Pagina 1 van 1
verdacht netwerkverkeer
Geplaatst: 15 dec 2012, 10:39
door achaos
Sinds een 10-tal dagen is mijn telemeter tilt geslagen. Mijn telemeter duid een verbruik aan van 10 gb per dag, zonder dat ik iets download.
Nu heb ik dumeter geïnstalleerd en zie ik dat er contant een verbruik is van 60 kbps. Ik zou niet weten weten welk programma dat kan zijn .Ik denk eerder aan een worm of virus , maar alle Trojaan en virusscans ten spijt niks gevonden.
Als ik onder een ander account dan administrator ingelogd ben is er geen verbruik.
Denken jullie aan een oplossing? Laatste middel is alles herinstalleren.
mvg
Re: verdacht netwerkverkeer
Geplaatst: 15 dec 2012, 11:38
door mailracer
Ga naar broncontrole en zie in de tab van netwerk welk proces of content dit verkeer genereerd.
Re: verdacht netwerkverkeer
Geplaatst: 15 dec 2012, 12:06
door ubremoved_539
mailracer schreef:Ga naar broncontrole
Voor mensen met een Engelse Windows... dit is de resource monitor. Je kan deze eenvoudig openen vanaf je Taskmanager (tweede tab, links onderaan).
Een andere methode om gelijkaardige info te bekomen is via "netstat -b"
Re: verdacht netwerkverkeer
Geplaatst: 15 dec 2012, 12:22
door achaos
netstat -b geeft:
Code: Selecteer alles
Microsoft Windows [versie 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.
C:\Users\bb>netstat -b
Actieve verbindingen
Proto Lokaal adres Extern adres Status
TCP 127.0.0.1:2002 fitnesspc:52572 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:5354 fitnesspc:49156 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:5354 fitnesspc:52589 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:5354 fitnesspc:52590 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:5354 fitnesspc:52619 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:12080 fitnesspc:52614 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52729 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52736 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52737 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52738 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52739 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52740 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52744 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52745 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52749 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52762 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52767 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52768 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 fitnesspc:52783 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:19872 fitnesspc:52607 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:27015 fitnesspc:52593 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:49156 fitnesspc:5354 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:52572 fitnesspc:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:52589 fitnesspc:5354 ESTABLISHED
[APAgent.exe]
TCP 127.0.0.1:52590 fitnesspc:5354 ESTABLISHED
[APAgent.exe]
TCP 127.0.0.1:52593 fitnesspc:27015 ESTABLISHED
[iTunesHelper.exe]
TCP 127.0.0.1:52607 fitnesspc:19872 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:52614 fitnesspc:12080 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:52619 fitnesspc:5354 ESTABLISHED
[AirVideoServer.exe]
TCP 127.0.0.1:52725 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52726 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52727 fitnesspc:52728 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52728 fitnesspc:52727 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52729 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52730 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52736 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52737 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52738 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52739 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52740 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52744 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52745 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52749 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52762 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52767 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52768 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52772 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52773 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52774 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52775 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52776 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52777 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52778 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52779 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52782 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52783 fitnesspc:12080 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:52791 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52794 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52797 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52804 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52805 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52806 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52807 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52808 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52809 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52810 fitnesspc:21322 TIME_WAIT
TCP 127.0.0.1:52811 fitnesspc:21322 TIME_WAIT
TCP 192.168.178.155:49176 212.118.234.183:https ESTABLISHED
[LogMeIn.exe]
TCP 192.168.178.155:49254 r-056-044-234-077:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52564 david1:netbios-ssn ESTABLISHED
Kan gegevens van eigenaar niet verkrijgen
TCP 192.168.178.155:52605 wb-in-f125:5222 ESTABLISHED
[googletalk.exe]
TCP 192.168.178.155:52609 v-client-5b:https CLOSE_WAIT
[Dropbox.exe]
TCP 192.168.178.155:52615 sjc-not15:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52616 v-client-5b:https CLOSE_WAIT
[Dropbox.exe]
TCP 192.168.178.155:52683 ec2-50-16-221-156:https ESTABLISHED
[Dropbox.exe]
TCP 192.168.178.155:52731 wi-in-f138:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52741 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52742 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52743 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52746 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52747 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52748 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52750 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52752 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52764 we-in-f132:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52769 we-in-f113:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52770 par08s10-in-f15:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52771 we-in-f101:https ESTABLISHED
[firefox.exe]
TCP 192.168.178.155:52781 79:http TIME_WAIT
TCP 192.168.178.155:52784 we-in-f113:http ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.155:52785 we-in-f95:https ESTABLISHED
[firefox.exe]
TCP 192.168.178.155:52799 registerlafonera:5000 TIME_WAIT
TCP 192.168.178.155:52802 registerlafonera:5000 TIME_WAIT
TCP 192.168.178.155:52803 inmethod:1112 TIME_WAIT
Re: verdacht netwerkverkeer
Geplaatst: 15 dec 2012, 14:59
door ubremoved_539
Op zich staan er precies geen verdachte dingen in... al is je Firefox (op zich normaal natuurlijk als je websites bezoekt) en AvastSvc precies wel actief. Ook je Dropbox en LogMeIn (ben je zeker dat er niemand remote access op je PC gebruikt) toch eens nakijken.
Maar kijk ook nog eens in je resource monitor (daar die je per process ook hoeveel data het verbruikt... zo is het misschien eenvoudiger de schuldige eruit te halen).
Re: verdacht netwerkverkeer
Geplaatst: 15 dec 2012, 15:23
door achaos
Gevonden! Ik heb gebruik dropbox als backup en daar heb ik per ongeluk veel te grote files aangeduid.
Bedankt voor het meedenken.
Mvg
[
Post made via mobile device ]