我这个是被攻击了吗

显示全部楼层 · 发表于 2011-6-28 11:32:47

这俩天总是死机，不知道什么回事，装了风云墙后提示这个。

显示全部楼层 · 发表于 2011-6-28 11:39:53

水印额。。。。。

显示全部楼层 · 发表于 2011-6-28 11:43:48

本帖最后由 lniwn 于 2011-6-28 11:45 编辑

同2楼，关键信息看不到……

不过你死机和这个应该是没关系的，除非是防火墙资源占用过高导致死机……

显示全部楼层 · 发表于 2011-6-28 11:44:57

你用局域网？小区宽带吗？看样子是风云拦截了局域网内另一台电脑的IP访问请求。规则被水印挡住，看不到。不过应该不是被攻击。对于局域网而言，如果用DDOS，那么它自己的带宽也会被耗尽。如果用UDP洪水，也应该有类似结果。话说最常用的入侵是端口扫描和ping啊，而且看图也不像ARP，可以提供详细日志吗？另外死机通常与网络攻击无关~（除非你设置不对或已经肉鸡了）你可以断开网络看看，会不会是最近装了什么软件或驱动引起冲突造成无响应？方便的话请提供Sreng日志。

显示全部楼层 · 发表于 2011-6-28 11:54:10

话说我刚重装过，日志一份

显示全部楼层 · 发表于 2011-6-28 11:54:59

2011-06-28,11:54:35
System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher]
<FY_FireWall><D:\FengYun\FYFireWall.exe> [www.218.cc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Tencent Software Update Service / TSUSVC][Stopped/Auto Start]
<"d:\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe" -run><Tencent>
==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[FengYunTdiDrv / FengYunTdiDrv][Running/System Start]
<\??\d:\FengYun\FYTdiDrv.sys><www.218.cc>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
<system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET][Running/Manual Start]
<system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
<system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SogouNetopt / SogouNetopt][Running/Auto Start]
<\??\d:\SogouExplorer\sogounetopt.sys><Sogou.com>
==================================
浏览器加载项
[联想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, (Signed) Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, (Signed) Macromedia, Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} <, >
==================================
正在运行的进程
[PID: 404 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 688 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4110]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4110]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 924 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1004 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1100 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1144 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1184 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1468 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
[PID: 536 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4110]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[PID: 564 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 6.0.0.5909]
[d:\SogouInput\6.0.0.5909\Resource.dll] [Sogou.com Inc., 6.0.0.5909]
[d:\7-Zip\7-zip.dll] [Igor Pavlov, 9.20]
[PID: 660 / Administrator][D:\FengYun\FYFireWall.exe] [www.218.cc, 1.3.0.900]
[D:\FengYun\ArpInfo.dll] [www.218.cc, 1.3.0.2]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[C:\WINDOWS\system32\msjetoledb40.dll] [, ]
[PID: 668 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[PID: 1800 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1676 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 1924 / Administrator][C:\WINDOWS\system32\wscntfy.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[PID: 2956 / Administrator][d:\SogouInput\6.0.0.5909\SogouCloud.exe] [Sogou.com Inc., 6.0.0.5909]
[PID: 3468 / Administrator][D:\SogouExplorer\sogouexplorer.exe] [Sogou.com, 2.2.0.2070]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Bin\bseapi.dll] [Keniu Network Technology., 1.1.0.1130]
[C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Bin\bseupd.dll] [Keniu Network Technology., 1.1.0.1130]
[C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Bin\bsecore.dll] [Keniu Network Technology., 1.1.0.1130]
[d:\SogouExplorer\sogouipfilter.dll] [Sogou.com, 2.2.0.2070]
[D:\SogouExplorer\framework.dll] [Sogou.com, 1, 0, 0, 41]
[D:\SogouExplorer\video_acc.dll] [Sogou.com, 1, 1, 0, 28]
[D:\SogouExplorer\sogounet.dll] [Sogou.com, 1.1.0.31]
[D:\SogouExplorer\SoDaLib.dll] [Sogou.com, 1, 4, 2, 3]
[D:\SogouExplorer\MetaSearch.dll] [Sogou.com, 2.2.0.2070]
[D:\SogouExplorer\Dialog.dll] [Sogou.com, 2.2.0.2070]
[PID: 624 / Administrator][D:\SogouExplorer\sogouexplorer.exe] [Sogou.com, 2.2.0.2070]
[D:\SogouExplorer\WebkitCore.dll] [Sogou.com, 2, 2, 0, 263]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[d:\SogouExplorer\sogouipfilter.dll] [Sogou.com, 2.2.0.2070]
[PID: 2340 / Administrator][D:\SogouExplorer\sogouexplorer.exe] [Sogou.com, 2.2.0.2070]
[D:\SogouExplorer\WebkitCore.dll] [Sogou.com, 2, 2, 0, 263]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
[D:\SogouExplorer\avcodec-52.dll] [N/A, ]
[D:\SogouExplorer\avutil-50.dll] [N/A, ]
[D:\SogouExplorer\avformat-52.dll] [N/A, ]
[D:\SogouExplorer\DialogCore.dll] [Sogou.com, 2.2.0.2070]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 6.0.0.5909]
[d:\SogouInput\6.0.0.5909\Resource.dll] [Sogou.com Inc., 6.0.0.5909]
[PID: 3584 / Administrator][F:\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[PID: 3532 / Administrator][F:\SREfdca405a.EXE] [Smallfrogs Studio, 2.8.4.1331]
[D:\FengYun\FYMon.dll] [www.218.cc, 1.3.0.20]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 660, D:\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 660, D:\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 660, D:\FENGYUN\FYFIREWALL.EXE]
==================================
计划任务
[已启用] SogouImeMgr.job
d:\SOGOUI~1\600~1.590\SGTool.exe
==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1，简体中文版
KB925850, Windows Media Player 11
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB909520, Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520)
KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB971513, Windows XP 更新程序 (KB971513)
KB971513, Windows Live 软件包
KB982670, 用于 Windows XP x86 的 Microsoft .NET Framework 4 Client Profile (KB982670)
KB2267621, Microsoft Security Essentials - KB2267621
KB931125, 根证书更新 [2011 年 3 月] (KB931125)
KB2492386, Windows XP 更新程序 (KB2492386)
KB2512827, Microsoft Silverlight (KB2512827)
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

复制代码

显示全部楼层 · 发表于 2011-6-28 12:37:29

看日志没啥大问题
137端口，为局域网中提供计算机的名字或IP地址查询服务。
138端口，提供计算机名浏览功能。
通过对这两个端口建立连接，可以知道你的计算机名和IP地址。138端口还提供共享功能。
如果频繁接到这个访问请求，的确有被入侵风险，且风云连续的拦截请求的确会消耗系统资源，配置低会卡~
对了，你那局域网内IP是固定的吗？
192.168.1.2和192.168.1.3应该不是一台机子吧~

显示全部楼层 · 发表于 2011-6-28 14:17:33

我也不知道是不是局域网，我是电信的宽带，不是小区的。

显示全部楼层 · 发表于 2011-6-28 14:26:11

楼主被攻击了嘛。那里刚好挡住了

显示全部楼层 · 发表于 2011-6-28 14:31:02

也有杭州西湖。宁波奉化的。来访问我，我说他不是攻击我来访问我干什么啊，我又不认识。

[已解决] 我这个是被攻击了吗

本帖子中包含更多资源

评分

本帖子中包含更多资源