rolvs Skrevet 24. desember 2009 Del Skrevet 24. desember 2009 Hei! Har en Windows Vista maskin som nå har begynt å generere litt trafikk jeg ikke vet helt hva er. Ser på Du Meter at det er noen få kbps inn og ut nesten konstant. Finner ikke ut hvor dette kommer fra. Har kørt Wireshark og der kommer det opp masse UDP trafikk mot masse ukjente ip adresser. Har installert AVG antivirus og søkt gjennom maskinen med den men den finner ikke noe. Har også søkt med Spybot uten å finne noe. Hva kan dette være? Lenke til kommentar
raWrz Skrevet 24. desember 2009 Del Skrevet 24. desember 2009 Hei Ta deg en tur gjennom guiden som er linket øverst i signaturen min og post loggene =) (obs.. siden det er jule tider kan det hende det tar litt lenger tid før du får svar..) Lenke til kommentar
rolvs Skrevet 24. desember 2009 Forfatter Del Skrevet 24. desember 2009 Ser ikke ut til at den fant noe misstenkelig, men her kommer loggene: Mbam: Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3423 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 24.12.2009 13:40:21 mbam-log-2009-12-24 (13-40-21).txt Skanntype: Rask Skann Objekter skannet: 101429 Tid tilbakelagt: 4 minute(s), 5 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix: ComboFix 09-12-23.05 - Rolv Sverre Frøise 24.12.2009 13:43:59.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3066.1793 [GMT 1:00] Kjører fra: D:\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\windows\Suyin.reg c:\windows\system32\zip32.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-24 til 2009-12-24 ))))))))))))))))))))))))))))))))) . 2009-12-24 12:50 . 2009-12-24 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-24 12:35 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-24 12:35 . 2009-12-24 12:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-24 12:35 . 2009-12-24 12:35 -------- d-----w- c:\programdata\Malwarebytes 2009-12-24 12:35 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-24 10:56 . 2009-12-24 10:56 -------- d-----w- c:\program files\Lavasoft 2009-12-24 10:51 . 2009-12-24 10:51 -------- d-----w- c:\programdata\Locktime 2009-12-24 10:51 . 2009-12-24 10:51 -------- d-----w- c:\program files\NetLimiter 2 Lite 2009-12-23 15:23 . 2009-12-24 12:28 -------- d-----w- c:\program files\DNA 2009-12-23 08:41 . 2009-12-12 07:18 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe 2009-12-23 08:41 . 2009-12-12 07:18 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe 2009-12-23 08:41 . 2009-12-19 08:41 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll 2009-12-19 15:31 . 2009-12-19 15:31 -------- d-----w- c:\program files\Buypass 2009-12-19 11:11 . 2009-12-19 11:11 614136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-19 08:41 . 2009-12-12 07:17 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll 2009-12-10 12:58 . 2009-12-10 12:58 -------- d-----w- c:\program files\HamSphere 2009-12-06 16:55 . 2009-12-06 16:55 532 ----a-w- c:\windows\eReg.dat 2009-12-03 21:01 . 2009-12-24 10:03 -------- d-----w- C:\ActiveWorlds 5.0 2009-12-03 16:30 . 2009-12-03 16:31 -------- d-----w- c:\users\Public\Games 2009-12-02 07:51 . 2009-12-12 07:17 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll 2009-12-02 07:50 . 2009-12-02 07:50 844056 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe 2009-12-02 07:50 . 2009-12-02 07:50 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll 2009-12-01 14:19 . 2009-12-01 14:19 -------- d-----w- c:\program files\Maxis 2009-11-30 12:47 . 2009-11-30 12:47 -------- d-----w- c:\program files\QuickTime 2009-11-30 12:47 . 2009-11-30 12:47 -------- d-----w- c:\programdata\Apple Computer 2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe 2009-11-28 18:18 . 2009-11-28 18:18 -------- d-----w- C:\Brother's Keeper 6 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-24 12:35 . 2008-05-13 05:59 78404 ----a-w- c:\windows\system32\perfc014.dat 2009-12-24 12:35 . 2008-05-13 05:59 456686 ----a-w- c:\windows\system32\perfh014.dat 2009-12-24 12:32 . 2009-01-07 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-24 12:30 . 2009-01-08 11:38 -------- d-----w- c:\program files\Steam 2009-12-24 12:28 . 2009-01-07 16:17 29074 ----a-w- c:\programdata\nvModes.dat 2009-12-24 12:28 . 2009-07-07 15:10 -------- d-----w- c:\programdata\VMware 2009-12-24 11:52 . 2009-01-07 13:41 12 ----a-w- c:\windows\bthservsdp.dat 2009-12-24 11:24 . 2009-03-21 18:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-24 11:00 . 2009-03-21 18:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-24 07:59 . 2009-05-26 18:38 -------- d-----w- c:\program files\LogMeIn 2009-12-23 22:09 . 2009-02-07 19:03 -------- d-----w- c:\program files\mIRC 2009-12-22 17:37 . 2009-07-25 18:59 -------- d-----w- c:\program files\DOSBox-0.73 2009-12-22 17:29 . 2009-01-07 13:55 -------- d-----w- c:\program files\Launch Manager 2009-12-22 15:36 . 2009-06-26 11:55 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-12-22 15:36 . 2009-06-26 11:54 214488 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-20 16:16 . 2009-06-26 11:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-20 16:16 . 2009-06-26 11:54 2373712 ----a-w- c:\windows\system32\pbsvc.exe 2009-12-20 00:18 . 2009-01-07 14:13 -------- d-----w- c:\program files\Google 2009-12-19 15:32 . 2008-05-12 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-06 16:52 . 2009-06-26 11:50 -------- d-----w- c:\program files\EA Games 2009-11-30 14:36 . 2009-11-28 18:17 -------- d-----w- c:\program files\Brother's Keeper 6 2009-11-19 17:13 . 2009-02-07 17:58 -------- d-----w- c:\program files\Project64 1.6 2009-11-15 14:15 . 2009-11-15 14:15 77824 ----a-w- c:\windows\system32\CamTraxAPI.dll 2009-11-14 19:06 . 2009-03-21 19:16 -------- d-----w- c:\program files\AVG 2009-11-14 19:06 . 2009-03-21 19:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-14 19:06 . 2009-03-21 19:16 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-14 19:06 . 2009-03-21 19:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-14 19:06 . 2009-03-21 19:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-14 19:06 . 2009-11-14 19:06 -------- d-----w- c:\programdata\avg9 2009-11-06 13:42 . 2009-11-06 13:42 -------- d-----w- c:\program files\Ligos 2009-11-06 12:31 . 2009-11-06 12:31 -------- d-----w- c:\program files\Microsoft 2009-11-06 12:31 . 2009-11-06 12:31 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-06 12:30 . 2009-01-07 14:26 -------- d-----w- c:\program files\Windows Live 2009-11-06 12:29 . 2009-11-06 12:29 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-02 19:42 . 2009-10-09 10:00 195456 ------w- c:\windows\system32\MpSigStub.exe 2003-01-30 09:34 . 2009-01-16 11:04 274432 ----a-w- c:\program files\vncviewer.exe 2009-01-08 05:18 . 2009-01-08 05:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-08 2645528] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Steam"="c:\program files\steam\steam.exe" [2009-10-28 1217808] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "CamSpace"="c:\program files\CamSpace\CamSpaceAgent.exe" [2009-12-07 1404928] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-23 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-19 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "Nyhetsvarsler"="c:\program files\Nyhetsvarsler\Nyhetsvarsler.exe" [2009-06-03 95744] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2003-10-03 431272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-7 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-547223132-1882875343-735591358-1000] "EnableNotificationsRef"=dword:00000001 R0 Copystar;Copystar;c:\windows\System32\drivers\copystar.sys [01.06.2002 16:37 82400] R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\System32\drivers\GhMon.sys [03.10.2003 09:33 6784] R0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\System32\drivers\ghpcw2k.sys [03.10.2003 09:33 199328] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21.03.2009 20:16 333192] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21.03.2009 20:16 360584] R1 nltdi;nltdi;c:\windows\System32\drivers\nltdi.sys [23.04.2007 13:05 81688] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14.11.2009 20:06 285392] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 12:11 16384] R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [07.01.2009 17:13 1386008] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12.05.2008 21:36 24576] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.07.2008 17:46 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [26.05.2009 19:38 47640] R2 NGClient;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [03.10.2003 10:11 431272] R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06.11.2007 21:22 34064] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06.04.2008 21:42 50424] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [07.01.2009 14:55 233472] R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [28.10.2008 22:08 54960] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [24.12.2009 13:35 38224] R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\System32\drivers\NETw5v32.sys [08.01.2009 06:17 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [08.01.2009 06:16 44064] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\System32\drivers\ghpcw2k.sys [03.10.2003 09:33 199328] S2 gupdate1ca09f9f9300476;Googles oppdateringstjeneste (gupdate1ca09f9f9300476);c:\program files\Google\Update\GoogleUpdate.exe [21.07.2009 12:54 133104] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04.04.2008 02:03 131072] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 03:23 179712] S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [16.10.2006 08:30 92800] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [07.01.2009 14:51 84240] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [03.07.2009 14:11 90408] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [03.07.2009 14:11 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [03.07.2009 14:11 122024] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [03.07.2009 14:11 115368] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [03.07.2009 14:11 25768] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [03.07.2009 14:11 111784] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [03.07.2009 14:11 117544] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - NLTDI [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0109&m=aspire_5930 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} - hxxp://hybelen.dyndns.org/adm/NetCamMotionDetect.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://kamera/NetCamPlayerWeb11gv2.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxps://sts1.videovakt.no/components/AMC.cab . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-eRecoveryService - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-24 13:51 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8575901C]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x827e0322 \Driver\ACPI -> acpi.sys @ 0x80696d4c \Driver\atapi -> 0x8575901c IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD00.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2009-12-24 13:53:13 ComboFix-quarantined-files.txt 2009-12-24 12:52 Pre-Run: 69 103 919 104 byte ledig Post-Run: 69 289 562 112 byte ledig - - End Of File - - 9819AEE94B163E645D12FE0A51A192C1 Lenke til kommentar
raWrz Skrevet 24. desember 2009 Del Skrevet 24. desember 2009 Bruker du noen torrent programme? (qtorrent, bittorrent osv) Kan hende du seeder til andre folk (slik at andre får mer hastighet) Hvis du gjør det så åpner du programmet - finner div. torrenter som seeder - høyereklikk - stopp Skal se nøyere igjennom loggen imorra.. Lenke til kommentar
rolvs Skrevet 24. desember 2009 Forfatter Del Skrevet 24. desember 2009 Bruker du noen torrent programme? (qtorrent, bittorrent osv) Kan hende du seeder til andre folk (slik at andre får mer hastighet) Hvis du gjør det så åpner du programmet - finner div. torrenter som seeder - høyereklikk - stopp Skal se nøyere igjennom loggen imorra.. Jepp, bruk er torrent men har så klart passet på at klienten er lukka. Har sett grundig gjennom prosesslisten men klarer ikke å finne noe misstenkelig. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå