SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
Continuo chorro de datos entrantes y salientes. [SOLUCIONADO]
Mr_X:
--- Cita de: WillyN en 19 de Diciembre de 2007, 02:16:51 pm ---Te pego otro informe de TCPView, fíjate qué cantidad de conexiones: :ciego:
--- Fin de la cita ---
Sí, estás enviando correo...
Haz copia de seguridad del registro, deshabilita el 'Restaurar el sistema', reinicia en Modo seguro, ejecuta el Autoruns, selecciona las siguientes entradas con el botón derecho y dale a 'Delete':
--- Código: ---+ AL2Spy Class File not found: C:\WINDOWS\AUTOLO~1\AL2DLL.dll
+ sensapi32 SENS Connectivity API DLL (Not verified) Microsoft Corporation c:\windows\system32\sensapi32.dll
--- Fin del código ---
Reinicia normal, actualiza el Panda y el Adaware y pásalos reiniciando en Modo seguro... Nuevos logs...
WillyN:
¿Cómo lo ves?
Parece ser, por el momento, que se paró el hilillo de datos ese... Pero hasta que no pasan unas horas más así no lo quiero dar definitivamente por arreglado.
--- Cita de: HijackThis ---Logfile of HijackThis v1.99.1
Scan saved at 8:29:09, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
G:\Documentos Willy\Programas\Spyware\Hijakckthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Archivos de programa\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Archivos de programa\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Herramienta de demostración de AdSense de Google - http://pagead2.googlesyndication.com/pagead/preview/es/preview.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Archivos de programa\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Archivos de programa\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\archivos de programa\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: UPSmart - Unknown owner - C:\Archivos de programa\UPSmart Server\UPServ.exe
--- Fin de la cita ---
--- Cita de: Autoruns ---HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ DiskeeperSystray DKICON.EXE (Not verified) Diskeeper Corporation c:\archivos de programa\diskeeper corporation\diskeeper\dkicon.exe
+ LaunchApp Acer Launch Tool Utility (Not verified) Acer Inc. c:\windows\alaunch.exe
+ Spamihilator Spamihilator (Not verified) Michel Krämer c:\archivos de programa\spamihilator\spamihilator.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.6.0_03\bin\jusched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Documents and Settings\wlly\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ swg GoogleToolbarNotifier (Verified) Google Inc c:\archivos de programa\google\googletoolbarnotifier\googletoolbarnotifier.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Advanced JPEG Compressor Context Menu Shell Extension c:\archivos de programa\advanced jpeg compressor\contextmenuext.dll
+ CrimsonEditor.ShellExt c:\archivos de programa\crimson editor\shellext.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\archivos de programa\itunes\itunesminiplayer.dll
+ Panda Antivirus ShellTit (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\shelltit.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Verified) RealNetworks, Inc. c:\archivos de programa\real\realplayer\rpshell.dll
+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ SmartFTP ContextMenu SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sfshelltools.dll
+ SmartFTP Copy Hook SmartFTP Client CopyHook (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\smarthook.dll
+ SmartFTP Drop ShellIconOverlayHandler SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sfshelltools.dll
+ SmartFTP Favorites Namespace SmartFTP Favorites Shell Extension (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sffavoritesshellextension.dll
+ SmartFTP ShellDropHandler SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\archivos de programa\smartftp client\sfshelltools.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
+ Google Toolbar Helper Barra Google para los clientes de Internet Explorer (Verified) Google Inc c:\archivos de programa\google\googletoolbar1.dll
+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\archivos de programa\google\googletoolbarnotifier\2.0.301.7164\swg.dll
+ SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.6.0_03\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ googletoolbar1.dll Barra Google para los clientes de Internet Explorer (Verified) Google Inc c:\archivos de programa\google\googletoolbar1.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ aawservice Protects your computer from spyware (Verified) Lavasoft AB c:\archivos de programa\lavasoft\ad-aware 2007\aawservice.exe
+ Diskeeper Controls the Windows Diskeeper Service (Not verified) Diskeeper Corporation c:\archivos de programa\diskeeper corporation\diskeeper\dkservice.exe
+ Panda Software Controller Antimalware Manager (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\psctrls.exe
+ PAVFNSVR Panda Function Service (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavfnsvr.exe
+ PavPrSrv Panda Process Protection Service (Verified) Panda Software International c:\archivos de programa\archivos comunes\panda software\pavshld\pavprsrv.exe
+ PAVSRV Enhanced On-Access Anti-Malware Service. (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavsrv51.exe
+ PSHost Panda Host Service (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\firewall\pshost.exe
+ PSIMSVC Panda Interface Manager Service (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\psimsvc.exe
+ TPSrv TPSrv Application (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\tpsrv.exe
+ UPSmart UPSmart Module c:\archivos de programa\upsmart server\upserv.exe
HKLM\System\CurrentControlSet\Services
+ Ad-Watch Connect Filter Driver for Ad-Watch network monitoring (Not verified) Lavasoft AB c:\windows\system32\drivers\nsdriver.sys
+ Ad-Watch Real-Time Scanner Driver for Ad-Watch Real-Time Process protection (Not verified) Lavasoft AB c:\windows\system32\drivers\awrtpd.sys
+ Afc Arcsoft(R) ASPI Shell (Not verified) Arcsoft, Inc. c:\windows\system32\drivers\afc.sys
+ AFS2K Audio File System (Not verified) Oak Technology Inc. c:\windows\system32\drivers\afs2k.sys
+ ALCXWDM File not found: system32\drivers\ALCXWDM.SYS
+ APPFLT Panda APPFLT (Verified) Panda Software International c:\windows\system32\drivers\appflt.sys
+ Asushwio c:\windows\system32\drivers\asushwio.sys
+ AvFlt File not found: C:\WINDOWS\system32\drivers\av5flt.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint cPoint (Not verified) Panda Software c:\windows\system32\drivers\cpoint.sys
+ DSAFLT (Verified) Panda Software International c:\windows\system32\drivers\dsaflt.sys
+ FNETMON Panda FNetMon (Verified) Panda Software International c:\windows\system32\drivers\fnetmon.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ IDSFLT Intrusion Detection System (Verified) Panda Software International c:\windows\system32\drivers\idsflt.sys
+ InCDPass File not found: system32\drivers\InCDPass.sys
+ InCDRm File not found: system32\drivers\InCDRm.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ MS1000 c:\windows\system32\drivers\ms1000.sys
+ NETFLTDI Panda TDI Filter (Verified) Panda Software International c:\windows\system32\drivers\netfltdi.sys
+ NTIDrvr NTI CD-ROM Filter Driver (Not verified) NewTech Infosystems, Inc. c:\windows\system32\drivers\ntidrvr.sys
+ PavProc Panda Process Protection driver (Verified) Panda Software International c:\windows\system32\drivers\pavproc.sys
+ PavSRK.sys File not found: C:\WINDOWS\system32\PavSRK.sys
+ PavTPK.sys File not found: C:\WINDOWS\system32\PavTPK.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ sdthook File not found: C:\WINDOWS\system32\drivers\sdthook.sys
+ ShldDrv Panda File and Registry Protection driver (Not verified) Panda Software International c:\windows\system32\drivers\shldrv51.sys
+ SMSFLT (Verified) Panda Software International c:\windows\system32\drivers\smsflt.sys
+ UBHelper File not found: C:\WINDOWS\System32\Drivers\UBHelper.sys
+ vulfnths VIA USB Host Controller Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfnth.sys
+ vulfntrs VIA USB Roothub Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfntr.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ WNMFLT (Verified) Panda Software International c:\windows\system32\drivers\wnmflt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ lsdelete c:\windows\system32\lsdelete.exe
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ avldr On-Access Antivirus Scanner Sync. (Verified) Panda Software International c:\windows\system32\avldr.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\archivos de programa\panda software\panda antivirus + firewall 2007\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll
+ OKI LPR Port OKI LPR Port Monitor for WinNT4.0/2000/XP (Not verified) Oki Data Corporation c:\windows\system32\oklprmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
--- Fin de la cita ---
WillyN:
Me atrevo a decir que se ha terminado con ese proceso, ya llevo tres horas sin haber notado ningún trafico fuera de lo normal.
Muchas gracias Mr_X, por la atención y los buenos consejos. :)
Mr_X:
Sigue monitoreando para ver si definitivamnte se ha detenido el tráfico...
Te aconsejo que hagas alguna revisión con algún antivirus en línea...
Saludos
WillyN:
Estaré bien pendiente..
Lo pasé el Kaspersky online, no encontró nada del otro mundo.
Sigo pensando que esto fue un resto del Bittorrent.
Navegación
[*] Página Anterior
Ir a la versión completa