Virus eller spyware? Trafikk på nettet

[rolvs]

Hei!

 

Har en Windows Vista maskin som nå har begynt å generere litt trafikk jeg ikke vet helt hva er. Ser på Du Meter at det er noen få kbps inn og ut nesten konstant. Finner ikke ut hvor dette kommer fra. Har kørt Wireshark og der kommer det opp masse UDP trafikk mot masse ukjente ip adresser. Har installert AVG antivirus og søkt gjennom maskinen med den men den finner ikke noe. Har også søkt med Spybot uten å finne noe. Hva kan dette være?

[raWrz]

Hei

 

Ta deg en tur gjennom guiden som er linket øverst i signaturen min og post loggene =)

 

(obs.. siden det er jule tider kan det hende det tar litt lenger tid før du får svar..)

[rolvs]

Ser ikke ut til at den fant noe misstenkelig, men her kommer loggene:

 

Mbam:

Malwarebytes' Anti-Malware 1.42

Databaseversjon: 3423

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

24.12.2009 13:40:21

mbam-log-2009-12-24 (13-40-21).txt

 

Skanntype: Rask Skann

Objekter skannet: 101429

Tid tilbakelagt: 4 minute(s), 5 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

ComboFix:

 

ComboFix 09-12-23.05 - Rolv Sverre Frøise 24.12.2009 13:43:59.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3066.1793 [GMT 1:00]

Kjører fra: D:\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\install.exe

c:\windows\Suyin.reg

c:\windows\system32\zip32.dll

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-24 til 2009-12-24 )))))))))))))))))))))))))))))))))

.

 

2009-12-24 12:50 . 2009-12-24 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-24 12:35 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-24 12:35 . 2009-12-24 12:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-24 12:35 . 2009-12-24 12:35 -------- d-----w- c:\programdata\Malwarebytes

2009-12-24 12:35 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-24 10:56 . 2009-12-24 10:56 -------- d-----w- c:\program files\Lavasoft

2009-12-24 10:51 . 2009-12-24 10:51 -------- d-----w- c:\programdata\Locktime

2009-12-24 10:51 . 2009-12-24 10:51 -------- d-----w- c:\program files\NetLimiter 2 Lite

2009-12-23 15:23 . 2009-12-24 12:28 -------- d-----w- c:\program files\DNA

2009-12-23 08:41 . 2009-12-12 07:18 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe

2009-12-23 08:41 . 2009-12-12 07:18 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe

2009-12-23 08:41 . 2009-12-19 08:41 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll

2009-12-19 15:31 . 2009-12-19 15:31 -------- d-----w- c:\program files\Buypass

2009-12-19 11:11 . 2009-12-19 11:11 614136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-19 08:41 . 2009-12-12 07:17 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll

2009-12-10 12:58 . 2009-12-10 12:58 -------- d-----w- c:\program files\HamSphere

2009-12-06 16:55 . 2009-12-06 16:55 532 ----a-w- c:\windows\eReg.dat

2009-12-03 21:01 . 2009-12-24 10:03 -------- d-----w- C:\ActiveWorlds 5.0

2009-12-03 16:30 . 2009-12-03 16:31 -------- d-----w- c:\users\Public\Games

2009-12-02 07:51 . 2009-12-12 07:17 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

2009-12-02 07:50 . 2009-12-02 07:50 844056 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

2009-12-02 07:50 . 2009-12-02 07:50 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll

2009-12-01 14:19 . 2009-12-01 14:19 -------- d-----w- c:\program files\Maxis

2009-11-30 12:47 . 2009-11-30 12:47 -------- d-----w- c:\program files\QuickTime

2009-11-30 12:47 . 2009-11-30 12:47 -------- d-----w- c:\programdata\Apple Computer

2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe

2009-11-28 18:18 . 2009-11-28 18:18 -------- d-----w- C:\Brother's Keeper 6

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-24 12:35 . 2008-05-13 05:59 78404 ----a-w- c:\windows\system32\perfc014.dat

2009-12-24 12:35 . 2008-05-13 05:59 456686 ----a-w- c:\windows\system32\perfh014.dat

2009-12-24 12:32 . 2009-01-07 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-12-24 12:30 . 2009-01-08 11:38 -------- d-----w- c:\program files\Steam

2009-12-24 12:28 . 2009-01-07 16:17 29074 ----a-w- c:\programdata\nvModes.dat

2009-12-24 12:28 . 2009-07-07 15:10 -------- d-----w- c:\programdata\VMware

2009-12-24 11:52 . 2009-01-07 13:41 12 ----a-w- c:\windows\bthservsdp.dat

2009-12-24 11:24 . 2009-03-21 18:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-12-24 11:00 . 2009-03-21 18:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-24 07:59 . 2009-05-26 18:38 -------- d-----w- c:\program files\LogMeIn

2009-12-23 22:09 . 2009-02-07 19:03 -------- d-----w- c:\program files\mIRC

2009-12-22 17:37 . 2009-07-25 18:59 -------- d-----w- c:\program files\DOSBox-0.73

2009-12-22 17:29 . 2009-01-07 13:55 -------- d-----w- c:\program files\Launch Manager

2009-12-22 15:36 . 2009-06-26 11:55 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-12-22 15:36 . 2009-06-26 11:54 214488 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-12-20 16:16 . 2009-06-26 11:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-12-20 16:16 . 2009-06-26 11:54 2373712 ----a-w- c:\windows\system32\pbsvc.exe

2009-12-20 00:18 . 2009-01-07 14:13 -------- d-----w- c:\program files\Google

2009-12-19 15:32 . 2008-05-12 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-06 16:52 . 2009-06-26 11:50 -------- d-----w- c:\program files\EA Games

2009-11-30 14:36 . 2009-11-28 18:17 -------- d-----w- c:\program files\Brother's Keeper 6

2009-11-19 17:13 . 2009-02-07 17:58 -------- d-----w- c:\program files\Project64 1.6

2009-11-15 14:15 . 2009-11-15 14:15 77824 ----a-w- c:\windows\system32\CamTraxAPI.dll

2009-11-14 19:06 . 2009-03-21 19:16 -------- d-----w- c:\program files\AVG

2009-11-14 19:06 . 2009-03-21 19:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-14 19:06 . 2009-03-21 19:16 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-14 19:06 . 2009-03-21 19:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-14 19:06 . 2009-03-21 19:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-14 19:06 . 2009-11-14 19:06 -------- d-----w- c:\programdata\avg9

2009-11-06 13:42 . 2009-11-06 13:42 -------- d-----w- c:\program files\Ligos

2009-11-06 12:31 . 2009-11-06 12:31 -------- d-----w- c:\program files\Microsoft

2009-11-06 12:31 . 2009-11-06 12:31 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-11-06 12:30 . 2009-01-07 14:26 -------- d-----w- c:\program files\Windows Live

2009-11-06 12:29 . 2009-11-06 12:29 -------- d-----w- c:\program files\Common Files\Windows Live

2009-11-02 19:42 . 2009-10-09 10:00 195456 ------w- c:\windows\system32\MpSigStub.exe

2003-01-30 09:34 . 2009-01-16 11:04 274432 ----a-w- c:\program files\vncviewer.exe

2009-01-08 05:18 . 2009-01-08 05:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-08 2645528]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Steam"="c:\program files\steam\steam.exe" [2009-10-28 1217808]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"CamSpace"="c:\program files\CamSpace\CamSpaceAgent.exe" [2009-12-07 1404928]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-23 323392]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-19 92704]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"Nyhetsvarsler"="c:\program files\Nyhetsvarsler\Nyhetsvarsler.exe" [2009-06-03 95744]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]

"NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2003-10-03 431272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-7 1216512]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-547223132-1882875343-735591358-1000]

"EnableNotificationsRef"=dword:00000001

 

R0 Copystar;Copystar;c:\windows\System32\drivers\copystar.sys [01.06.2002 16:37 82400]

R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\System32\drivers\GhMon.sys [03.10.2003 09:33 6784]

R0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\System32\drivers\ghpcw2k.sys [03.10.2003 09:33 199328]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21.03.2009 20:16 333192]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21.03.2009 20:16 360584]

R1 nltdi;nltdi;c:\windows\System32\drivers\nltdi.sys [23.04.2007 13:05 81688]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14.11.2009 20:06 285392]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 12:11 16384]

R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [07.01.2009 17:13 1386008]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12.05.2008 21:36 24576]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.07.2008 17:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [26.05.2009 19:38 47640]

R2 NGClient;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [03.10.2003 10:11 431272]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06.11.2007 21:22 34064]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06.04.2008 21:42 50424]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [07.01.2009 14:55 233472]

R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [28.10.2008 22:08 54960]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [24.12.2009 13:35 38224]

R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\System32\drivers\NETw5v32.sys [08.01.2009 06:17 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [08.01.2009 06:16 44064]

S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\System32\drivers\ghpcw2k.sys [03.10.2003 09:33 199328]

S2 gupdate1ca09f9f9300476;Googles oppdateringstjeneste (gupdate1ca09f9f9300476);c:\program files\Google\Update\GoogleUpdate.exe [21.07.2009 12:54 133104]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04.04.2008 02:03 131072]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 03:23 179712]

S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [16.10.2006 08:30 92800]

S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [07.01.2009 14:51 84240]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [03.07.2009 14:11 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [03.07.2009 14:11 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [03.07.2009 14:11 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [03.07.2009 14:11 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [03.07.2009 14:11 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [03.07.2009 14:11 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [03.07.2009 14:11 117544]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - NLTDI

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0109&m=aspire_5930

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: buypass.no

Trusted Zone: headit.no

Trusted Zone: norsk-tipping.no

DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} - hxxp://hybelen.dyndns.org/adm/NetCamMotionDetect.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://kamera/NetCamPlayerWeb11gv2.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxps://sts1.videovakt.no/components/AMC.cab

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-eRecoveryService - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-24 13:51

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8575901C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x827e0322

\Driver\ACPI -> acpi.sys @ 0x80696d4c

\Driver\atapi -> 0x8575901c

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]

"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD00.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2009-12-24 13:53:13

ComboFix-quarantined-files.txt 2009-12-24 12:52

 

Pre-Run: 69 103 919 104 byte ledig

Post-Run: 69 289 562 112 byte ledig

 

- - End Of File - - 9819AEE94B163E645D12FE0A51A192C1

[raWrz]

Bruker du noen torrent programme? (qtorrent, bittorrent osv)

 

Kan hende du seeder til andre folk (slik at andre får mer hastighet)

 

Hvis du gjør det så åpner du programmet - finner div. torrenter som seeder - høyereklikk - stopp

 

Skal se nøyere igjennom loggen imorra..

[rolvs]

Bruker du noen torrent programme? (qtorrent, bittorrent osv)

 

Kan hende du seeder til andre folk (slik at andre får mer hastighet)

 

Hvis du gjør det så åpner du programmet - finner div. torrenter som seeder - høyereklikk - stopp

 

Skal se nøyere igjennom loggen imorra..

 

 

Jepp, bruk er torrent men har så klart passet på at klienten er lukka. Har sett grundig gjennom prosesslisten men klarer ikke å finne noe misstenkelig.