Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need testers, please!


  • This topic is locked This topic is locked

#1
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello and welcome,
I've developed a little tool which lists at the moment only Processes and Services. Also the header can read out some information about the OS. (Architecture, system, ServicePack, etc.)

First, a ToDo List:

  • Processes
  • Services
  • Drivers
  • RegistrySection
  • FilesSection
  • FixSection
  • Expand the Whitelist
  • Design
  • Icon

Known Bugs:

  • Still some file path errors (under Services) - explanation to this will follow tomorrow (29.10.2013)
  • Too high Net.Framework (At the moment 4.5!)
  • Bug with listing Drivers
  • Another bug with listing drivers

Example Log (08.11.2013):

MVS - Machiavelli's Scanner - Version 1.0.0.1.
MVS Logfile created on: 28.11.2013 18:58:10 Logfile saved under = C:\Users\Machiavelli\Desktop\MVS.txt
Running from C:\Users\Machiavelli\Desktop\MVS.exe
SYSTEM => Microsoft Windows 8.1 64 bit 

=== Processes ===

C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 9444 ]  (Google Inc.)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 11608 ]  (Google Inc.)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 8972 ]  (Google Inc.)
C:\WINDOWS\system32\taskhostex.exe [ 10804 ]  (Microsoft Corporation)
C:\Windows\System32\RuntimeBroker.exe [ 10212 ]  (Microsoft Corporation)
C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Packages\Debugger\X64\msvsmon.exe [ 12568 ]  (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 6856 ]  (Google Inc.)
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [ 8420 ]  (Microsoft Corporation)
C:\WINDOWS\system32\DllHost.exe [ 7432 ]  (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 1664 ]  (Google Inc.)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 6820 ]  (Google Inc.)
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [ 10176 ]  (Microsoft Corporation)
C:\WINDOWS\system32\conhost.exe [ 6628 ]  (Microsoft Corporation)
C:\Users\Machiavelli\Desktop\MVS.exe [ 5640 ]  ()
C:\Program Files\AVAST Software\Avast\avastui.exe [ 5436 ]  (AVAST Software)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 5832 ]  (Google Inc.)
C:\Users\Machiavelli\documents\visual studio 2012\Projects\MVS\MVS\bin\Debug\MVS.vshost.exe [ 8576 ]  (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 9560 ]  (Google Inc.)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 5812 ]  (Google Inc.)
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\MSBuildTaskHost.exe [ 10340 ]  (Microsoft Corporation)
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe [ 9548 ]  (Oracle Corporation)
C:\WINDOWS\Explorer.EXE [ 8168 ]  (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Roaming\Dropbox\bin\Dropbox.exe [ 6392 ]  (Dropbox, Inc.)
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [ 10180 ]  (Oracle Corporation)
C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe [ 14040 ]  (Microsoft Corporation)
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [ 10864 ]  (Oracle Corporation)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [ 2112 ]  (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe [ 11832 ]  (Google Inc.)
C:\WINDOWS\syswow64\wwahost.exe [ 1384 ]  (Microsoft Corporation)

=== Services ===

SRV - [ AdobeFlashPlayerUpdateSvc | Adobe Flash Player Update Service | Stopped] - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - [10.09.2013 14:45:42 | 257416 | (Adobe Systems Incorporated)]
SRV - [ AMD FUEL Service | AMD FUEL Service | Running] - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService => File not found!
SRV - [ avast! Antivirus | avast! Antivirus | Running] - C:\Program Files\AVAST Software\Avast\AvastSvc.exe - [01.11.2013 11:10:56 | 50344 | (AVAST Software)]
SRV - [ MBAMScheduler | MBAMScheduler | Running] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - [11.11.2013 19:10:48 | 418376 | (Malwarebytes Corporation)]
SRV - [ MBAMService | MBAMService | Stopped] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - [11.11.2013 19:10:48 | 701512 | (Malwarebytes Corporation)]
SRV - [ MozillaMaintenance | Mozilla Maintenance Service | Stopped] - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe - [28.10.2013 11:32:50 | 119408 | (Mozilla Foundation)]
SRV - [ Steam Client Service | Steam Client Service | Stopped] - C:\Program Files (x86)\Common Files\Steam\SteamService.exe - [18.07.2013 08:00:01 | 566696 | (Valve Corporation)]
SRV - [ VsEtwService120 | Visual Studio ETW-Ereignisauflistungsdienst | Stopped] - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe - [05.10.2013 00:58:24 | 87728 | (Microsoft Corporation)]
SRV - [ WinDefend | Windows Defender-Dienst | Stopped] - C:\Program Files\Windows Defender\MsMpEng.exe - [22.08.2013 13:30:34 | 23840 | (Microsoft Corporation)]

=== Drivers ===

DRV - [ aswFsBlk | 2 | 38984] - C:\WINDOWS\system32\drivers\aswFsBlk.sys (AVAST Software)
DRV - [ aswMonFlt | 2 | 84328] - C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - [ aswRdr | 1 | 92544] - C:\WINDOWS\system32\drivers\aswRdr2.sys (AVAST Software)
DRV - [ aswSnx | 1 | 1032416] - C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - [ aswSP | 1 | 409832] - C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - [ MBAMProtector | 3 | 25928] - C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - [ speedfan | 2 | 28664] - C:\WINDOWS\SysWOW64\speedfan.sys (Almico Software)
DRV - [ VBoxDrv | 1 | 252688] - C:\Windows\system32\DRIVERS\VBoxDrv.sys (Oracle Corporation)
DRV - [ VBoxNetAdp | 3 | 140560] - C:\Windows\system32\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV - [ VBoxNetFlt | 3 | 154896] - C:\Windows\system32\DRIVERS\VBoxNetFlt.sys (Oracle Corporation)
DRV - [ VBoxUSBMon | 1 | 126736] - C:\Windows\system32\DRIVERS\VBoxUSBMon.sys (Oracle Corporation)
DRV - [ aswMBR | 3 |  File not found ] - C:\Users\MACHIA~1\AppData\Local\Temp\aswMBR.sys

Instructions:

  • Start the program as Administrator
  • Click on the button Scan
  • Wait a while
  • A log is produced in the same location where the exe file is saved
  • Please post that log

Changelog:

Version 1.0.0.
- Tool lists Processes and Services

Version 1.0.0.1
- Tool lists Drivers
- Fixed a bug (if the file doesn't exist a error message pop up)
- Another bug (Didn't list all drivers)
- Fixed a formatting issues with the drivers

Attached Files


Edited by Machiavelli, 28 November 2013 - 11:59 AM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,794 posts
Ran from Windows 7 32 bit home premium


=== Services/Drivers ===

(AdobeFlashPlayerUpdateSvc) - Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Flash Player Update Service)
(aic78xx) - SystemRoot\system32\DRIVERS\djsvs.sys ()
(aliide) - SystemRoot\system32\drivers\aliide.sys ()
(amdagp) - SystemRoot\system32\drivers\amdagp.sys (AMD AGP Bus Filter Driver)
(amdide) - SystemRoot\system32\drivers\amdide.sys ()
(amdiox86) - system32\DRIVERS\amdiox86.sys (AMD IO Driver)
(AODDriver4.01) - Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys (AODDriver4.01)
(AODDriver4.2) - Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys (AODDriver4.2)
(Apple Mobile Device) - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (Apple Mobile Device)
(AppMgmt) - Windows\system32\svchost.exe -k netsvcs ()
(atikmdag) - SystemRoot\system32\drivers\atikmdag.sys ()
(b57nd60x) - system32\DRIVERS\b57nd60x.sys (Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0)
(blbdrive) - system32\DRIVERS\blbdrive.sys ()
(Bonjour Service) - "C:\Program Files\Bonjour\mDNSResponder.exe" (Bonjour Service)
(BrFiltLo) - SystemRoot\system32\DRIVERS\BrFiltLo.sys (Brother USB Mass-Storage Lower Filter Driver)
(BrFiltUp) - SystemRoot\system32\DRIVERS\BrFiltUp.sys (Brother USB Mass-Storage Upper Filter Driver)
(BridgeMP) - system32\DRIVERS\bridge.sys (@%SystemRoot%\system32\bridgeres.dll,-1)
(BrSerIb) - system32\DRIVERS\BrSerIb.sys (Brother Serial Interface Driver(WDM))
(Brserid) - system32\DRIVERS\BrSerId.sys (Brother MFC Serial Port Interface Driver (WDM))
(BrSerWdm) - SystemRoot\System32\Drivers\BrSerWdm.sys (Brother WDM Serial driver)
(BrUsbMdm) - SystemRoot\System32\Drivers\BrUsbMdm.sys (Brother MFC USB Fax Only Modem)
(BrUsbSer) - system32\DRIVERS\BrUsbSer.sys (Brother MFC USB Serial WDM Driver)
(BrUsbSIb) - system32\DRIVERS\BrUsbSIb.sys (Brother Serial USB Driver(WDM))
(BrYNSvc) - "C:\Program Files\Browny02\BrYNSvc.exe" (BrYNSvc)
(catchme) - Users\JOE\AppData\Local\Temp\catchme.sys ()
(clr_optimization_v2.0.50727_32) - Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft .NET Framework NGEN v2.0.50727_X86)
(clr_optimization_v4.0.30319_32) - Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft .NET Framework NGEN v4.0.30319_X86)
(cmdide) - SystemRoot\system32\drivers\cmdide.sys ()
(Compbatt) - SystemRoot\system32\DRIVERS\compbatt.sys ()
(crcdisk) - SystemRoot\system32\DRIVERS\crcdisk.sys (Crcdisk Filter Driver)
(DfsC) - System32\Drivers\dfsc.sys (@%systemroot%\system32\drivers\dfsc.sys,-101)
(Disk) - system32\DRIVERS\disk.sys (Disk Driver)
(EapHost) - Windows\System32\svchost.exe -k netsvcs (@%systemroot%\system32\eapsvc.dll,-1)
(ehRecvr) - Windows\ehome\ehRecvr.exe (@%SystemRoot%\ehome\ehrecvr.exe,-101)
(ehSched) - Windows\ehome\ehsched.exe (@%SystemRoot%\ehome\ehsched.exe,-101)
(elxstor) - SystemRoot\system32\DRIVERS\elxstor.sys ()
(eventlog) - Windows\System32\svchost.exe -k LocalServiceNetworkRestricted (@%SystemRoot%\system32\wevtsvc.dll,-200)
(GEARAspiWDM) - system32\DRIVERS\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
(hcw85cir) - SystemRoot\system32\drivers\hcw85cir.sys (Hauppauge Consumer Infrared Receiver)
(idsvc) - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193)
(IPBusEnum) - Windows\system32\svchost.exe -k LocalSystemNetworkRestricted (@%systemroot%\system32\IPBusEnum.dll,-102)
(iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (iPod Service)
(LSI_FC) - SystemRoot\system32\DRIVERS\lsi_fc.sys ()
(MBAMSwissArmy) - Windows\system32\drivers\mbamswissarmy.sys ()
(Mcx2Svc) - Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation (@%SystemRoot%\ehome\ehres.dll,-15501)
(MozillaMaintenance) - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" (Mozilla Maintenance Service)
(MpFilter) - system32\DRIVERS\MpFilter.sys (Microsoft Malware Protection Driver)
(mpio) - SystemRoot\system32\drivers\mpio.sys (Microsoft Multi-Path Bus Driver)
(msahci) - SystemRoot\system32\drivers\msahci.sys ()
(msdsm) - SystemRoot\system32\drivers\msdsm.sys (Microsoft Multi-Path Device Specific Module)
(MsMpSvc) - "c:\Program Files\Microsoft Security Client\MsMpEng.exe" (Microsoft Antimalware Service)
(NetMsmqActivator) - "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195)
(NetPipeActivator) - Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197)
(netr73) - system32\DRIVERS\netr73.sys (Netopia RT73 Wireless Driver for Vista)
(NetTcpActivator) - Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199)
(NisDrv) - system32\DRIVERS\NisDrvWFP.sys (Microsoft Network Inspection System)
(NisSrv) - "c:\Program Files\Microsoft Security Client\NisSrv.exe" (@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243)
(ohci1394) - SystemRoot\system32\drivers\ohci1394.sys (1394 OHCI Compliant Host Controller (Legacy))
(Parvdm) - system32\DRIVERS\parvdm.sys ()
(ProtectedStorage) - Windows\system32\lsass.exe (@%systemroot%\system32\psbase.dll,-300)
(ql2300) - SystemRoot\system32\DRIVERS\ql2300.sys ()
(ql40xx) - SystemRoot\system32\DRIVERS\ql40xx.sys ()
(RDPCDD) - System32\DRIVERS\RDPCDD.sys (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100)
(RDPENCDD) - system32\drivers\rdpencdd.sys (@%systemroot%\system32\drivers\RDPENCDD.sys,-101)
(RDPREFMP) - system32\drivers\rdprefmp.sys (@%systemroot%\system32\drivers\RdpRefMp.sys,-101)
(ROOTMODEM) - System32\Drivers\RootMdm.sys (Microsoft Legacy Modem Driver)
(RTL8167) - system32\DRIVERS\Rt86win7.sys (Realtek 8167 NT Driver)
(sffdisk) - SystemRoot\system32\drivers\sffdisk.sys (SFF Storage Class Driver)
(sffp_mmc) - SystemRoot\system32\drivers\sffp_mmc.sys (SFF Storage Protocol Driver for MMC)
(sffp_sd) - SystemRoot\system32\drivers\sffp_sd.sys (SFF Storage Protocol Driver for SDBus)
(sisagp) - SystemRoot\system32\drivers\sisagp.sys (SIS AGP Bus Filter)
(Smb) - system32\DRIVERS\smb.sys (@%SystemRoot%\system32\tcpipcfg.dll,-50005)
(sppuinotify) - Windows\system32\svchost.exe -k LocalService (@%SystemRoot%\system32\sppuinotify.dll,-103)
(SrvHsfPCI) - system32\DRIVERS\VSTBS23.SYS ()
(SrvHsfV92) - system32\DRIVERS\VSTDPV3.SYS ()
(SrvHsfWinac) - system32\DRIVERS\VSTCNXT3.SYS ()
(sscdbus) - system32\DRIVERS\sscdbus.sys (SAMSUNG USB Composite Device driver (WDM))
(sscdmdfl) - system32\DRIVERS\sscdmdfl.sys (SAMSUNG Mobile Modem Filter)
(sscdmdm) - system32\DRIVERS\sscdmdm.sys (SAMSUNG Mobile Modem Drivers)
(sscdserd) - system32\DRIVERS\sscdserd.sys (SAMSUNG Mobile Modem Diagnostic Serial Port (WDM))
(StiSvc) - Windows\system32\svchost.exe -k imgsvc (@%SystemRoot%\system32\wiaservc.dll,-9)
(TBS) - Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation (@%SystemRoot%\system32\tbssvc.dll,-100)
(TDPIPE) - system32\drivers\tdpipe.sys (TDPIPE)
(TDTCP) - system32\drivers\tdtcp.sys (TDTCP)
(TermDD) - SystemRoot\system32\drivers\termdd.sys (Terminal Device Driver)
(tssecsrv) - System32\DRIVERS\tssecsrv.sys (@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101)
(usbscan) - system32\DRIVERS\usbscan.sys (USB Scanner Driver)
(UxSms) - Windows\System32\svchost.exe -k LocalSystemNetworkRestricted (@%SystemRoot%\system32\dwm.exe,-2000)
(vga) - system32\DRIVERS\vgapnp.sys ()
(VgaSave) - SystemRoot\System32\drivers\vga.sys ()
(viaagp) - SystemRoot\system32\drivers\viaagp.sys (VIA AGP Bus Filter)
(ViaC7) - SystemRoot\system32\DRIVERS\viac7.sys (VIA C7 Processor Driver)
(VSTHWBS2) - system32\DRIVERS\VSTBS23.SYS ()
(VST_DPV) - system32\DRIVERS\VSTDPV3.SYS ()
(WANARP) - system32\DRIVERS\wanarp.sys (@%systemroot%\system32\rascfg.dll,-32011)
(WatAdminSvc) - Windows\system32\Wat\WatAdminSvc.exe (@%SystemRoot%\system32\Wat\WatUX.exe,-601)
(WfpLwf) - system32\DRIVERS\wfplwf.sys (WFP Lightweight Filter)
(winachsf) - system32\DRIVERS\VSTCNXT3.SYS ()
(Wlansvc) - Windows\system32\svchost.exe -k LocalSystemNetworkRestricted (@%SystemRoot%\System32\wlansvc.dll,-257)
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
Updated :) In my first post there is a new Attachment - it would be nice if you could try again ;)
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,794 posts
Here you go...

=== Services/Drivers ===

(AdobeFlashPlayerUpdateSvc) - Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Flash Player Update Service)
(Apple Mobile Device) - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (Apple Mobile Device)
(Bonjour Service) - "C:\Program Files\Bonjour\mDNSResponder.exe" (Bonjour Service)
(ehRecvr) - Windows\ehome\ehRecvr.exe (@%SystemRoot%\ehome\ehrecvr.exe,-101)
(ehSched) - Windows\ehome\ehsched.exe (@%SystemRoot%\ehome\ehsched.exe,-101)
(elxstor) - SystemRoot\system32\DRIVERS\elxstor.sys ()
(iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (iPod Service)
(MBAMSwissArmy) - Windows\system32\drivers\mbamswissarmy.sys ()
(MozillaMaintenance) - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" (Mozilla Maintenance Service)
(MsMpSvc) - "c:\Program Files\Microsoft Security Client\MsMpEng.exe" (Microsoft Antimalware Service)
  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
So many thanks to you - you really helped me ;)
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,794 posts
Just make sure my name gets listed on the developer / Tester, in the product development section ...




Joe :)
  • 0

#7
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Here's me. Windows 7 64bit.


=== Services/Drivers ===

(A2DDA) - Users\Nutloaf\Desktop\Run\a2ddax64.sys (A2 Direct Disk Access Support Driver)
(AdobeARMservice) - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" (Adobe Acrobat Update Service)
(AdobeFlashPlayerUpdateSvc) - Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Flash Player Update Service)
(Apple Mobile Device) - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (Apple Mobile Device)
(aswFsBlk) - Windows\system32\drivers\aswFsBlk.sys (aswFsBlk)
(aswMonFlt) - Windows\system32\drivers\aswMonFlt.sys (aswMonFlt)
(aswRdr) - Windows\system32\drivers\aswRdr2.sys (aswRdr)
(aswSnx) - Windows\system32\drivers\aswSnx.sys (aswSnx)
(aswSP) - Windows\system32\drivers\aswSP.sys (aswSP)
(aswTdi) - Windows\system32\drivers\aswTdi.sys (aswTdi)
(AudioSrv) - Windows\System32\svchost.exe -k LocalServiceNetworkRestricted (@%SystemRoot%\system32\audiosrv.dll,-200)
(avast! Antivirus) - "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" (avast! Antivirus)
(b57nd60a) - system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0)
(Bonjour Service) - "C:\Program Files\Bonjour\mDNSResponder.exe" (Bonjour Service)
(clr_optimization_v2.0.50727_64) - Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft .NET Framework NGEN v2.0.50727_X64)
(clr_optimization_v4.0.30319_64) - Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft .NET Framework NGEN v4.0.30319_X64)
(Creative Audio Engine Licensing Service) - "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" (Creative Audio Engine Licensing Service)
(Dot4) - system32\DRIVERS\Dot4.sys (MS IEEE-1284.4 Driver)
(Dot4Print) - SystemRoot\system32\drivers\Dot4Prt.sys (Print Class Driver for IEEE-1284.4)
(dot4usb) - system32\DRIVERS\dot4usb.sys (MS Dot4USB Filter Dot4USB Filter)
(e1yexpress) - system32\DRIVERS\e1y62x64.sys (Intel® Gigabit Network Connections Driver)
(ehRecvr) - Windows\ehome\ehRecvr.exe (@%SystemRoot%\ehome\ehrecvr.exe,-101)
(ehSched) - Windows\ehome\ehsched.exe (@%SystemRoot%\ehome\ehsched.exe,-101)
(elxstor) - SystemRoot\system32\DRIVERS\elxstor.sys ()
(ggflt) - system32\DRIVERS\ggflt.sys (SEMC USB Flash Driver Filter)
(ggsemc) - system32\DRIVERS\ggsemc.sys (SEMC USB Flash Driver)
(gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (Google Update Service (gupdate))
(gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (Google Update Service (gupdatem))
(HECIx64) - system32\DRIVERS\HECIx64.sys (Intel® Management Engine Interface)
(hpqcxs08) - Windows\system32\svchost.exe -k hpdevmgmt (hpqcxs08)
(Intel® PROSet Monitoring Service) - Windows\system32\IProsetMonitor.exe (Intel® PROSet Monitoring Service)
(iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (iPod Service)
(LMS) - Program Files (x86)\Intel\AMT\LMS.exe (Intel® Management and Security Application Local Management Service)
(Net Driver HPZ12) - Windows\System32\svchost.exe -k HPZ12 ()
(nvlddmkm) - system32\DRIVERS\nvlddmkm.sys ()
(nvsvc) - "C:\Windows\system32\nvvsvc.exe" (NVIDIA Display Driver Service)
(P17) - system32\drivers\P17.sys (SB Audigy)
(Pml Driver HPZ12) - Windows\System32\svchost.exe -k HPZ12 ()
(RimUsb) - System32\Drivers\RimUsb_AMD64.sys (BlackBerry Smartphone)
(SbieDrv) - Program Files\Sandboxie\SbieDrv.sys (SbieDrv)
(SbieSvc) - "C:\Program Files\Sandboxie\SbieSvc.exe" (Sandboxie Service)
(Sony PC Companion) - "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" (Sony PC Companion)
(sptd) - System32\Drivers\sptd.sys ()
(tvnserver) - "C:\Users\Nutloaf\AppData\Local\CrossLoop\tvnserver.exe" -service (TightVNC Server)
(UNS) - Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel® Management and Security Application User Notification Service)
(USBAAPL64) - System32\Drivers\usbaapl64.sys (Apple Mobile USB Driver)
(wanatw) - system32\DRIVERS\wanatw64.sys (WAN Miniport (ATW))
  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
Updated 28.10.2013 ~ Please download the new attachment in the first post and try again :)
  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
A new update! Maybe the path problem is now fixed :)
  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
New version released.

New Syntax:

SRV - [ SERVICENAME | DISPLAYNAME | STATUS] - FILENAME [CREATION DATE | FILE SIZE | (COMPANY NAME)]

New Attachement in first post! PLEASE test it :)
  • 0

Advertisements


#11
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Here we go :)

=== Services ===

SRV - [ AdobeFlashPlayerUpdateSvc | Adobe Flash Player Update Service | Stopped] - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/05/2012 23:27:40 | 257416 | (Adobe Systems Incorporated)]
SRV - [ Apple Mobile Device | Apple Mobile Device | Running] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [07/09/2013 09:13:38 | 55624 | (Apple Inc.)]
SRV - [ avast! Antivirus | avast! Antivirus | Running] - C:\Program Files\AVAST Software\Avast\AvastSvc.exe [20/10/2013 00:25:36 | 50344 | (AVAST Software)]
SRV - [ Bonjour Service | Bonjour Service | Running] - C:\Program Files\Bonjour\mDNSResponder.exe [31/08/2011 00:05:32 | 462184 | (Apple Inc.)]
SRV - [ Creative Audio Engine Licensing Service | Creative Audio Engine Licensing Service | Stopped] - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [02/05/2012 22:16:32 | 79360 | (Creative Labs)]
SRV - [ ehRecvr | Windows Media Center Receiver Service | Stopped] - C:\Windows\ehome\ehRecvr.exe [03/05/2012 01:24:34 | 696832 | (Microsoft Corporation)]
SRV - [ ehSched | Windows Media Center Scheduler Service | Stopped] - C:\Windows\ehome\ehsched.exe [14/07/2009 01:24:23 | 127488 | (Microsoft Corporation)]
SRV - [ gupdate | Google Update Service (gupdate) | Stopped] - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [CTF | FSF | ()]
SRV - [ gupdatem | Google Update Service (gupdatem) | Stopped] - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [CTF | FSF | ()]
SRV - [ Intel® PROSet Monitoring Service | Intel® PROSet Monitoring Service | Running] - C:\Windows\system32\IProsetMonitor.exe [04/05/2012 00:43:09 | 189608 | (Intel Corporation)]
SRV - [ iPod Service | iPod Service | Running] - C:\Program Files\iPod\bin\iPodService.exe [01/10/2013 02:23:18 | 641352 | (Apple Inc.)]
SRV - [ SbieSvc | Sandboxie Service | Running] - C:\Program Files\Sandboxie\SbieSvc.exe [08/07/2013 12:29:02 | 183896 | (Sandboxie Holdings, LLC)]
SRV - [ Sony PC Companion | Sony PC Companion | Stopped] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [27/07/2013 02:27:34 | 155824 | (Avanquest Software)]
SRV - [ tvnserver | TightVNC Server | Stopped] - C:\Users\Nutloaf\AppData\Local\CrossLoop\tvnserver.exe" -service [CTF | FSF | ()]
SRV - [ UNS | Intel® Management and Security Application User Notification Service | Running] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [04/05/2012 00:53:24 | 2066968 | (Intel Corporation)]
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,794 posts
=== Services ===

SRV - [ AdobeFlashPlayerUpdateSvc | Adobe Flash Player Update Service | Stopped] - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 7:55:06 AM | 257416 | (Adobe Systems Incorporated)]
SRV - [ Apple Mobile Device | Apple Mobile Device | Stopped] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [12/21/2012 4:27:46 PM | 57008 | (Apple Inc.)]
SRV - [ Bonjour Service | Bonjour Service | Stopped] - C:\Program Files\Bonjour\mDNSResponder.exe [8/30/2011 11:05:02 PM | 390504 | (Apple Inc.)]
SRV - [ ehRecvr | Windows Media Center Receiver Service | Stopped] - C:\Windows\ehome\ehRecvr.exe [4/13/2011 4:26:58 PM | 556544 | (Microsoft Corporation)]
SRV - [ ehSched | Windows Media Center Scheduler Service | Stopped] - C:\Windows\ehome\ehsched.exe [7/13/2009 8:09:49 PM | 94720 | (Microsoft Corporation)]
SRV - [ iPod Service | iPod Service | Stopped] - C:\Program Files\iPod\bin\iPodService.exe [2/20/2013 12:35:06 PM | 553288 | (Apple Inc.)]
SRV - [ MozillaMaintenance | Mozilla Maintenance Service | Stopped] - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:02:19 PM | 118680 | (Mozilla Foundation)]
SRV - [ MsMpSvc | Microsoft Antimalware Service | Running] - c:\Program Files\Microsoft Security Client\MsMpEng.exe [8/12/2013 10:12:38 AM | 22208 | (Microsoft Corporation)]
  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
Thanks! I will try to fix some problems. :)
  • 0

#14
Machiavelli

Machiavelli

    GeekU Moderator

  • Topic Starter
  • GeekU Moderator
  • 3,698 posts
Now the little beta of the big program is coming.

Example Log:

MVS - Machiavelli's Scanner - Version 1.0.0.0
MVS Logfile created on: 29.10.2013 22:26:02 Logfile saved under = C:\Users\Machiavelli\documents\visual studio 2012\Projects\MVS\MVS\bin\Debug\MVS.txt
Running from C:\Users\Machiavelli\documents\visual studio 2012\Projects\MVS\MVS\bin\Debug\MVS.exe
SYSTEM => Microsoft Windows 8.1 64 bit

=== Processes ===

C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Users\Machiavelli\documents\visual studio 2012\Projects\MVS\MVS\bin\Debug\MVS.vshost.exe (Microsoft Corporation)
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation)
C:\WINDOWS\SysWOW64\DllHost.exe (Microsoft Corporation)
C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Packages\Debugger\X64\msvsmon.exe (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe (Microsoft Corporation)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Users\Machiavelli\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Users\Machiavelli\Downloads\HoldOn.exe (darkness unlimited)
C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe (Microsoft Corporation)
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
C:\WINDOWS\system32\taskhostex.exe (Microsoft Corporation)
C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation)
C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
C:\WINDOWS\syswow64\wwahost.exe (Microsoft Corporation)
C:\WINDOWS\system32\conhost.exe (Microsoft Corporation)
C:\Windows\System32\RuntimeBroker.exe (Microsoft Corporation)


=== Services ===

SRV - [ AdobeFlashPlayerUpdateSvc | Adobe Flash Player Update Service | Stopped] - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - [10.09.2013 14:45:42 | 257416 | (Adobe Systems Incorporated)]
SRV - [ Steam Client Service | Steam Client Service | Stopped] - C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService - [CTF | FSF | ()]
SRV - [ MozillaMaintenance | Mozilla Maintenance Service | Stopped] - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe - [28.10.2013 11:32:50 | 118680 | (Mozilla Foundation)]
SRV - [ PnkBstrA | PnkBstrA | Running] - C:\WINDOWS\system32\PnkBstrA.exe - [01.01.1601 01:00:00 | FSF | ()]

Please give it a try ;)

Instructions:

  • Start the program as Administrator
  • Click on the button Scan
  • Wait a while
  • A log is produced in the same location where the exe file is saved
  • Please post that log

Thanks!

Edited by Machiavelli, 29 October 2013 - 03:33 PM.

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,794 posts
MVS - Machiavelli's Scanner - Version 1.0.0.0
MVS Logfile created on: 10/29/2013 5:33:32 PM Logfile saved under = C:\Users\JOE\Desktop\MVS\MVS.txt
Running from C:\Users\JOE\Desktop\MVS\MVS.exe
SYSTEM => Microsoft Windows 7 Home Premium 32 bitService Pack 1

=== Processes ===

C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
C:\Program Files\NetworkIndicator.exe (ITSamples.com)
C:\Users\JOE\Desktop\MVS\MVS.exe ()
C:\Windows\system32\taskhost.exe (Microsoft Corporation)
C:\Windows\system32\Dwm.exe (Microsoft Corporation)
C:\Windows\system32\conhost.exe (Microsoft Corporation)
C:\Windows\system32\conhost.exe (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Windows\Explorer.EXE (Microsoft Corporation)
C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
C:\Program Files\Start Menu 7\StartMenu7.exe (OrdinarySoft)


=== Services ===

SRV - [ AdobeFlashPlayerUpdateSvc | Adobe Flash Player Update Service | Stopped] - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe - [3/29/2012 7:55:06 AM | 257416 | (Adobe Systems Incorporated)]
SRV - [ Apple Mobile Device | Apple Mobile Device | Stopped] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - [12/21/2012 4:27:46 PM | 57008 | (Apple Inc.)]
SRV - [ Bonjour Service | Bonjour Service | Stopped] - C:\Program Files\Bonjour\mDNSResponder.exe - [8/30/2011 11:05:02 PM | 390504 | (Apple Inc.)]
SRV - [ ehRecvr | Windows Media Center Receiver Service | Stopped] - C:\Windows\ehome\ehRecvr.exe - [4/13/2011 4:26:58 PM | 556544 | (Microsoft Corporation)]
SRV - [ ehSched | Windows Media Center Scheduler Service | Stopped] - C:\Windows\ehome\ehsched.exe - [7/13/2009 8:09:49 PM | 94720 | (Microsoft Corporation)]
SRV - [ iPod Service | iPod Service | Running] - C:\Program Files\iPod\bin\iPodService.exe - [2/20/2013 12:35:06 PM | 553288 | (Apple Inc.)]
SRV - [ MozillaMaintenance | Mozilla Maintenance Service | Stopped] - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe - [4/24/2012 10:02:19 PM | 118680 | (Mozilla Foundation)]
SRV - [ MsMpSvc | Microsoft Antimalware Service | Running] - c:\Program Files\Microsoft Security Client\MsMpEng.exe - [8/12/2013 10:12:38 AM | 22208 | (Microsoft Corporation)]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP