KAVA 1 Report post Posted September 3, 2012 Assalamualaikum. Terlebih dahulu arahan SC adalah spt berikut : SC is a command line program used for communicating with the NT Service Controller and services. Dengan arahan ini juga, kita dapat cipta, buang, mula, hentikan service tertentu. Apabila kita menaip arahan sc query, dia akan senaraikan service yg tgh running. Namun masalahnya tidak semua service dapat dipapar apabila kita scroll up. Bagaimana nak tgk keseluruhan service yg aktif? Sekian. Quote Share this post Link to post Share on other sites
KAVA 1 Report post Posted September 3, 2012 sc query state= all ?? Apabila saya taip sc query ia akan memaparkan senarai list servis yg sedang aktif... Tapi apabila saya bandingkan jumlah running service yg dipapar di dalam command prompt, adalah tidak sama jumlah yg dipaparkan di dalam services.msc Napa ek?? Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted September 3, 2012 (edited) state= all bkn ke tunjuk sume?active x active sume die tunjuk btw,nk buat pe ek gne cmd utk check list services? slalu klu ak gne sc ni pon time nk delete "malware" punye services je yg xnmpk/xle scroll tu limitation kat cmd Edited September 3, 2012 by dvdbane Quote Share this post Link to post Share on other sites
sHäm 4 Report post Posted September 4, 2012 (edited) [quote name='KAVA' timestamp='1346691066' post='1084236'] sc query state= all ?? Apabila saya taip sc query ia akan memaparkan senarai list servis yg sedang aktif... Tapi apabila saya bandingkan jumlah running service yg dipapar di dalam command prompt, adalah tidak sama jumlah yg dipaparkan di dalam services.msc Napa ek?? [/quote] CMD ada limit untuk display character. Apa yang dipaparkan, itulah semaksimum yang dibenarkan. Untuk lihat keseluruhan output, print-out ke Notepad. Untuk lihat [color=#0000cd]running[/color] Services: [CODE]sc query> "%UserProfile%\Desktop\active.txt"[/CODE][list] Untuk lihat secara ringkas terus melalui CMD: [CODE]net start[/CODE] [/list] Untuk lihat [color=#b22222]stopped[/color] Services: [CODE]sc query state= inactive> "%UserProfile%\Desktop\inactive.txt"[/CODE] Untuk lihat semuanya ([color=#0000cd]running[/color] + [color=#b22222]stopped[/color]) Services: [CODE]sc query state= all> "%UserProfile%\Desktop\all.txt"[/CODE] Output file = Desktop. Edited September 4, 2012 by sH@m Quote Share this post Link to post Share on other sites
KAVA 1 Report post Posted September 4, 2012 (edited) Thanks Sh@m... Yup... memang ia tak dapat memaparkan kesemua proses dalam command prompt. Saya dah cuba kira satu-satu... Alang-alang post ni saya nak tanya tentang explorer.exe. Apabila dibuka dengan Process Explorer, pada bahagian command line, dia menunjukkan C:\WINDOWS\[color=#ff0000]explorer.exe[/color], dan kadang-kadang C:\WINDOWS\[color=#ff0000]explorer.EXE [/color] Walaupun berada didalam direktori yg sama, explorer.EXE tu kalau x silap saya tak dapat di verify.... Sekarang ni yg masih ada 2 lagi explorer.exe : C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dllcache\explorer.exe Selepas login windows, dalam Task Manager menunjukkan C:\WINDOWS\explorer.exe, Seterusnya apabila kita buka My Computer atau My Documents dia akan keluar satu lagi proses explorer ( "C:\WINDOWS\explorer.exe" /IDLIST,:680:856,/S ) Adakah ia normal...? Edited September 4, 2012 by KAVA Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted September 4, 2012 explorer.exe xle verify ad 2 sbb je stakat yg ak tahu kne block dgn HIPS security software xpon explorer.exe da kne modified either ko apply theme atau infection utk verify btol2,try buat sfc /verifyonly klu file explorer.exe mmg xbtol,bleh run sfc /scanfile=c:\windows\explorer.exe kdg2 kne run 2 3 kali bru bleh repair file..setiap kali run kne reboot explorer.exe bnyk slalunye klu da set utk run setiap explorer dlm process yg berbeza contoh klu main explorer.exe yg paparkn desktop crash,die xkn kco process explorer.exe yg lain Quote Share this post Link to post Share on other sites
KAVA 1 Report post Posted September 6, 2012 Boh, running services dah tengok dah, sekarang ni nak tgh tgk running drivers. Tapi byk sgt, kawe kena check satu2. Ada tak cara senang nak check benda ni...? Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted September 7, 2012 act nk buat pe ek?? nk check services pastu nk check driver plak?? try gne [url="http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx"]Autoruns[/url] Quote Share this post Link to post Share on other sites
KAVA 1 Report post Posted September 14, 2012 [quote name='dvdbane' timestamp='1346990508' post='1084308'] act nk buat pe ek?? nk check services pastu nk check driver plak?? try gne [url="http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx"]Autoruns[/url] [/quote] Thanks DVDBane... Dalam autoruns pada bahagian Drivers, ada dia highlight warna kuning... Contohnya kompenan fail bernama Changer (changer.sys), WDICA (WDICA) dan sbgnya... Ada juga senarai yg di-highlight merah jambu... Saya nak minta pendapat u all semua apa yg perlu dibuat dgn driver/fail ini semua... Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted September 15, 2012 nk tnye act ko nk buat ap?? ni soklan ke-3...lepas ni ak da xtnye da ko nk buat pe...hahaha warna kuning tu,file tu missing..xde dlm pc warna pink,xle nk verified publisher klu bnyk sgt pink,bleh right click 1 by 1 pastu search online tp klu tunjuk screenshot kat sni pon,ok gak ak xde lgsg driver yg pink,kuning ad la ko pkai windows 7 64 bit ke? Quote Share this post Link to post Share on other sites
KAVA 1 Report post Posted September 20, 2012 (edited) Thanks dvdbane krn sudi membantu... Sebenarnya PC aku ni dimasukki virus, KIS yg aku pakai pun tarak guna. Aku masih tak puas hati lagi, disebabkan apabila shut down windows, selalu keluar msg box svchost error... Aku guna Windows XP SP3... Tujuannya aku nak try belajar perlahan2, utk fix pc sendiri, atau member2 yg memerlukan bantuan... Itu aje... OK ni senarai running driver cuba u all perhatiankan, benda ni biasa atau sebaliknya... Thanks.. [code] SERVICE_NAME: giveio DISPLAY_NAME: giveio TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NetworkX DISPLAY_NAME: NetworkX TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: mvxxmm DISPLAY_NAME: mvxxmm TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: StarOpen DISPLAY_NAME: StarOpen TYPE : 2 FILE_SYSTEM_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: OEM02Afx DISPLAY_NAME: Provides a software interface to control audio effects of OEM002 camera. TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 [/code] Aku confuse jugak mcm mana virus tu masuk... Kondom dah pakai guna KIS 2012 yg pakai serial ceduk ni... update everyday dan still aktif.. Tapi seingat aku, PC ni start problem (masa nak shutdown mengambil masa sampai 1jam), adalah selepas aku cabut cucuk beberapa buah usb broadband. Ada satu broadband tak menjadi, kemudian aku reflash balik, baru buleh berfungsi.... Aku confuse samada virus tersebut datangnya dari broadband, atau pen-dajal-lan dr member2 semasa aku AFK... Adakah mungkin virus boleh merebak melalui usb broadband? Ada sesetengah forumer kata Rootkit Revealer dah tak boleh pakai dah... So cuba usha n delete sendiri2 dengan menggunakan RKU dan OTL by OldTimer... Di bawah ini pula adalah hasil dari imbasan RootkitRevealer tu dan apa harus dilakukan. Harap dapat kerjasama dari otai2 semua... [code] HKU\S-1-5-21-1614895754-1229272821-1177238915-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL 4/15/2012 12:30 AM 73 bytes Data mismatch between Windows API and raw hive data. HKLM\SECURITY\Policy\Secrets\SAC* 4/13/2012 7:53 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 4/13/2012 7:53 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell 4/15/2012 4:30 AM 0 bytes Security mismatch. HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{F2AFF57D-80AD-424C-98CB-061C828B1287}\Icon 9/19/2012 3:50 AM 45 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{F2AFF57D-80AD-424C-98CB-061C828B1287}\Icon 9/19/2012 3:50 AM 45 bytes Data mismatch between Windows API and raw hive data. [/code] [quote name='dvdbane' timestamp='1347687611' post='1084559'] nk tnye act ko nk buat ap?? ni soklan ke-3...lepas ni ak da xtnye da ko nk buat pe...hahaha warna kuning tu,file tu missing..xde dlm pc warna pink,xle nk verified publisher klu bnyk sgt pink,bleh right click 1 by 1 pastu search online tp klu tunjuk screenshot kat sni pon,ok gak ak xde lgsg driver yg pink,kuning ad la ko pkai windows 7 64 bit ke? [/quote] Edited September 20, 2012 by KAVA Quote Share this post Link to post Share on other sites
Ramzi Bin Bakri 5 Report post Posted September 23, 2012 [quote name='dvdbane' timestamp='1346704474' post='1084237'] state= all bkn ke tunjuk sume?active x active sume die tunjuk btw,nk buat pe ek gne cmd utk check list services? slalu klu ak gne sc ni pon time nk delete "malware" punye services je yg xnmpk/xle scroll tu limitation kat cmd [/quote] Aku tertarik dengan statement nak delete malware ni. share sikit bro. mcm mana nak detect malware dengan SC ni. nak masuk ke CMD aku tau. Just nak tau mcm mana nak detect dan buang malware. Makasih. Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted September 25, 2012 (edited) @KAVA tq sbb jawab soklan ak.. Rootkit Revealer still bleh pkai tp utk threat yg baru,die mgkin xdpt detect psl da lme sgt xupdate better try Gmer/AswMBR klu yakin kne rootkit dan tau care nk gne tool ni nk sng,try Malwarebytes/SuperAntiSpyware klu gne OTL pon ok gak klu lepas gne spoiler,ltak log kat spoiler xpon upload je file log tu ke mediafire try gak buat sfc /scannow tuts kat [url="http://www.bleepingcomputer.com/forums/topic43051.html"]sni[/url] @mrRemz ooo...bkn detect..lbih kpd delete service supaya file malware tu kte bleh delete certain malware yg ak jmpe die protect diri die dgn buat service dgn startup entry ble delete reg entry dan end process die,suppose da bleh delete fail tu manually tp xbleh kdg2 ble kte end process,die ttbe restart ptotnye die xkn start da psl reg entry startup da delete tp ttp hidup gak kdg2 Task Manager xle nk run (ni zaman gne Task Manager) last2 ak jmpe Process Explorer...ble gne PE ni bru la ak dpt detect ad 1 file tu die run sbg services dan tahap system so,ble nk delete xlepas nk stop service,xbleh jmpe command ni,so gne la command ni utk delete service tu skang da xpkai da...ahhahaha skang lbih kpd auto je..da mls buat manual Mbam dan SAS p/s : panjangnye..sori Edited September 25, 2012 by dvdbane Quote Share this post Link to post Share on other sites