó là gì, ngai quá  ) |
|
|
|
|
| [Question] System SnapShot |
12/08/2007 05:22:44 (+0700) | #8 | 78487 |
LeVuHoang
HVA Friend
|
Joined: 08/03/2003 16:54:07
Messages: 1155
Offline
|
|
GS xem thêm về MD5 nhé:
http://en.wikipedia.org/wiki/MD5
Sở dĩ MD5 trên máy Hoàng và máy GS khác nhau là vì 2 tập tin khác nhau (nhưng trùng tên). Vì Hoàng đang sử dụng Windows Vista, còn có thể GS sử dụng Windows XP |
|
|
|
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
Thảo luận virus, trojan, spyware, worm...
![[Profile]](/hvaonline/templates/viet/images/en_US/icon_profile.gif "[Profile]"){kind=icon}
![[PM]](/hvaonline/templates/viet/images/en_US/icon_pm.gif "[PM]"){kind=icon}
![[Up]](/hvaonline/templates/viet/images/en_US/icon_up.gif "[Up]"){kind=icon}
![[Print Copy]](/hvaonline/templates/viet/images/en_US/icon_print.gif "[Print Copy]"){kind=icon}
![[digg]](/hvaonline/templates/viet/images/digg.gif "[digg]")
![[delicious]](/hvaonline/templates/viet/images/delicious.gif "[delicious]")
![[google]](/hvaonline/templates/viet/images/google.gif "[google]")
![[yahoo]](/hvaonline/templates/viet/images/yahoo.gif "[yahoo]")
![[technorati]](/hvaonline/templates/viet/images/technorati.gif "[technorati]")
![[reddit]](/hvaonline/templates/viet/images/reddit.gif "[reddit]")
![[stumbleupon]](/hvaonline/templates/viet/images/stumbleupon.gif "[stumbleupon]")