|
 | 作者: forumz [forumz]
 论坛用户 |
登录 |
| 我用的win98se系统,使用norton av 7.6 企业版和zonealarm 防火墙,在未拨号上ADSL的时候用 netstat -a 命令检查端口打开情况如下: C:\WINDOWS\Desktop>netstat -a Active Connections Proto Local Address Foreign Address State TCP home:0 HOME:0 LISTENING TCP home:2950 HOME:0 LISTENING TCP home:137 HOME:0 LISTENING TCP home:138 HOME:0 LISTENING TCP home:nbsession HOME:0 LISTENING UDP home:2950 *:* UDP home:nbname *:* UDP home:nbdatagram *:* 但当ADSL拨号后立即用netstat -a 检查会有以下情况: C:\WINDOWS\Desktop>netstat -a Active Connections Proto Local Address Foreign Address State TCP home:0 domianss2.com:0 LISTENING TCP home:137 domianss2.com:0 LISTENING TCP home:138 domianss2.com:0 LISTENING TCP home:nbsession domianss2.com:0 LISTENING TCP home:137 domianss2.com:0 LISTENING TCP home:138 domianss2.com:0 LISTENING TCP home:nbsession domianss2.com:0 LISTENING UDP home:nbname *:* UDP home:nbdatagram *:* UDP home:nbname *:* UDP home:nbdatagram *:* 当随便开了几个网站浏览后再使用netstat -a : C:\WINDOWS\Desktop>netstat -a Active Connections Proto Local Address Foreign Address State TCP home:0 domianss2.com:0 LISTENING TCP home:1828 domianss2.com:0 LISTENING TCP home:1581 domianss2.com:0 LISTENING TCP home:1584 domianss2.com:0 LISTENING TCP home:1587 domianss2.com:0 LISTENING TCP home:1588 domianss2.com:0 LISTENING TCP home:1590 domianss2.com:0 LISTENING TCP home:1591 domianss2.com:0 LISTENING TCP home:1594 domianss2.com:0 LISTENING TCP home:1597 domianss2.com:0 LISTENING TCP home:1598 domianss2.com:0 LISTENING TCP home:1352 domianss2.com:0 LISTENING TCP home:1354 domianss2.com:0 LISTENING TCP home:1357 domianss2.com:0 LISTENING ............ 那些tcp 的端口数是一直开到2000多的,似乎是跟当然打开多少个页面有关,具体不是很清楚,我在各大搜索引擎也查不到关于 domianss2.com 的任何资料,而且也检查了当前没有运行什么可疑的进程,使用msconfig将所有开机运行的程序停了还是会见到这个domianss2.com在监听端口,使用过spant,trend micro的免费清楚恶意程序的工具,还有一些流行病毒专杀工具和norton 7.6企业版查过都未见有病毒迹象,也使用过ad-aware清理掉一批spyware的文件和注册表项目,但就是除不掉这个domianss2.com,请教高手有什么什么解决方法?(在偶公司的win2000上也有同样的问题出现,不过公司的WIN2000是局域网内的机,通过代理上网,没安装ZONEALARM) 附上hijack this 1.9.7的log,麻烦请帮忙分析分析,谢谢了 HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 21:18:04, on 04-4-3 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE D:\APPLICATIONS\DISKEEPER\DKSERVICE.EXE D:\APPLICATIONS\NORTON ANTIVIRUS\RTVSCN95.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE D:\APPLICATIONS\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\STIMON.EXE D:\APPLICATIONS\NORTON ANTIVIRUS\VPTRAY.EXE C:\WINDOWS\SYSTEM\USBMONIT.EXE C:\WINDOWS\LOADQM.EXE D:\PROGRAM FILES\ZONEALARM\ZAPRO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE D:\PROGRAM FILES\NOTEXPAD\NOTEXPAD.EXE E:\GREENSOFT\HIJACLTHIS V1.97.7.HH\HIJACKTHIS.EXE C:\WINDOWS\SYSTEM\WINOA386.MOD C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\APPLICATIONS\NET TRANSPORT\NTIEHELPER.DLL (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - D:\APPLICATIONS\NETSNIPPETS\NETSNIP.DLL O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [EM_EXEC] D:\APPLIC~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [vptray] D:\Applications\Norton AntiVirus\vptray.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [DkService] D:\Applications\Diskeeper\DkService.exe O4 - HKLM\..\RunServices: [rtvscn95] D:\Applications\Norton AntiVirus\rtvscn95.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service O4 - Startup: Windows 资源管理器.lnk O4 - Startup: MS-DOS 方式.pif O4 - Startup: Internet Explorer.lnk O4 - Startup: Executive Software Diskeeper.lnk O4 - Startup: EDGE Diagrammer.lnk O4 - Startup: Windows Media Player.lnk O4 - Startup: MSN Messenger 6.1.lnk O4 - Startup: Outlook Express.lnk O8 - Extra context menu item: 使用网际快车下载 - F:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\PROGRAM FILES\FLASHGET\jc_all.htm O8 - Extra context menu item: Add To Net Snippets - D:\APPLIC~1\NETSNI~1\Res\Clipper.htm O8 - Extra context menu item: Download by Net Transport - D:\APPLIC~1\NETTRA~1\NTAddLink.html O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\APPLIC~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O9 - Extra button: Snippets (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Researcher (HKLM) O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir702d140.cab O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://202.96.140.15:1995/talk.cab O16 - DPF: {19AD95AB-B73F-11D3-9AD8-00A0B9002EBE} (PBActiveX Control) - http://www4.cmbchina.com/download/PB30.cab O16 - DPF: {3591A50E-18FD-42BC-8D10-6C93BDAF2DA0} (Data Dynamics #Grid 2.0 (OLEDB)) - http://www.datadynamics.com/sharpgrid/showcase/SG20o.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {DE008CB0-F9CF-4364-8620-38CEA8B4491F} (RWXls Control) - http://61.135.139.207/down/china/rwxls.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37870.104537037 O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://www4.cmbchina.com/download/pb40.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} - http://reg.ssreader.com/ssreaderplug.ocx |
| 地主 发表时间: 04-04-04 14:54 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 电脑门诊
标题: 请问如何处理domianss2.com老是在监听端口的问题?