Re: [Full-disclosure] Question: Need Suggestions

2006-04-19 Thread Sektek Sektek
Process auditing has been available in Windows since at least NT 4.0. Once you turn it on (via local or group security policy) process creation and terminations are logged in the Security event log. On 4/17/06, y0himba <[EMAIL PROTECTED]> wrote: > Hi. > > I lurk on this list not posting much and

Re: [Full-disclosure] Question: Need Suggestions

2006-04-17 Thread Nick FitzGerald
y0himba wrote: > Thanks for any and all constructive replies. Have you tried Winternals' filemon and regmon? It would be a rare process creation and exit that did not cause some file system and/or registry activity... Regards, Nick FitzGerald ___

RE: [Full-disclosure] Question: Need Suggestions

2006-04-17 Thread Steven Rakick
y, April 17, 2006 8:55 PM To: 'Dave Alanis'; full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Question: Need Suggestions (sorry) Actually I am just needing something to log all processes starting and stopping on the system. That way I can capture whatever it is that is st

RE: [Full-disclosure] Question: Need Suggestions (sorry)

2006-04-17 Thread y0himba
imba; full-disclosure@lists.grok.org.uk Subject: re: [Full-disclosure] Question: Need Suggestions (sorry) Sorry for the redundant information I just posted. I meant to say rootkitty: RootKitty is a very simple utility that makes a file listing when running from windows and a file listing from PE/ubc

re: [Full-disclosure] Question: Need Suggestions (sorry)

2006-04-17 Thread Dave Alanis
Sorry for the redundant information I just posted. I meant to say rootkitty: RootKitty is a very simple utility that makes a file listing when running from windows and a file listing from PE/ubcd4win then compares the two files and shows you the differences (looking for rootkits). This is exact

re: [Full-disclosure] Question: Need Suggestions

2006-04-17 Thread Dave Alanis
On Monday, April 17, 2006 6:09 PM, y0himba wrote: > >Date: Mon, 17 Apr 2006 19:09:38 -0400 >From: y0himba >To: >Subject: [Full-disclosure] Question: Need Suggestions > >Hi. > >I lurk on this list not posting much and watching, learning from those of >you who do.

Re: [Full-disclosure] Question: Need Suggestions

2006-04-17 Thread Brian Eaton
On 4/17/06, y0himba <[EMAIL PROTECTED]> wrote: > What I would like to find is some type of Windows software that will log > processes starting and ending to a text file so I can review it and figure > out what exactly is going on. Wouldn't it be cool to have a working strace/truss for Windows? I

[Full-disclosure] Question: Need Suggestions

2006-04-17 Thread y0himba
Hi. I lurk on this list not posting much and watching, learning from those of you who do. I am in need of s suggestion. I run WinXP SP2. I am a sounds freak, so I have my system configured to play a small sound when a program opens, and another when it closes. Over the past week, I have notice