Podezřelý soubor HOSTS

Zpráva

25kubis · #1 Příspěvek od **25kubis** » 25 led 2010 15:01

Ahoj, zjistil jsem, že v souboru HOSTS mám nějaké podezřelé ip adresy. Mám to na disku E, který nepoužívám, ale jelikož mám hodně zabržděný internet, tak jestli to nebude tím. Něco podobného jsem měl někdy vloni na disku C, a podařilo se mi to s Vaší pomocí najít a vymazat.Díky za radu..

Zde HOSTS:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Toto je uk zka souboru HOSTS pou§ˇvan‚ho slu§bou Microsoft TCP/IP for Windows.
#
# Soubor obsahuje mapov nˇ adres IP na n zvy hostitel…. Ka§d polo§ka
# by mŘla bět na jednom ý dku. Adresa IP by mŘla bět umˇstŘna
# v prvnˇm sloupci a mŘla by bět n sledov na odpovˇdajˇcˇm n zvem hostitele.
# Adresa IP a n zev hostitele by mŘly bět oddŘleny nejm‚nŘ jednou
# mezerou.
#
# Koment ýe (jako napýˇklad tento) lze vkl dat na jednotliv‚ ý dky
# nebo za n zev hostitele, koment ý je urźen znakem '#'.
#
# Pýˇklad:
#
# 102.54.94.97 rhino.acme.com # zdrojově server
# 38.25.63.10 x.acme.com # hostitel klient… x

127.0.0.1 localhost

Log z Rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kuba at 2010-01-25 14:42:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (24%) free of 30 GB
Total RAM: 446 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:41, on 25.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Kuba\Plocha\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF585BA8-AE39-466E-B9E1-C5FF09D01B4D}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 4313 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-13 1484056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-01-11 417792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-13 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ahead\ODD Toolkit\ODDUpdate.exe"="C:\Program Files\Ahead\ODD Toolkit\ODDUpdate.exe:*:Disabled:AsusUpdate"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-25 14:42:19 ----D---- C:\rsit
2010-01-22 14:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-15 19:43:18 ----D---- C:\WINDOWS\pss
2010-01-13 14:53:40 ----HD---- C:\$AVG
2010-01-13 14:53:25 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-13 14:52:39 ----D---- C:\Program Files\AVG
2010-01-13 14:52:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-01-13 11:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 11:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 15:36:16 ----D---- C:\Program Files\QuickTime
2010-01-09 10:34:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-01-07 19:50:59 ----D---- C:\Program Files\Sunbelt Software
2010-01-07 16:26:47 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2010-01-25 14:42:27 ----D---- C:\WINDOWS\Prefetch
2010-01-25 14:31:11 ----D---- C:\WINDOWS\temp
2010-01-25 14:31:03 ----D---- C:\WINDOWS
2010-01-25 14:27:39 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Skype
2010-01-25 14:23:35 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-25 09:14:50 ----RD---- C:\Program Files
2010-01-25 09:14:50 ----D---- C:\WINDOWS\system32
2010-01-25 09:14:50 ----D---- C:\Program Files\Common Files\Real
2010-01-25 09:14:49 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Real
2010-01-25 09:14:36 ----D---- C:\Program Files\Common Files
2010-01-22 14:12:53 ----HD---- C:\WINDOWS\inf
2010-01-22 14:12:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 09:24:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-20 17:16:33 ----D---- C:\Documents and Settings\Kuba\Data aplikací\OpenOffice.org2
2010-01-19 13:15:51 ----SHD---- C:\WINDOWS\Installer
2010-01-19 13:15:51 ----SD---- C:\Documents and Settings\Kuba\Data aplikací\Microsoft
2010-01-18 18:04:27 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-01-18 17:55:04 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-18 17:11:22 ----D---- C:\WINDOWS\system32\drivers
2010-01-18 08:33:45 ----D---- C:\KD
2010-01-18 08:31:16 ----AC---- C:\WINDOWS\win.ini
2010-01-15 20:01:26 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-15 19:26:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-14 09:07:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-13 14:52:31 ----D---- C:\WINDOWS\WinSxS
2010-01-13 14:52:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-13 11:53:45 ----D---- C:\WINDOWS\Debug
2010-01-13 11:33:50 ----D---- C:\WINDOWS\AppPatch
2010-01-12 10:59:47 ----D---- C:\Scenes
2010-01-11 16:38:28 ----D---- C:\WINDOWS\Help
2010-01-11 15:36:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-08 15:42:18 ----AC---- C:\WINDOWS\wincmd.ini
2010-01-05 01:17:46 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-12-28 13:58:33 ----D---- C:\WINDOWS\system32\Restore
2009-12-28 13:49:03 ----D---- C:\Program Files\VS Revo Group

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-13 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-13 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-13 360584]
R1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
S3 eusk3usb;SmartKey 3 USB; C:\WINDOWS\System32\Drivers\eusk3usb.sys [2004-11-18 45534]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\DOCUME~1\Kuba\LOCALS~1\Temp\mbr.sys []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-20 27064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-13 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-13 285392]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-24 53248]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

25kubis · #2 Příspěvek od **25kubis** » 25 led 2010 15:37

Zde malý Gmer:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-25 15:34:58
Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.14 ----

25kubis · #3 Příspěvek od **25kubis** » 25 led 2010 16:00

pro jistotu velký scan:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-25 15:52:13
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xF4FA6160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF4FA5868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xF4FA2320]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF4FA4E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF4FA4D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF4FA53FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF4FA6210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xF4FA2786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xF4FA2846]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF781E01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF781E168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF4FA5B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xF4FA25CA]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF4FA54EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF4FA5E8C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xF4FA29BC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF4FA5DE0]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[136] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[136] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[136] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[272] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[272] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[272] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[272] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[272] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[272] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[272] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[272] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[272] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[320] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[320] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[320] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[492] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[572] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Skype\Phone\Skype.exe[584] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Skype\Phone\Skype.exe[584] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Skype\Phone\Skype.exe[584] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Skype\Phone\Skype.exe[584] wininet.dll!InternetOpenW 771AAF49 5 Bytes JMP 00140DB0
.text C:\Program Files\Skype\Phone\Skype.exe[584] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Skype\Phone\Skype.exe[584] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Skype\Phone\Skype.exe[584] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Skype\Phone\Skype.exe[584] wininet.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Skype\Phone\Skype.exe[584] wininet.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\Skype\Phone\Skype.exe[584] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Skype\Phone\Skype.exe[584] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Skype\Phone\Skype.exe[584] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\AVG\AVG9\avgemc.exe[680] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[712] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[712] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[712] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[712] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC

25kubis · #4 Příspěvek od **25kubis** » 25 led 2010 16:02

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\WINDOWS\gmer.exe[928] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\WINDOWS\gmer.exe[928] USER32.DLL!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\WINDOWS\gmer.exe[928] USER32.DLL!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[944] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[960] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[960] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[960] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[984] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[984] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[984] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1040] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1040] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1040] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1388] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1388] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1388] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1452] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1452] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838

25kubis · #5 Příspěvek od **25kubis** » 25 led 2010 16:03

.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1476] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1536] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1536] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1536] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1556] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1772] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3652] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[3652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[3652] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3652] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3652] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\internet explorer\iexplore.exe[3884] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\internet explorer\iexplore.exe[3884] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\internet explorer\iexplore.exe[3884] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\internet explorer\iexplore.exe[3884] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 7E2A524C C:\WINDOWS\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3884] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00140DB0
.text C:\Program Files\internet explorer\iexplore.exe[3884] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\internet explorer\iexplore.exe[3884] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\internet explorer\iexplore.exe[3884] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\internet explorer\iexplore.exe[3884] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\internet explorer\iexplore.exe[3884] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\internet explorer\iexplore.exe[3884] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\internet explorer\iexplore.exe[3884] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\internet explorer\iexplore.exe[3884] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.14 ----

25kubis · #6 Příspěvek od **25kubis** » 25 led 2010 16:35

ping -l 1024 seznam.cz -t
Píše: Vypršel časový limit žádosti, zkusím to ještě v tom nouzáku...

25kubis · #7 Příspěvek od **25kubis** » 25 led 2010 16:46

V tom nouzáku to vypadá asi takto, tak nevím...:

Pýˇkaz PING na seznam.cz [77.75.76.3] s d‚lkou 1024 bajt…:

OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=25ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=45ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=28ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=15ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=34ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=45ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=55ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=52ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=34ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=23ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=24ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=16ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
Vyprçel źasově limit § dosti.
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=16ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=18ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=24ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=28ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=18ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=14ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=28ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=16ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=24ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=25ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=30ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=42ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=24ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=30ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=23ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=17ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=18ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=16ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=23ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=28ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=24ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=20ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249

25kubis · #8 Příspěvek od **25kubis** » 25 led 2010 16:54

A v normálním režimu:

Pýˇkaz PING na seznam.cz [77.75.76.3] s d‚lkou 1024 bajt…:

Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.

25kubis · #9 Příspěvek od **25kubis** » 25 led 2010 18:35

Tak je to ono, když jsou fw a avg vypnuty, tak:

Pýˇkaz PING na seznam.cz [77.75.76.3] s d‚lkou 1024 bajt…:

OdpovŘÔ od 77.75.76.3: bajty=1024 źas=36ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=33ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=166ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=226ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=208ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
Vyprçel źasově limit § dosti.
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=30ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=77ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=29ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=37ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=25ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=47ms TTL=249

A když zapnuto, tak:

Pýˇkaz PING na seznam.cz [77.75.76.3] s d‚lkou 1024 bajt…:

Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.

Toš co by tam mohlo být za problém?

25kubis · #10 Příspěvek od **25kubis** » 25 led 2010 18:40

Při vypnutém keriu:

Pýˇkaz PING na seznam.cz [77.75.76.3] s d‚lkou 1024 bajt…:

OdpovŘÔ od 77.75.76.3: bajty=1024 źas=18ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=62ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=37ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=25ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=29ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=49ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=129ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=34ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=29ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=19ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=30ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=29ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=50ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=32ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=21ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=37ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=31ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=137ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=31ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=36ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=26ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=25ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=24ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=45ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=37ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=22ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=18ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=52ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=25ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=42ms TTL=249
OdpovŘÔ od 77.75.76.3: bajty=1024 źas=27ms TTL=249

25kubis · #11 Příspěvek od **25kubis** » 25 led 2010 18:42

..a při vypnutém rezidentním štítu AVG:

Pýˇkaz PING na seznam.cz [77.75.72.3] s d‚lkou 1024 bajt…:

Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.
Vyprçel źasově limit § dosti.

25kubis · #12 Příspěvek od **25kubis** » 25 led 2010 19:00

tak to bych zkusil, ale nevím na co bych se měl zaměřit, mám fw od nedávna a moc tomu nerozumím, předtím jse měl ten windowsácký.....

25kubis · #13 Příspěvek od **25kubis** » 25 led 2010 19:39

tak jo, budu zkoušet, tak prozatím díky, a kdyby se to nějak sekalo, tak bych dal vědět co a jak.

VIRY.CZ

Podezřelý soubor HOSTS

Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS

Re: Podezřelý soubor HOSTS