|
|
#1
June 27th, 2006, 08:17 PM
|
|||
|
|||
List of Files to check
Does anyone have a list of the best files that one should check and monitor?
|
|
#2
August 6th, 2006, 01:00 PM
|
||||
|
||||
|
Re: List of Files to check
Hi dannyboy
Here's part of my list i monitor,you should also monitor the important files of your security software aswell. My list probably isn't complete by any means,but it'll give a good start. I have Win XP SP2 Home Ed. I'm useing RegWatcher as my file monitor (without it monitoring the registry,i have RegDefend for that) as it's really customisable and it allows you to keep an eye on files/folders that don't exist,it also uses minimal resources,scanning the list below plus all my security program files (which i haven't included in the list) it uses 1% CPU. I haven't found a dedicated file monitor with the same features and same resource usage yet,that why i use RegWatcher. %bootdrv% = C:\ Folder %windir% = C:\WINDOWS Folder %system% = C:\WINDOWS\SYSTEM32\ Folder * = Wild Card - for use with files  = Wild Card - for use with folders& = Means it is additionally checks for hidden/new files every 30 sweeps (customizable). # = I've started adding comments for the files,what they're used for,good and bad,as it's quite hard remembering why you added all these files/folders. %bootdrv%autoexec.bat %bootdrv%boot.ini %bootdrv%config.sys %bootdrv%desktop.ini %bootdrv%explorer.exe %bootdrv%io.sys %bootdrv%msdos.sys %bootdrv%ntdetect.com %bootdrv%ntldr %bootdrv%documents and settings\ \start menu\programs\startup&%bootdrv%*.com #Below is the "Global" Startup folder. %windir%all users\start menu\startup %windir%bootstat.dat %windir%dosstart.bat %windir%explorer.exe %windir%hosts %windir%regedit.exe %windir%snoopfreedll.dll %windir%snoopfreeui.exe %windir%system.ini %windir%taskman.exe %windir%win.ini %windir%wininit.ini %windir%winstart.bat &%windir%*.com # The folder below contains all .inf/.PNF files. &%windir%inf # The file below contains all the default settings for Internet Explorer. %windir%inf\iereset.inf #Below is a known Autostart folder. %windir%start menu\programs\startup &%windir%tasks\ashSimp2.job &%windir%tasks\desktop.ini # The file below stores the User Account information. %system%activeds.tlb %system%adsldpc.dll %system%advapi32.dll %system%alg.exe %system%autoexec.nt # The 2 files below are part of the AutoExNT Service,which allows you to start a custom batch file 'Autoexnt.bat' when you start a computer - without having to login. %system%Autoexnt.bat %system%Autoexnt.exe %system%bootok.exe %system%bootvrfy.exe %system%chcp.com # The next 8 files are part of CHI-X 3.0 beta. %system%chxcnsrv.exe %system%chxlogsv.exe %system%chxlssnp.dll %system%chxmain.dll %system%chxpfsnp.dll %system%chxpldsnp.dll %system%chxrmtsv.exe %system%chxservices.dll %system%cmd.exe %system%comctl32.dll %system%command.com %system%config.nt %system%csh.exe %system%ctl3d32.dll # The file below is used by DiamondCS's PortExplorer %system%dcsws2.dll %system%drwatson.exe %system%drwtsn32.exe %system%files.ic %system%ftp.exe # The next 6 files are part of CHI-X 3.0 beta. %system%fsadapters.dll %system%fsfileops.dll %system%fsobjlists.dll %system%fspfrules.dll %system%fspldrules.dll %system%fsservices.dll %system%gdi.exe %system%gdi32.dll %system%gui32.dll %system%hal.dll %system%icmp.dll # A modification to the following file can disable 'Active Desktop'. %system%ieuinit.inf %system%integritychecker.exe # The folder below is a known startup location. %system%iosubsys %system%ipconfig.exe %system%iphlpapi.dll %system%java.exe %system%javaw.exe %system%javaws.exe %system%jpicpl32.cpl %system%kernel32.dll %system%lsadump2.exe %system%lsass.exe %system%mfc42.dll %system%msgina.dll %system%mshta.exe %system%msiexec.exe %system%msv1_0.dll %system%mswsock.dll %system%nc.exe %system%net.exe %system%net1.exe %system%netapi.dll %system%netmsg.dll %system%netstat.exe %system%ntdll.dll %system%ntoskrnl.exe %system%oleaut32.dll %system%perl.exe %system%plnt.exe %system%procguard.dll %system%pwdump.exe %system%rcmd.exe %system%regedt32.exe %system%regsvr32.exe %system%riched20.dll %system%rundll32.exe %system%secur32.dll %system%services.exe # The file below is part of the AutoExNT Service,which allows you to start a custom batch file 'Autoexnt.bat' when you start a computer - without having to login. %system%Servmess.dll %system%setupapi.dll # The next 4 files are part of Windows System File Protection. %system%sfc.dll %system%sfc.exe %system%sfc_os.dll %system%sfcfiles.dll %system%shdocvw.dll %system%shell.dll %system%shell32.dll %system%smss.exe %system%snoopfreesvc.exe %system%svchost.exe %system%sysedit.exe %system%systray.exe %system%taskman.exe %system%taskmgr.exe # The next file is part of CHI-X 3.0 beta. %system%tcpudptables.dll %system%telnet.exe %system%tftp.exe %system%userinit.exe %system%user32.dll # The folder below is a known startup location. %system%vmm32 %system%wgalogon.dll # There is a worm that goes by the same name as the file below. %system%wgatray.exe %system%win32k.sys %system%winlogon.exe %system%wininet.dll %system%winsock.dll %system%winsrv.dll %system%ws2_32.dll %system%wscript.exe %system%wsh.exe %system%wsock32.dll &%system%*.com &%system%drivers %system%drivers\etc # The folder below contains files belonging to Zone Alarm. %system%zonelabs
__________________
Best Regards, TonyJL I am prepared to meet my Maker. Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Sir Winston Churchill, on the eve of his 75th birthday British politician (1874 - 1965) |
|
#5
April 5th, 2007, 07:16 PM
|
||||
|
||||
|
Re: List of Files to check
Hi AintGeo.
eabservr.exe is the executable that manages Easy Access Buttons control panel on Compaq laptop computers. I personally don't see the point in monitoring it,but if you want to... Have a read here - http://www.processlibrary.com/direct...s=eabservr.exe and here - http://www.internetsecurityzone.com/...eabservr%2Eexe
__________________
Best Regards, TonyJL I am prepared to meet my Maker. Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Sir Winston Churchill, on the eve of his 75th birthday British politician (1874 - 1965) |
|
#6
April 6th, 2007, 06:32 AM
|
|||
|
|||
Re: List of Files to check
I might need that. My computer won't install MS updates. It refused to log off and restart. I tried to set to MediaPlayer 10 and got MediaPlayer 9. I found a difference in my Kerio firewall. "capture.bin" "install.log". posting elsewhere...
|
|
#7
May 17th, 2007, 03:14 AM
|
|||
|
|||
|
Re: List of Files to check
so many files
|
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
