Autor
Código:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:54, on 10/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Elantech\KTP.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\sandra\Desktop\Hijackthis\HiJackThis 2.0.2 Portable.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\Control Center\CCenter.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [googletalk] C:\Users\sandra\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: inicio.lnk = C:\Windows\System32\sysprep\BurnInTest\inicio.cmd
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
--
End of file - 5672 bytes
Código:
Conexiones activas
Proto Direcci¢n local Direcci¢n remota Estado
TCP 0.0.0.0:80 sandra1:0 LISTENING
TCP 0.0.0.0:135 sandra1:0 LISTENING
TCP 0.0.0.0:445 sandra1:0 LISTENING
TCP 0.0.0.0:5357 sandra1:0 LISTENING
TCP 0.0.0.0:5938 sandra1:0 LISTENING
TCP 0.0.0.0:49152 sandra1:0 LISTENING
TCP 0.0.0.0:49153 sandra1:0 LISTENING
TCP 0.0.0.0:49154 sandra1:0 LISTENING
TCP 0.0.0.0:49155 sandra1:0 LISTENING
TCP 0.0.0.0:49156 sandra1:0 LISTENING
TCP 127.0.0.1:9997 sandra1:0 LISTENING
TCP 127.0.0.1:10110 sandra1:0 LISTENING
TCP 192.168.1.35:139 sandra1:0 LISTENING
TCP 192.168.1.35:49252 server853:5938 TIME_WAIT
TCP 192.168.1.35:49253 ds87-230-74-43:5938 TIME_WAIT
TCP 192.168.1.35:49254 server918:5938 ESTABLISHED
TCP [::]:135 sandra1:0 LISTENING
TCP [::]:445 sandra1:0 LISTENING
TCP [::]:5357 sandra1:0 LISTENING
TCP [::]:49152 sandra1:0 LISTENING
TCP [::]:49153 sandra1:0 LISTENING
TCP [::]:49154 sandra1:0 LISTENING
TCP [::]:49155 sandra1:0 LISTENING
TCP [::]:49156 sandra1:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49152 *:*
UDP 0.0.0.0:49896 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49169 *:*
UDP 127.0.0.1:49170 *:*
UDP 127.0.0.1:63448 *:*
UDP 192.168.1.35:137 *:*
UDP 192.168.1.35:138 *:*
UDP 192.168.1.35:1900 *:*
UDP 192.168.1.35:63447 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5355 *:*
UDP [::]:49153 *:*
UDP [::1]:1900 *:*
UDP [::1]:63445 *:*
UDP [fe80::c54:3f99:3f57:fedc%14]:1900 *:*
UDP [fe80::c54:3f99:3f57:fedc%14]:63446 *:*
UDP [fe80::1129:9e10:a41f:6599%13]:546 *:*
UDP [fe80::1129:9e10:a41f:6599%13]:1900 *:*
UDP [fe80::1129:9e10:a41f:6599%13]:63443 *:*
UDP [fe80::e162:57d2:5e9a:404e%10]:1900 *:*
UDP [fe80::e162:57d2:5e9a:404e%10]:63444 *:*
Hay algo mas que pueda hacer? Como puedo obtener la IP para poder hacer la denuncia? Yo pensaba con ingenieria social, mandandole un archivo x msn y sacarlo de ahi, pero algo mas pronto no se puede? Aparte de esto se ha hecho cuentas en Badoo con nuestros nombres y nuestros mails (Entro a nuestros mails y confirmo la cuenta) Lo sé porque despues nos llegaban mails que decian que nos hablaron, y quien mas podria ser que ese loco? pues nadie... que yo crea... Aparte de la otra que hizo, un caso de pedofilia, pero ya es otra historia...
En línea
, ejecuta un netstat -ab
