proces przy starcie
Przy logowaniu się do systemu zapora informuje mnie o następującym procesie
File Version : 5.1.2600.2180
File Description : Uruchamia plik DLL jako aplikację (rundll32.exe)
File Path : C:\WINDOWS\system32\rundll32.exe
Process ID : 0xB04 (Heximal) 2820 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : ********
Local Port : 3002
Remote Name : pagead2.googlesyndication.com
Remote Address : **********
Remote Port : 80 (HTTP – World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00–90–27–32–af–80
Source: 00–a1–b0–a1–64–b0
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x6 (TCP – Transmission Control Protocol)
Header checksum: 0x1beb (Correct)
Source: 10.0.1.12
Destination: *********
Transmission Control Protocol (TCP)
Source port: 3002
Destination port: 80
Sequence number: 2421226225
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN–Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x6640 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 90 27 32 AF 80 00 A1 : B0 A1 64 B0 08 00 45 00 | ..'2......d...E.
0010: 00 30 64 3F 40 00 80 06 : EB 1B 0A 00 01 0C 42 F9 | .0d?@.........B.
0020: 5D 68 0B BA 00 50 90 50 : FA F1 00 00 00 00 70 02 | ]h...P.P......p.
0030: FF FF 40 66 00 00 02 04 : 05 B4 01 01 04 02 CD 09 | ..@f............
0040: 00 09 A5 CE 10 69 F8 4F : A4 D9 36 3A | .....i.O..6:
czy coś się zadomowiło na komputerze?
File Version : 5.1.2600.2180
File Description : Uruchamia plik DLL jako aplikację (rundll32.exe)
File Path : C:\WINDOWS\system32\rundll32.exe
Process ID : 0xB04 (Heximal) 2820 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : ********
Local Port : 3002
Remote Name : pagead2.googlesyndication.com
Remote Address : **********
Remote Port : 80 (HTTP – World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00–90–27–32–af–80
Source: 00–a1–b0–a1–64–b0
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x6 (TCP – Transmission Control Protocol)
Header checksum: 0x1beb (Correct)
Source: 10.0.1.12
Destination: *********
Transmission Control Protocol (TCP)
Source port: 3002
Destination port: 80
Sequence number: 2421226225
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN–Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x6640 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 90 27 32 AF 80 00 A1 : B0 A1 64 B0 08 00 45 00 | ..'2......d...E.
0010: 00 30 64 3F 40 00 80 06 : EB 1B 0A 00 01 0C 42 F9 | .0d?@.........B.
0020: 5D 68 0B BA 00 50 90 50 : FA F1 00 00 00 00 70 02 | ]h...P.P......p.
0030: FF FF 40 66 00 00 02 04 : 05 B4 01 01 04 02 CD 09 | ..@f............
0040: 00 09 A5 CE 10 69 F8 4F : A4 D9 36 3A | .....i.O..6:
czy coś się zadomowiło na komputerze?
Odpowiedzi: 1
Nie wydaje mi się, ale poczytaj to:
http://forum.centrumxp.pl/viewtopic.php?t=37513
i zamieść log'a na forum dla pewności
http://forum.centrumxp.pl/viewtopic.php?t=37513
i zamieść log'a na forum dla pewności
Strona 1 / 1