ESET SMART SECURITY Guía de usuario descargar pdf (Pagina 40)

‑ c:\windows\system32\advapi32.dll

[...]

In this example the module khbekhb.dll was marked by a “+”. When the

script runs, it will recognize the processes using that speciﬁc module

and end them.

03) TCP connections

This section contains information about existing TCP connections.

Example:

03) TCP connections:

‑ Active connection: 127.0.0.1:30606 ‑>

127.0.0.1:55320, owner: ekrn.exe

‑ Active connection: 127.0.0.1:50007 ‑>

127.0.0.1:50006,

‑ Active connection: 127.0.0.1:55320 ‑>

127.0.0.1:30606, owner: OUTLOOK.EXE

‑ Listening on *, port 135 (epmap), owner: svchost.exe

+ Listening on *, port 2401, owner: fservice.exe

Listening on *, port 445 (microsoft‑ds), owner: System

[...]

When the script runs, it will locate the owner of the socket in

the marked TCP connections and stop the socket, freeing system

resources.

04) UDP endpoints

This section contains information about existing UDP endpoints.

Example:

04) UDP endpoints:

‑ 0.0.0.0, port 123 (ntp)

+ 0.0.0.0, port 3702

‑ 0.0.0.0, port 4500 (ipsec‑msft)

‑ 0.0.0.0, port 500 (isakmp)

[...]

When the script runs, it will isolate the owner of the socket at the

marked UDP endpoints and stop the socket.

05) DNS server entries

This section contains information about the current DNS server

conﬁguration.

Example:

05) DNS server entries:

+ 204.74.105.85

‑ 172.16.152.2

[...]

Marked DNS server entries will be removed when you run the script.

06) Important registry entries

This section contains information about important registry entries.

Example:

06) Important registry entries:

* Category: Standard Autostart (3 items)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

‑ HotKeysCmds = C:\Windows\system32\hkcmd.exe

‑ IgfxTray = C:\Windows\system32\igfxtray.exe

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

‑ Google Update = “C:\Users\antoniak\AppData\Local\

Google\Update\GoogleUpdate.exe” /c

* Category: Internet Explorer (7 items)

HKLM\Software\Microsoft\Internet Explorer\Main

+ Default_Page_URL = http://thatcrack.com/

[...]

The marked entries will be deleted, reduced to 0‑byte values or reset

to their default values upon script execution. The action to be applied

to a particular entry depends on the entry category and key value in

the speciﬁc registry.

07) Services

This section lists services registered within the system.

Example:

07) Services:

‑ Name: Andrea ADI Filters Service, exe path: c:\

windows\system32\aeadisrv.exe, state: Running,

startup: Automatic

‑ Name: Application Experience Service, exe path:

c:\windows\system32\aelupsvc.dll, state: Running,

startup: Automatic

‑ Name: Application Layer Gateway Service, exe path:

c:\windows\system32\alg.exe, state: Stopped, startup:

Manual

[...]

The services marked and their dependant services will be stopped and

uninstalled when the script is executed.

08) Drivers

This section lists installed drivers.

Example:

08) Drivers:

‑ Name: Microsoft ACPI Driver, exe path: c:\windows\

system32\drivers\acpi.sys, state: Running, startup:

Boot

‑ Name: ADI UAA Function Driver for High Denition

Audio Service, exe path: c:\windows\system32\drivers\

adihdaud.sys, state: Running, startup: Manual

[...]

When you execute the script, the drivers selected will be unregistered

from the system and removed.

09) Critical ﬁles

This section contains information about ﬁles critical to proper

function of the operating system.

Example:

09) Critical les:

* File: win.ini

‑ [fonts]

‑ [extensions]

‑ [les]

‑ MAPI=1

[…]

* File: system.ini

‑ [386Enh]

‑ woafont=dosapp.fon

‑ EGA80WOA.FON=EGA80WOA.FON

[…]

* File: hosts

‑ 127.0.0.1 localhost

‑ ::1 localhost

[…]

1 2 ... 35 36 37 38 39 40 41 42 43 44 45 46

Comentarios a estos manuales

Sin comentarios

ESET SMART SECURITY Guía de usuario Pagina 40

Comentarios a estos manuales

Relacionado con productos y manuales para Software de seguridad antivirus ESET SMART SECURITY