Go to sysinternals.com and download some of the logging software packages.
Process Explorer is a good one, and TCP View, which will show the process and
the network activity for that process. You can also download and install
Ethereal, perform a capture of your network traffic while chatting online with
someone to see how your ip address is NAT'd. Are you sure you are behind a
router that performs NAT? You may also be comprimised as another poster has
stated. There are many tools on sysinternals u can use to evaluate what is
going on on your system. Perhaps the easiest way would be to run a scan
against your system from another computer on your network. If you have a
secondary system, download Nessus from Nessus.org, its free, scan your other
box for vulnerabilities. You can also download GFI Landguard, which I like to
use to show open communications ports and sometimes shows very quickly when a
box is comprimised as some of the ports when queried return obvious hacke
r banners. Either way, I would recommend using a host based IDS, like mcafee
personal firewall. With an HIDS, you can restrict network connections and also
use the application hook in option to limit executables from executing.
Theoritically, if you only allow trusted apps to run, malicous code will not be
able to run. Unless of course it can bypass the HIDS or fool it somehow by
using an executable you have already authorized, although there is built in
protection for that as well. In the end, the weakest link may be yourself, as
you download and install applications that are really trojans and allow them to
run. Good luck.
