SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
Continuo chorro de datos entrantes y salientes. [SOLUCIONADO]
Mr_X:
Saca nuevos logs...
WillyN:
He tenido que deshacer todos los cambios porque al poco tiempo se me caía la conexión a internet aunque intuyo que eso en el fondo se debía al deshabilitar svchost en el firewall. :ciego:
Restauré sistema a antes de ayer y parece que ahora el equipo va bien. Lo malo es que el hilillo de trafico también está presente de nuevo. :panic:
Perdóname la pregunta Mr_X, pero ¿me puedes indicar nuevamente qué logs quieres ver, y como los saco, es decir, en modo seguro y en modo normal?
Mr_X:
Del HijackThis y Autoruns iniciando en Modo seguro...
WillyN:
--- Cita de: HijackThis ---Logfile of HijackThis v1.99.1
Scan saved at 9:45:54, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
G:\Documentos Willy\Programas\Spyware\Hijakckthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Archivos de programa\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Spamihilator] "C:\Archivos de programa\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Herramienta de demostración de AdSense de Google - http://pagead2.googlesyndication.com/pagead/preview/es/preview.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Archivos de programa\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Archivos de programa\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: sensapi32 - C:\WINDOWS\SYSTEM32\sensapi32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\archivos de programa\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: UPSmart - Unknown owner - C:\Archivos de programa\UPSmart Server\UPServ.exe
--- Fin de la cita ---
--- Cita de: AutoRuns ---HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ APVXDWIN ApVxdWin (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\apvxdwin.exe
+ DiskeeperSystray DKICON.EXE (Not verified) Diskeeper Corporation c:\archivos de programa\diskeeper corporation\diskeeper\dkicon.exe
+ LaunchApp Acer Launch Tool Utility (Not verified) Acer Inc. c:\windows\alaunch.exe
+ Spamihilator Spamihilator (Not verified) Michel Krämer c:\archivos de programa\spamihilator\spamihilator.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.6.0_03\bin\jusched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Documents and Settings\wlly\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ swg GoogleToolbarNotifier (Verified) Google Inc c:\archivos de programa\google\googletoolbarnotifier\googletoolbarnotifier.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ fontcreatorext.dll FontCreator Shell Extension (Not verified) High-Logic c:\archivos de programa\high-logic\fontcreator\fontcreatorext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Advanced JPEG Compressor Context Menu Shell Extension c:\archivos de programa\advanced jpeg compressor\contextmenuext.dll
+ CrimsonEditor.ShellExt c:\archivos de programa\crimson editor\shellext.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\archivos de programa\itunes\itunesminiplayer.dll
+ Panda Antivirus ShellTit (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\shelltit.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Verified) RealNetworks, Inc. c:\archivos de programa\real\realplayer\rpshell.dll
+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ SmartFTP ContextMenu SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sfshelltools.dll
+ SmartFTP Copy Hook SmartFTP Client CopyHook (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\smarthook.dll
+ SmartFTP Drop ShellIconOverlayHandler SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sfshelltools.dll
+ SmartFTP Favorites Namespace SmartFTP Favorites Shell Extension (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sffavoritesshellextension.dll
+ SmartFTP ShellDropHandler SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sfshelltools.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
+ AL2Spy Class File not found: C:\WINDOWS\AUTOLO~1\AL2DLL.dll
+ Google Toolbar Helper Barra Google para los clientes de Internet Explorer (Verified) Google Inc c:\archivos de programa\google\googletoolbar1.dll
+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\archivos de programa\google\googletoolbarnotifier\2.0.301.7164\swg.dll
+ SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.6.0_03\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ googletoolbar1.dll Barra Google para los clientes de Internet Explorer (Verified) Google Inc c:\archivos de programa\google\googletoolbar1.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ aawservice Protects your computer from spyware (Verified) Lavasoft AB c:\archivos de programa\lavasoft\ad-aware 2007\aawservice.exe
+ Diskeeper Controls the Windows Diskeeper Service (Not verified) Diskeeper Corporation c:\archivos de programa\diskeeper corporation\diskeeper\dkservice.exe
+ Panda Software Controller Antimalware Manager (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\psctrls.exe
+ PAVFNSVR Panda Function Service (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavfnsvr.exe
+ PavPrSrv Panda Process Protection Service (Verified) Panda Software International c:\archivos de programa\archivos comunes\panda software\pavshld\pavprsrv.exe
+ PAVSRV Enhanced On-Access Anti-Malware Service. (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavsrv51.exe
+ PSHost Panda Host Service (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\firewall\pshost.exe
+ PSIMSVC Panda Interface Manager Service (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\psimsvc.exe
+ TPSrv TPSrv Application (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\tpsrv.exe
+ UPSmart UPSmart Module c:\archivos de programa\upsmart server\upserv.exe
HKLM\System\CurrentControlSet\Services
+ Ad-Watch Connect Filter Driver for Ad-Watch network monitoring (Not verified) Lavasoft AB c:\windows\system32\drivers\nsdriver.sys
+ Ad-Watch Real-Time Scanner Driver for Ad-Watch Real-Time Process protection (Not verified) Lavasoft AB c:\windows\system32\drivers\awrtpd.sys
+ Afc Arcsoft(R) ASPI Shell (Not verified) Arcsoft, Inc. c:\windows\system32\drivers\afc.sys
+ AFS2K Audio File System (Not verified) Oak Technology Inc. c:\windows\system32\drivers\afs2k.sys
+ ALCXWDM File not found: system32\drivers\ALCXWDM.SYS
+ APPFLT Panda APPFLT (Verified) Panda Software International c:\windows\system32\drivers\appflt.sys
+ Asushwio c:\windows\system32\drivers\asushwio.sys
+ AvFlt File not found: C:\WINDOWS\system32\drivers\av5flt.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint cPoint (Not verified) Panda Software c:\windows\system32\drivers\cpoint.sys
+ DSAFLT (Verified) Panda Software International c:\windows\system32\drivers\dsaflt.sys
+ FNETMON Panda FNetMon (Verified) Panda Software International c:\windows\system32\drivers\fnetmon.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ IDSFLT Intrusion Detection System (Verified) Panda Software International c:\windows\system32\drivers\idsflt.sys
+ InCDPass File not found: system32\drivers\InCDPass.sys
+ InCDRm File not found: system32\drivers\InCDRm.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ MS1000 c:\windows\system32\drivers\ms1000.sys
+ NETFLTDI Panda TDI Filter (Verified) Panda Software International c:\windows\system32\drivers\netfltdi.sys
+ NTIDrvr NTI CD-ROM Filter Driver (Not verified) NewTech Infosystems, Inc. c:\windows\system32\drivers\ntidrvr.sys
+ PavProc Panda Process Protection driver (Verified) Panda Software International c:\windows\system32\drivers\pavproc.sys
+ PavSRK.sys File not found: C:\WINDOWS\system32\PavSRK.sys
+ PavTPK.sys File not found: C:\WINDOWS\system32\PavTPK.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ ShldDrv Panda File and Registry Protection driver (Not verified) Panda Software International c:\windows\system32\drivers\shldrv51.sys
+ SMSFLT (Verified) Panda Software International c:\windows\system32\drivers\smsflt.sys
+ UBHelper File not found: C:\WINDOWS\System32\Drivers\UBHelper.sys
+ vulfnths VIA USB Host Controller Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfnth.sys
+ vulfntrs VIA USB Roothub Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfntr.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ WNMFLT (Verified) Panda Software International c:\windows\system32\drivers\wnmflt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ lsdelete c:\windows\system32\lsdelete.exe
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ avldr On-Access Antivirus Scanner Sync. (Verified) Panda Software International c:\windows\system32\avldr.dll
+ sensapi32 SENS Connectivity API DLL (Not verified) Microsoft Corporation c:\windows\system32\sensapi32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll
+ OKI LPR Port OKI LPR Port Monitor for WinNT4.0/2000/XP (Not verified) Oki Data Corporation c:\windows\system32\oklprmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
--- Fin de la cita ---
Y por último te pega una lista del TCPView, es simplemente loq ue se ve en un momentoo dado:
--- Cita de: TCPView ---[System Process]:0 TCP willy.belkin:1369 smit1.cheetahmail.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1368 mx1.messagingengine.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1379 mail.hotellsorlandet.no:smtp TIME_WAIT
alg.exe:3256 TCP Willy:1271 Willy:0 LISTENING
APVXDWIN.EXE:952 TCP willy.belkin:1274 212.23.37.5:http ESTABLISHED
DkService.exe:1264 TCP Willy:31038 Willy:0 LISTENING
lsass.exe:1064 UDP Willy:isakmp *:*
lsass.exe:1064 UDP Willy:4500 *:*
spamihilator.exe:1692 TCP Willy:993 Willy:0 LISTENING
spamihilator.exe:1692 TCP Willy:pop3 Willy:0 LISTENING
spamihilator.exe:1692 TCP Willy:995 Willy:0 LISTENING
spamihilator.exe:1692 TCP Willy:imap Willy:0 LISTENING
svchost.exe:1228 TCP willy.belkin:1212 mxfront23.yandex.ru:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1366 f.mx.mail.yahoo.com:smtp LAST_ACK
svchost.exe:1228 TCP willy.belkin:1352 mfgw103.ocn.ad.jp:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1378 f.mx.mail.yahoo.com:smtp LAST_ACK
svchost.exe:1228 TCP willy.belkin:1380 mx2.yandex.ru:smtp SYN_SENT
svchost.exe:1228 TCP willy.belkin:1381 despina.seeyou.de:smtp ESTABLISHED
svchost.exe:1324 TCP Willy:epmap Willy:0 LISTENING
svchost.exe:1580 UDP Willy:ntp *:*
svchost.exe:1580 UDP willy.belkin:ntp *:*
svchost.exe:1728 UDP Willy:1051 *:*
svchost.exe:1728 UDP Willy:1044 *:*
svchost.exe:1728 UDP Willy:1025 *:*
svchost.exe:1728 UDP Willy:1029 *:*
svchost.exe:1728 UDP Willy:1033 *:*
svchost.exe:1728 UDP Willy:1049 *:*
svchost.exe:1728 UDP Willy:1065 *:*
svchost.exe:1728 UDP Willy:1042 *:*
svchost.exe:1728 UDP Willy:1054 *:*
svchost.exe:1912 UDP Willy:1900 *:*
svchost.exe:1912 UDP willy.belkin:1900 *:*
System:4 TCP Willy:microsoft-ds Willy:0 LISTENING
System:4 TCP willy.belkin:netbios-ssn Willy:0 LISTENING
System:4 UDP willy.belkin:netbios-ns *:*
System:4 UDP willy.belkin:netbios-dgm *:*
System:4 UDP Willy:microsoft-ds *:*
UPSmart.exe:2832 TCP Willy:2000 Willy:0 LISTENING
WEBPROXY.EXE:536 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:536 UDP Willy:18002 *:*
WEBPROXY.EXE:536 UDP Willy:18001 *:*
--- Fin de la cita ---
Gracias.
WillyN:
Te pego otro informe de TCPView, fíjate qué cantidad de conexiones: :ciego:
--- Citar ---[System Process]:0 TCP Willy:31595 localhost:1159 TIME_WAIT
[System Process]:0 TCP Willy:31595 localhost:1110 TIME_WAIT
[System Process]:0 TCP Willy:31595 localhost:1119 TIME_WAIT
[System Process]:0 TCP Willy:31595 localhost:1122 TIME_WAIT
[System Process]:0 TCP willy.belkin:1180 mx.hostedemail.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1181 mx02.t-online.de:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1174 kotakntmum01.kotak.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1185 mx.hostedemail.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1175 s7a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1186 rmail.lycosmail.lycos.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1188 mta2-f.biz.mail.vip.mud.yahoo.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1173 mx-cluster.mandic.com.br:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1170 m12-62.163.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1190 mx6.go2.pl:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1171 s7a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1193 mx.poczta.onet.pl:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1195 mx00.udag.de:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1197 mxscan01.zitechnet.dk:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1191 p195n9.ruraltel.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1184 fg-in-f114.google.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1202 lambertmfg.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1198 170.143.74.65.static.heraklesdata.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1196 mx1c1.megamailservers.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1200 mx-b.dc2.filter-mail.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1207 mta3.vsnl.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1199 mail.ntvm.co.jp:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1192 61.136.62.89:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1205 s7a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1211 server88.appriver.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1206 mail.global.frontbridge.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1214 mg.mx.aol.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1169 mail.kabelspeed.at:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1217 mf.mx.aol.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1209 mail.mailwatch.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1218 mb.mx.aol.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1220 me.mx.aol.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1210 gateway.pylusd.org:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1213 mail.charlesmeltonwines.com.au:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1224 mail.global.frontbridge.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1225 71-153-34-66.cust.propagation.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1216 203.88.193.49:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1226 s5a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1233 front-end3.cosmoweb.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1236 imta.westchester.pa.mail.comcast.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1238 66.254.69.113:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1243 mail1.easyasphosting.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1240 203.46.154.2:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1242 fg-in-f114.google.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1245 oakspam01.dot.ca.gov:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1250 snaspam01.dot.ca.gov:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1254 host47-206-static.172-217-b.business.telecomitalia.it:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1256 servidor0.apkomp.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1241 imta.emeryville.ca.mail.comcast.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1257 falcon.lipetsk.ru:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1258 s8a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1259 p3presmtp01-v01.prod.phx3.secureserver.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1264 esipdcdallas.esinetwork.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1263 mail-fwd.mx.g19.rapidsite.net:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1267 mxger05.zf.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1268 mxi3s.craigslist.org:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1270 infogate2.media-saturn.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1273 mx-b.kundenserver.de:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1274 mx-b.kundenserver.de:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1272 slf-mail-03.sunlife.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1271 s7a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP willy.belkin:1266 wolverine.serverlogistics.com:smtp TIME_WAIT
APVXDWIN.EXE:308 TCP willy.belkin:1084 212.23.37.30:http ESTABLISHED
DkService.exe:980 TCP Willy:31038 Willy:0 LISTENING
firefox.exe:2052 TCP Willy:1048 localhost:1047 ESTABLISHED
firefox.exe:2052 TCP Willy:1047 localhost:1048 ESTABLISHED
firefox.exe:2052 TCP Willy:1050 localhost:1051 ESTABLISHED
firefox.exe:2052 TCP Willy:1051 localhost:1050 ESTABLISHED
lsass.exe:1064 UDP Willy:isakmp *:*
lsass.exe:1064 UDP Willy:4500 *:*
spamihilator.exe:1464 TCP Willy:993 Willy:0 LISTENING
spamihilator.exe:1464 TCP Willy:pop3 Willy:0 LISTENING
spamihilator.exe:1464 TCP Willy:995 Willy:0 LISTENING
spamihilator.exe:1464 TCP Willy:imap Willy:0 LISTENING
svchost.exe:1228 TCP willy.belkin:1167 mta-v13.mail.vip.re4.yahoo.com:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1189 mta-v13.mail.vip.re4.yahoo.com:smtp LAST_ACK
svchost.exe:1228 TCP willy.belkin:1208 e1.ny.us.ibm.com:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1227 amadsl-099.efor.es:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1244 moex-0.sjc.mail-abuse.com:smtp SYN_SENT
svchost.exe:1228 TCP willy.belkin:1252 209.142.253.140:smtp SYN_SENT
svchost.exe:1228 TCP willy.belkin:1261 ksntbombkh02.kotak.com:smtp SYN_SENT
svchost.exe:1228 TCP willy.belkin:1260 srv.highrankings.com:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1262 mta-v13.mail.vip.re4.yahoo.com:smtp LAST_ACK
svchost.exe:1228 TCP willy.belkin:1265 server1.settler.ru:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1276 208.101.9.242-static.reverse.softlayer.com:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1275 160.92.103.81:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1278 77.105.0.24:smtp FIN_WAIT1
svchost.exe:1228 TCP willy.belkin:1277 mail.global.frontbridge.com:smtp FIN_WAIT1
svchost.exe:1228 TCP willy.belkin:1279 130.94.4.135:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1281 158.57.45.246:smtp ESTABLISHED
svchost.exe:1228 TCP willy.belkin:1280 208.97.132.31:smtp ESTABLISHED
svchost.exe:1324 TCP Willy:epmap Willy:0 LISTENING
svchost.exe:1580 UDP Willy:ntp *:*
svchost.exe:1580 UDP willy.belkin:ntp *:*
svchost.exe:1756 UDP Willy:1029 *:*
svchost.exe:1756 UDP Willy:1134 *:*
svchost.exe:1756 UDP Willy:1168 *:*
svchost.exe:1756 UDP Willy:1194 *:*
svchost.exe:1756 UDP Willy:1222 *:*
svchost.exe:1864 UDP Willy:1900 *:*
svchost.exe:1864 UDP willy.belkin:1900 *:*
System:4 TCP Willy:microsoft-ds Willy:0 LISTENING
System:4 TCP willy.belkin:netbios-ssn Willy:0 LISTENING
System:4 UDP willy.belkin:netbios-ns *:*
System:4 UDP willy.belkin:netbios-dgm *:*
System:4 UDP Willy:microsoft-ds *:*
UPSmart.exe:2964 TCP Willy:2000 Willy:0 LISTENING
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:2104 UDP Willy:18002 *:*
WEBPROXY.EXE:2104 UDP Willy:18001 *:*
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
WEBPROXY.EXE:2104 TCP Willy:31595 Willy:0 LISTENING
--- Fin de la cita ---
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa