最近这几天,我的电脑总是存在下面的连接:

system 8    本机端口:随机  外部地址:211.196.154.*(整个地址段) 协议:tcp 端口:80

这个地址段我在瑞星网站查过了,是韩国人的.

这个连接不会时时在出现,而是隔一段时间出现.


这是HijackThis扫描：

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      00:05:28 上午, 日期 2005-11-28
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\SCardSvr.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Antiy Labs\Alive\AliveCenter.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINNT\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\Program Files\System Safety Monitor\SSMService.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\System Safety Monitor\sysSafe.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINNT\system32\internat.exe
D:\Program Files\广电嘉和\济南广电嘉和认证客户端\广电认证.exe
E:\GONG\greenbrowserGB\GreenBrowser.exe
G:\十款反病毒必备小工具\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINNT\system32\xunleibho_v5.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [monitor] Monitor.exe
O4 - 启动项HKLM\\Run: [ccenter] D:\Program Files\rising\Rav\CCenter.exe
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - 启动项HKLM\\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - 启动项HKLM\\Run: [KillTrojanMaster] D:\Program Files\木马专杀大师\木马专杀大师.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://corporbank.icbc.com.cn/icbc/certInStall.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B7F63FD-BDD9-44DC-AFF3-8E4263B6644B} (SwxCrypt Control) - https://b2b.ccb.cn/SwxCrypt.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} (InfoSecNetSign Class) - https://corporbank.icbc.com.cn/icbc/NetSign.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124334702000
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab
O16 - DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} (AxUSBKey Class) - https://corporbank.icbc.com.cn/icbc/AxUSBKey.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F1FDD7D2-0192-4F66-A015-4FC6235E8B74} (JITSecurityTool Control) - http://61.133.74.253:8080/jsp/public/jsp/JITSecurityTool.cab
O16 - DPF: {F553452A-E0A8-489F-9E82-4A6360136F8A} (QfGoLivingBroadcastCtrl Control) - http://www.qf.com.cn/qipu/QfGoLivingBroadcastCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{919798FE-98AF-4C2C-B790-9AA595690C11}: NameServer = 210.77.192.88
O20 - Winlogon Notify: igfxcui - D:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: System Safety Monitor - D:\WINNT\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Antiy live update (Alive Auto-Update Service) - Unknown owner - D:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Unknown owner - (no file)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - NT 服务: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Norton Unerase Protection (NProtectService) - Unknown owner - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - NT 服务: Pml Driver HPZ12 - HP - D:\WINNT\system32\HPZipm12.exe
O23 - NT 服务: Port Reporter (PortReporter) - Unknown owner - D:\Program Files\PortReporter\portreporter.exe (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: System Safety Monitor (SSM) - System Safety - D:\Program Files\System Safety Monitor\SSMService.exe
O23 - NT 服务: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINNT\system32\ZONELABS\vsmon.exe

???

怎么没人理我?

郁闷呐

O23 - NT 服务: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\FileZilla Server\FileZilla Server.exe应该是鸽子~~