* Arcade    FAQSearchLogin
Register
It is currently Sun Jul 05, 2009 5:01 am

View unanswered posts | View active topics


Board index » Security Awareness Program » AMIR Log Analysis

All times are UTC + 5:30 hours [ DST ]


Welcome
Welcome to <strong>Malware Analysis Forum</strong>.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, <a href="/profile.php?mode=register">join our community today</a>!

Forum rules


You can post AMIR logs but we also accept HijackThis Logs as well for analysis.



Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view | E-mail friend Previous topic | Next topic 
Author Message
Guest
 Post subject: System Log
PostPosted: Mon Nov 17, 2008 12:12 am 
******************************************
11/16/2008 11:11:10 PM
Advance Malware Identification & Removal
Copyright 2008 - MalwareInfo.Org
Developed By - Rajdeep Chakraborty
******************************************

Complete Scan
***********************
Process -> smss.exe:496 - c:\windows\system32\smss.exe - [MICROSOFT CORPORATION]
Process -> winlogon.exe:568 - c:\windows\system32\winlogon.exe - [MICROSOFT CORPORATION]
Process -> services.exe:612 - c:\windows\system32\services.exe - [MICROSOFT CORPORATION]
Process -> lsass.exe:624 - c:\windows\system32\lsass.exe - [MICROSOFT CORPORATION]
Process -> svchost.exe:780 - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Process -> svchost.exe:920 - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Process -> vmsrvc.exe:1208 - c:\program files\virtual machine additions\vmsrvc.exe - [MICROSOFT CORPORATION]
Process -> vpcmap.exe:1532 - c:\program files\virtual machine additions\vpcmap.exe - [MICROSOFT CORPORATION]
Process -> vmusrvc.exe:2008 - c:\program files\virtual machine additions\vmusrvc.exe - [MICROSOFT CORPORATION]
Process -> fdm.exe:2024 - c:\program files\free download manager\fdm.exe - [FREEDOWNLOADMANAGER.ORG]
Process -> conf.exe:2040 - c:\program files\netmeeting\conf.exe - [MICROSOFT CORPORATION]
Process -> rundll32.exe:164 - c:\windows\system32\rundll32.exe - [MICROSOFT CORPORATION]
Process -> svchost.exe:428 - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Process -> dllhost.exe:1964 - c:\windows\system32\dllhost.exe - [MICROSOFT CORPORATION]
Process -> svchost.exe:1572 - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Process -> explorer.exe:724 - c:\windows\explorer.exe - [MICROSOFT CORPORATION]
Process -> firefox.exe:1392 - c:\program files\mozilla firefox\firefox.exe - [MOZILLA CORPORATION]
Process -> iexplore.exe:1720 - c:\program files\internet explorer\iexplore.exe - [MICROSOFT CORPORATION]
Process -> AMIR.exe:176 - e:\vb6 projects\malware scanner\amir.exe - [MALWAREINFO.ORG]
Driver -> vmsrvc.sys - c:\windows\system32\drivers\vmsrvc.sys - [MICROSOFT CORPORATION]
Driver -> vmsrvc.sys - c:\windows\system32\drivers\vmsrvc.sys - [MICROSOFT CORPORATION]
Driver -> ACPI.sys - c:\windows\system32\drivers\acpi.sys - [MICROSOFT CORPORATION]
Driver -> ACPIEC.sys - c:\windows\system32\drivers\acpiec.sys - [MICROSOFT CORPORATION]
Driver -> aec.sys - c:\windows\system32\drivers\aec.sys - [MICROSOFT CORPORATION]
Driver -> afd.sys - c:\windows\system32\drivers\afd.sys - [MICROSOFT CORPORATION]
Driver -> afd.sys - c:\windows\system32\drivers\afd.sys - [MICROSOFT CORPORATION]
Driver -> asyncmac.sys - c:\windows\system32\drivers\asyncmac.sys - [MICROSOFT CORPORATION]
Driver -> atapi.sys - c:\windows\system32\drivers\atapi.sys - [MICROSOFT CORPORATION]
Driver -> atapi.sys - c:\windows\system32\drivers\atapi.sys - [MICROSOFT CORPORATION]
Driver -> atmarpc.sys - c:\windows\system32\drivers\atmarpc.sys - [MICROSOFT CORPORATION]
Driver -> audstub.sys - c:\windows\system32\drivers\audstub.sys - [MICROSOFT CORPORATION]
Driver -> Beep.sys - c:\windows\system32\drivers\beep.sys - [MICROSOFT CORPORATION]
Driver -> cbidf2k.sys - c:\windows\system32\drivers\cbidf2k.sys - [MICROSOFT CORPORATION]
Driver -> Cdaudio.sys - c:\windows\system32\drivers\cdaudio.sys - [MICROSOFT CORPORATION]
Driver -> Cdfs.sys - c:\windows\system32\drivers\cdfs.sys - [MICROSOFT CORPORATION]
Driver -> cdrom.sys - c:\windows\system32\drivers\cdrom.sys - [MICROSOFT CORPORATION]
Driver -> cdrom.sys - c:\windows\system32\drivers\cdrom.sys - [MICROSOFT CORPORATION]
Driver -> ctlsb16.sys - c:\windows\system32\drivers\ctlsb16.sys - [COPYRIGHT (C) CREATIVE TECHNOLOGY LTD. 1994-2001]
Driver -> ctlsb16.sys - c:\windows\system32\drivers\ctlsb16.sys - [COPYRIGHT (C) CREATIVE TECHNOLOGY LTD. 1994-2001]
Driver -> dc21x4.sys - c:\windows\system32\drivers\dc21x4.sys - [INTEL CORPORATION.]
Driver -> disk.sys - c:\windows\system32\drivers\disk.sys - [MICROSOFT CORPORATION]
Driver -> dmboot.sys - c:\windows\system32\drivers\dmboot.sys - [MICROSOFT CORP., VERITAS SOFTWARE]
Driver -> dmio.sys - c:\windows\system32\drivers\dmio.sys - [MICROSOFT CORP., VERITAS SOFTWARE]
Driver -> dmload.sys - c:\windows\system32\drivers\dmload.sys - [MICROSOFT CORP., VERITAS SOFTWARE.]
Driver -> DMusic.sys - c:\windows\system32\drivers\dmusic.sys - [MICROSOFT CORPORATION]
Driver -> drmkaud.sys - c:\windows\system32\drivers\drmkaud.sys - [MICROSOFT CORPORATION]
Driver -> Fastfat.sys - c:\windows\system32\drivers\fastfat.sys - [MICROSOFT CORPORATION]
Driver -> fdc.sys - c:\windows\system32\drivers\fdc.sys - [MICROSOFT CORPORATION]
Driver -> Fips.sys - c:\windows\system32\drivers\fips.sys - [MICROSOFT CORPORATION]
Driver -> flpydisk.sys - c:\windows\system32\drivers\flpydisk.sys - [MICROSOFT CORPORATION]
Driver -> fltmgr.sys - c:\windows\system32\drivers\fltmgr.sys - [MICROSOFT CORPORATION]
Driver -> ftdisk.sys - c:\windows\system32\drivers\ftdisk.sys - [MICROSOFT CORPORATION]
Driver -> gameenum.sys - c:\windows\system32\drivers\gameenum.sys - [MICROSOFT CORPORATION]
Driver -> msgpc.sys - c:\windows\system32\drivers\msgpc.sys - [MICROSOFT CORPORATION]
Driver -> msgpc.sys - c:\windows\system32\drivers\msgpc.sys - [MICROSOFT CORPORATION]
Driver -> HTTP.sys - c:\windows\system32\drivers\http.sys - [MICROSOFT CORPORATION]
Driver -> HTTP.sys - c:\windows\system32\drivers\http.sys - [MICROSOFT CORPORATION]
Driver -> i8042prt.sys - c:\windows\system32\drivers\i8042prt.sys - [MICROSOFT CORPORATION]
Driver -> imapi.sys - c:\windows\system32\drivers\imapi.sys - [MICROSOFT CORPORATION]
Driver -> intelide.sys - c:\windows\system32\drivers\intelide.sys - [MICROSOFT CORPORATION]
Driver -> ip6fw.sys - c:\windows\system32\drivers\ip6fw.sys - [MICROSOFT CORPORATION]
Driver -> ipfltdrv.sys - c:\windows\system32\drivers\ipfltdrv.sys - [MICROSOFT CORPORATION]
Driver -> ipinip.sys - c:\windows\system32\drivers\ipinip.sys - [MICROSOFT CORPORATION]
Driver -> ipnat.sys - c:\windows\system32\drivers\ipnat.sys - [MICROSOFT CORPORATION]
Driver -> ipsec.sys - c:\windows\system32\drivers\ipsec.sys - [MICROSOFT CORPORATION]
Driver -> irenum.sys - c:\windows\system32\drivers\irenum.sys - [MICROSOFT CORPORATION]
Driver -> isapnp.sys - c:\windows\system32\drivers\isapnp.sys - [MICROSOFT CORPORATION]
Driver -> kbdclass.sys - c:\windows\system32\drivers\kbdclass.sys - [MICROSOFT CORPORATION]
Driver -> kmixer.sys - c:\windows\system32\drivers\kmixer.sys - [MICROSOFT CORPORATION]
Driver -> KSecDD.sys - c:\windows\system32\drivers\ksecdd.sys - [MICROSOFT CORPORATION]
Driver -> mnmdd.sys - c:\windows\system32\drivers\mnmdd.sys - [MICROSOFT CORPORATION]
Driver -> Modem.sys - c:\windows\system32\drivers\modem.sys - [MICROSOFT CORPORATION]
Driver -> mouclass.sys - c:\windows\system32\drivers\mouclass.sys - [MICROSOFT CORPORATION]
Driver -> MountMgr.sys - c:\windows\system32\drivers\mountmgr.sys - [MICROSOFT CORPORATION]
Driver -> MountMgr.sys - c:\windows\system32\drivers\mountmgr.sys - [MICROSOFT CORPORATION]
Driver -> mrxdav.sys - c:\windows\system32\drivers\mrxdav.sys - [MICROSOFT CORPORATION]
Driver -> mrxsmb.sys - c:\windows\system32\drivers\mrxsmb.sys - [MICROSOFT CORPORATION]
Driver -> MRxVPC.sys - c:\windows\system32\drivers\mrxvpc.sys - [MICROSOFT CORPORATION]
Driver -> Msfs.sys - c:\windows\system32\drivers\msfs.sys - [MICROSOFT CORPORATION]
Driver -> MSKSSRV.sys - c:\windows\system32\drivers\mskssrv.sys - [MICROSOFT CORPORATION]
Driver -> MSPCLOCK.sys - c:\windows\system32\drivers\mspclock.sys - [MICROSOFT CORPORATION]
Driver -> MSPQM.sys - c:\windows\system32\drivers\mspqm.sys - [MICROSOFT CORPORATION]
Driver -> mssmbios.sys - c:\windows\system32\drivers\mssmbios.sys - [MICROSOFT CORPORATION]
Driver -> msvmmouf.sys - c:\windows\system32\drivers\msvmmouf.sys - [MICROSOFT CORPORATION]
Driver -> Mup.sys - c:\windows\system32\drivers\mup.sys - [MICROSOFT CORPORATION]
Driver -> NDIS.sys - c:\windows\system32\drivers\ndis.sys - [MICROSOFT CORPORATION]
Driver -> ndistapi.sys - c:\windows\system32\drivers\ndistapi.sys - [MICROSOFT CORPORATION]
Driver -> ndisuio.sys - c:\windows\system32\drivers\ndisuio.sys - [MICROSOFT CORPORATION]
Driver -> ndiswan.sys - c:\windows\system32\drivers\ndiswan.sys - [MICROSOFT CORPORATION]
Driver -> NDProxy.sys - c:\windows\system32\drivers\ndproxy.sys - [MICROSOFT CORPORATION]
Driver -> netbios.sys - c:\windows\system32\drivers\netbios.sys - [MICROSOFT CORPORATION]
Driver -> netbt.sys - c:\windows\system32\drivers\netbt.sys - [MICROSOFT CORPORATION]
Driver -> NMnt.sys - c:\windows\system32\drivers\nmnt.sys - [MICROSOFT CORPORATION]
Driver -> npf.sys - c:\windows\system32\drivers\npf.sys - [CACE TECHNOLOGIES]
Driver -> Npfs.sys - c:\windows\system32\drivers\npfs.sys - [MICROSOFT CORPORATION]
Driver -> Ntfs.sys - c:\windows\system32\drivers\ntfs.sys - [MICROSOFT CORPORATION]
Driver -> Null.sys - c:\windows\system32\drivers\null.sys - [MICROSOFT CORPORATION]
Driver -> nwlnkflt.sys - c:\windows\system32\drivers\nwlnkflt.sys - [MICROSOFT CORPORATION]
Driver -> nwlnkfwd.sys - c:\windows\system32\drivers\nwlnkfwd.sys - [MICROSOFT CORPORATION]
Driver -> parport.sys - c:\windows\system32\drivers\parport.sys - [MICROSOFT CORPORATION]
Driver -> PartMgr.sys - c:\windows\system32\drivers\partmgr.sys - [MICROSOFT CORPORATION]
Driver -> ParVdm.sys - c:\windows\system32\drivers\parvdm.sys - [MICROSOFT CORPORATION]
Driver -> pci.sys - c:\windows\system32\drivers\pci.sys - [MICROSOFT CORPORATION]
Driver -> pci.sys - c:\windows\system32\drivers\pci.sys - [MICROSOFT CORPORATION]
Driver -> Pcmcia.sys - c:\windows\system32\drivers\pcmcia.sys - [MICROSOFT CORPORATION]
Driver -> raspptp.sys - c:\windows\system32\drivers\raspptp.sys - [MICROSOFT CORPORATION]
Driver -> psched.sys - c:\windows\system32\drivers\psched.sys - [MICROSOFT CORPORATION]
Driver -> ptilink.sys - c:\windows\system32\drivers\ptilink.sys - [PARALLEL TECHNOLOGIES, INC.]
Driver -> ptilink.sys - c:\windows\system32\drivers\ptilink.sys - [PARALLEL TECHNOLOGIES, INC.]
Driver -> rasacd.sys - c:\windows\system32\drivers\rasacd.sys - [MICROSOFT CORPORATION]
Driver -> rasl2tp.sys - c:\windows\system32\drivers\rasl2tp.sys - [MICROSOFT CORPORATION]
Driver -> raspppoe.sys - c:\windows\system32\drivers\raspppoe.sys - [MICROSOFT CORPORATION]
Driver -> raspti.sys - c:\windows\system32\drivers\raspti.sys - [MICROSOFT CORPORATION]
Driver -> rdbss.sys - c:\windows\system32\drivers\rdbss.sys - [MICROSOFT CORPORATION]
Driver -> RDPCDD.sys - c:\windows\system32\drivers\rdpcdd.sys - [MICROSOFT CORPORATION]
Driver -> rdpdr.sys - c:\windows\system32\drivers\rdpdr.sys - [MICROSOFT CORPORATION]
Driver -> RDPWD.sys - c:\windows\system32\drivers\rdpwd.sys - [MICROSOFT CORPORATION]
Driver -> redbook.sys - c:\windows\system32\drivers\redbook.sys - [MICROSOFT CORPORATION]
Driver -> s3legacy.sys - c:\windows\system32\drivers\s3legacy.sys - [MICROSOFT CORPORATION]
Driver -> secdrv.sys - c:\windows\system32\drivers\secdrv.sys - [MACROVISION CORPORATION, MACROVISION EUROPE LIMITED, AND MACROVISION JAPAN AND ASIA K.K.]
Driver -> serenum.sys - c:\windows\system32\drivers\serenum.sys - [MICROSOFT CORPORATION]
Driver -> serial.sys - c:\windows\system32\drivers\serial.sys - [MICROSOFT CORPORATION]
Driver -> Sfloppy.sys - c:\windows\system32\drivers\sfloppy.sys - [MICROSOFT CORPORATION]
Driver -> splitter.sys - c:\windows\system32\drivers\splitter.sys - [MICROSOFT CORPORATION]
Driver -> sr.sys - c:\windows\system32\drivers\sr.sys - [MICROSOFT CORPORATION]
Driver -> srv.sys - c:\windows\system32\drivers\srv.sys - [MICROSOFT CORPORATION]
Driver -> swenum.sys - c:\windows\system32\drivers\swenum.sys - [MICROSOFT CORPORATION]
Driver -> swmidi.sys - c:\windows\system32\drivers\swmidi.sys - [MICROSOFT CORPORATION]
Driver -> sysaudio.sys - c:\windows\system32\drivers\sysaudio.sys - [MICROSOFT CORPORATION]
Driver -> tcpip.sys - c:\windows\system32\drivers\tcpip.sys - [MICROSOFT CORPORATION]
Driver -> TDPIPE.sys - c:\windows\system32\drivers\tdpipe.sys - [MICROSOFT CORPORATION]
Driver -> TDTCP.sys - c:\windows\system32\drivers\tdtcp.sys - [MICROSOFT CORPORATION]
Driver -> termdd.sys - c:\windows\system32\drivers\termdd.sys - [MICROSOFT CORPORATION]
Driver -> termdd.sys - c:\windows\system32\drivers\termdd.sys - [MICROSOFT CORPORATION]
Driver -> Udfs.sys - c:\windows\system32\drivers\udfs.sys - [MICROSOFT CORPORATION]
Driver -> update.sys - c:\windows\system32\drivers\update.sys - [MICROSOFT CORPORATION]
Driver -> vga.sys - c:\windows\system32\drivers\vga.sys - [MICROSOFT CORPORATION]
Driver -> vga.sys - c:\windows\system32\drivers\vga.sys - [MICROSOFT CORPORATION]
Driver -> VolSnap.sys - c:\windows\system32\drivers\volsnap.sys - [MICROSOFT CORPORATION]
Driver -> vpc-s3.sys - c:\windows\system32\drivers\vpc-s3.sys - [MICROSOFT CORPORATION]
Driver -> wanarp.sys - c:\windows\system32\drivers\wanarp.sys - [MICROSOFT CORPORATION]
Driver -> wdmaud.sys - c:\windows\system32\drivers\wdmaud.sys - [MICROSOFT CORPORATION]
Service -> Virtual Machine Additions Services Application <vmsrvc.exe> - c:\program files\virtual machine additions\vmsrvc.exe - [MICROSOFT CORPORATION]
Service -> Alerter <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Application Layer Gateway Service <alg.exe> - c:\windows\system32\alg.exe - [MICROSOFT CORPORATION]
Service -> Application Management <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Windows Audio <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Background Intelligent Transfer Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Computer Browser <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Indexing Service <cisvc.exe> - c:\windows\system32\cisvc.exe - [MICROSOFT CORPORATION]
Service -> ClipBook <clipsrv.exe> - c:\windows\system32\clipsrv.exe - [MICROSOFT CORPORATION]
Service -> COM+ System Application <dllhost.exe> - c:\windows\system32\dllhost.exe - [MICROSOFT CORPORATION]
Service -> Cryptographic Services <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> DCOM Server Process Launcher <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> DHCP Client <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Logical Disk Manager Administrative Service <dmadmin.exe> - c:\windows\system32\dmadmin.exe - [MICROSOFT CORP., VERITAS SOFTWARE]
Service -> Logical Disk Manager <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> DNS Client <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Wired AutoConfig <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Extensible Authentication Protocol Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Error Reporting Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Event Log <services.exe> - c:\windows\system32\services.exe - [MICROSOFT CORPORATION]
Service -> COM+ Event System <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Fast User Switching Compatibility <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Help and Support <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Human Interface Device Access <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Health Key and Certificate Management Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> HTTP SSL <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> IMAPI CD-Burning COM Service <imapi.exe> - c:\windows\system32\imapi.exe - [MICROSOFT CORPORATION]
Service -> Server <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Workstation <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> TCP/IP NetBIOS Helper <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Messenger <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> NetMeeting Remote Desktop Sharing <mnmsrvc.exe> - c:\windows\system32\mnmsrvc.exe - [MICROSOFT CORPORATION]
Service -> Distributed Transaction Coordinator <msdtc.exe> - c:\windows\system32\msdtc.exe - [MICROSOFT CORPORATION]
Service -> Windows Installer <msiexec.exe> - c:\windows\system32\msiexec.exe - [MICROSOFT CORPORATION]
Service -> Network Access Protection Agent <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Network DDE <netdde.exe> - c:\windows\system32\netdde.exe - [MICROSOFT CORPORATION]
Service -> Network DDE DSDM <netdde.exe> - c:\windows\system32\netdde.exe - [MICROSOFT CORPORATION]
Service -> Net Logon <lsass.exe> - c:\windows\system32\lsass.exe - [MICROSOFT CORPORATION]
Service -> Network Connections <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Network Location Awareness (NLA) <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> NT LM Security Support Provider <lsass.exe> - c:\windows\system32\lsass.exe - [MICROSOFT CORPORATION]
Service -> Removable Storage <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Plug and Play <services.exe> - c:\windows\system32\services.exe - [MICROSOFT CORPORATION]
Service -> IPSEC Services <lsass.exe> - c:\windows\system32\lsass.exe - [MICROSOFT CORPORATION]
Service -> Protected Storage <lsass.exe> - c:\windows\system32\lsass.exe - [MICROSOFT CORPORATION]
Service -> Remote Access Auto Connection Manager <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Remote Access Connection Manager <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Remote Desktop Help Session Manager <sessmgr.exe> - c:\windows\system32\sessmgr.exe - [MICROSOFT CORPORATION]
Service -> Routing and Remote Access <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Remote Registry <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Remote Packet Capture Protocol v.0 (experimental) <rpcapd.exe> - c:\program files\winpcap\rpcapd.exe - [CACE TECHNOLOGIES]
Service -> Remote Procedure Call (RPC) Locator <locator.exe> - c:\windows\system32\locator.exe - [MICROSOFT CORPORATION]
Service -> Remote Procedure Call (RPC) <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> QoS RSVP <rsvp.exe> - c:\windows\system32\rsvp.exe - [MICROSOFT CORPORATION]
Service -> Security Accounts Manager <lsass.exe> - c:\windows\system32\lsass.exe - [MICROSOFT CORPORATION]
Service -> Smart Card <SCardSvr.exe> - c:\windows\system32\scardsvr.exe - [MICROSOFT CORPORATION]
Service -> Task Scheduler <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Secondary Logon <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> System Event Notification <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Windows Firewall/Internet Connection Sharing (ICS) <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Shell Hardware Detection <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Print Spooler <spoolsv.exe> - c:\windows\system32\spoolsv.exe - [MICROSOFT CORPORATION]
Service -> System Restore Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> SSDP Discovery Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Windows Image Acquisition (WIA) <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> MS Software Shadow Copy Provider <dllhost.exe> - c:\windows\system32\dllhost.exe - [MICROSOFT CORPORATION]
Service -> Performance Logs and Alerts <smlogsvc.exe> - c:\windows\system32\smlogsvc.exe - [MICROSOFT CORPORATION]
Service -> Telephony <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Terminal Services <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Themes <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Telnet <tlntsvr.exe> - c:\windows\system32\tlntsvr.exe - [MICROSOFT CORPORATION]
Service -> Distributed Link Tracking Client <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Universal Plug and Play Device Host <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Uninterruptible Power Supply <ups.exe> - c:\windows\system32\ups.exe - [MICROSOFT CORPORATION]
Service -> Virtual Machine Additions Shared Folder Service <vpcmap.exe> - c:\program files\virtual machine additions\vpcmap.exe - [MICROSOFT CORPORATION]
Service -> Volume Shadow Copy <vssvc.exe> - c:\windows\system32\vssvc.exe - [MICROSOFT CORPORATION]
Service -> Windows Time <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> WebClient <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Windows Management Instrumentation <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Portable Media Serial Number Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Windows Management Instrumentation Driver Extensions <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> WMI Performance Adapter <wmiapsrv.exe> - c:\windows\system32\wbem\wmiapsrv.exe - [MICROSOFT CORPORATION]
Service -> Security Center <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Automatic Updates <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Wireless Zero Configuration <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
Service -> Network Provisioning Service <svchost.exe> - c:\windows\system32\svchost.exe - [MICROSOFT CORPORATION]
BHO -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll - [ADOBE SYSTEMS INCORPORATED]
BHO -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll - []
HKLM\..\Run -> VMUserServices - c:\program files\virtual machine additions\vmusrvc.exe - [MICROSOFT CORPORATION]
HKLM\..\Run -> Adobe Reader Speed Launcher - c:\program files\adobe\reader 8.0\reader\reader_sl.exe - [ADOBE SYSTEMS INCORPORATED]
HKCU\..\Run -> Free Download Manager - c:\program files\free download manager\fdm.exe - [FREEDOWNLOADMANAGER.ORG]
HKCU\..\Run -> Microsoft NetMeeting - c:\program files\netmeeting\conf.exe - [MICROSOFT CORPORATION]

******************************************
Learn Malware Analysis @
http://www.malwareinfo.org
http://www.malwareanalysis.org
******************************************


Report this post
Top
  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » Security Awareness Program » AMIR Log Analysis

All times are UTC + 5:30 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Donate Now
Donate Now
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Hosted by Freeforums.org