search

BillyONeal / Instalog

Windows malware analysis logging tool.
Other
14 stars 5 forks source link

Incomplete output on Jeffce's vista machine #19

Closed BillyONeal closed 9 years ago

BillyONeal commented 10 years ago

From Jeffce:

Wow Billy!!! That is fast! :)

I ran this twice on a Win Vista 32bit with Admin and go the following....Looks like it is not a complete log??

Instalog 0.0.2.0 Run By JTSM on 2013-12-03 21:16:58.0860 [GMT -5:00] IE: 9.0.8112.16421 Flash: 11.9.900.117 Windows Vista Home Basic Edition x86 6.0.6002.2 1223/3072 MB Free

================ Running Processes ===============

C:\Windows\System32\Lsm.exe C:\Windows\System32\Winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program files\Emsisoft anti-malware\A2service.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program files\Comodo\Comodo internet security\Cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\Audiodg.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\System32\Slsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\Wltrysvc.exe C:\Windows\System32\Wlanext.exe C:\Windows\System32\Bcmwltry.exe C:\Windows\System32\Spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\Dwm.exe C:\Windows\Explorer.exe C:\Windows\System32\Wltray.exe C:\Program files\Intel\Intel matrix storage manager\Iaanotif.exe C:\Windows\System32\Igfxtray.exe C:\Windows\System32\Hkcmd.exe C:\Windows\System32\Igfxpers.exe C:\Program files\Sigmatel\C-major audio\Wdm\Sttray.exe C:\Windows\System32\Igfxsrvc.exe C:\Windows\System32\Aestsrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program files\Intel\Intel matrix storage manager\Iaantmon.exe C:\Program files\Kaspersky lab\Kaspersky security scan 2.0\Kss.exe C:\Program files\Malwarebytes' anti-malware\Mbamscheduler.exe C:\Program files\Malwarebytes' anti-malware\Mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\Stacsv.exe C:\Program files\Malwarebytes' anti-malware\Mbamgui.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program files\Tomtom home 2\Tomtomhomeservice.exe C:\Windows\System32\Vmnat.exe C:\Program files\Windows media player\Wmpnetwk.exe C:\Windows\System32\Searchindexer.exe C:\Windows\System32\Drivers\Xaudio.exe C:\Program files\Vmware\Vmware player\Vmware-authd.exe C:\Windows\System32\Vmnetdhcp.exe C:\Program files\Common files\Vmware\Usb\Vmware-usbarbitrator.exe C:\Program files\Keyscrambler\Keyscrambler.exe C:\Program files\Emsisoft anti-malware\A2guard.exe C:\Users\Jtsm\Appdata\Local\Fluxsoftware\Flux\Flux.exe C:\Program files\Comodo\Comodo internet security\Cavwp.exe C:\Windows\System32\Taskeng.exe C:\Program files\Google\Update\1.3.21.165\Googlecrashhandler.exe C:\Windows\System32\Taskeng.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe E:\Kand\K39.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Program files\Google\Chrome\Application\Chrome.exe C:\Windows\System32\Dllhost.exe C:\Windows\System32\Dllhost.exe C:\Users\Jtsm\Desktop\Instalog_0.0.2.0_x86.exe

================ Pseudo HijackThis ===============

AV: [{8504DEEF-CC04-1F76-2137-F1A5F4A659DA}] E Emsisoft Anti-Malware FW: [{8F7746F7-FE68-E084-3B6C-7404A51E8FB3}] EO COMODO Firewall AS: [{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}] DU Windows Defender AS: [{3E653F0B-EA3E-10F8-1B87-CAD78F211367}] E Emsisoft Anti-Malware AS: [{0C2D2636-923D-EE52-2A83-E643204A8275}] DO COMODO Antivirus DefaultPageUrl: htt#p://go.microsoft.com/fwlink/?LinkId=69157 DefaultSearchUrl: htt#p://go.microsoft.com/fwlink/?LinkId=54896 LocalPage: C:\Windows\System32\blank.htm StartPage: htt#p://go.microsoft.com/fwlink/?LinkId=69157 SearchPage: htt#p://go.microsoft.com/fwlink/?LinkId=54896 SecurityPage: about:SecurityRisk SearchAssistant: htt#p://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm CustomizeSearch: htt#p://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm Shell: C:\Windows\Explorer.exe [2926592 2013-04-08 18:18:14 Microsoft Corporation] Userinit: C:\Windows\System32\Userinit.exe [25088 2008-01-21 02:34:37 Microsoft Corporation] SFC: Enabled BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E}=C:\Program files\Lastpass\Lptoolbar.dll [608256 2013-04-07 23:38:57 LastPass] TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}=C:\Program files\Lastpass\Lptoolbar.dll [608256 2013-04-07 23:38:57 LastPass] Run: [Broadcom Wireless Manager UI] C:\Windows\System32\Wltray.exe [3563520 2013-04-17 22:46:08 Dell Inc.] Run: [HotKeysCmds] C:\Windows\System32\Hkcmd.exe [166424 2008-02-12 01:13:02 Intel Corporation] Run: [IAAnotif] C:\Program files\Intel\Intel matrix storage manager\Iaanotif.exe [174616 2013-04-07 23:15:43 Intel Corporation] Run: [IgfxTray] C:\Windows\System32\Igfxtray.exe [141848 2008-02-12 01:13:12 Intel Corporation] Run: [KeyScrambler] C:\Program files\Keyscrambler\Keyscrambler.exe [508048 2013-07-14 04:25:10 QFX Software Corporation] Run: [Persistence] C:\Windows\System32\Igfxpers.exe [133656 2008-02-12 01:13:08 Intel Corporation] Run: [SigmatelSysTrayApp] C:\Program files\Sigmatel\C-major audio\Wdm\Sttray.exe [405504 2013-04-07 23:07:12 IDT, Inc.] Run: [emsisoft anti-malware] C:\Program files\Emsisoft anti-malware\A2guard.exe [4329408 2013-11-23 22:05:27] IeCom: [{43699cd0#-e34f#-11de#-8a39#-0800200c9a66}->{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] C:\Program files\Lastpass\Lptoolbar.dll [608256 2013-04-07 23:38:57 LastPass] DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} LSP: %SystemRoot%\system32\mswsock.dll LSP: %windir%\system32\vsocklib.dll

BillyONeal commented 9 years ago

No repro on this for now -- been too long.