瑞星卡卡安全论坛

首页 » 个人产品讨论区 » 瑞星个人防火墙V16 » 瑞星个人防火墙2011 » 奇怪!!!!!难道中木马了??
Delow - 2008-5-30 16:59:00
2008-05-30 16:55:46, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:2836 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:54:19, 系统禁止本地NEROSTARTSMART.EXE发送UDP数据包,地址为:0.0.0.0:2047 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\Ahead\NERO STARTSMART\NEROSTARTSMART.EXE
2008-05-30 16:53:23, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1525 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:53:06, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1046 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:52:48, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1027 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:35:03, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:3117 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:30:41, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2870 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:30:21, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2852 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:30:11, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2847 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:30:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2845 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:29:30, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2811 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:29:20, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2786 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:59, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2707 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:39, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2678 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:29, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2663 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:19, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2650 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:09, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2647 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2641 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2637 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2628 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2616 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2612 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2611 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2610 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:28:08, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2609 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 16:25:02, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:2476 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:18:29, 系统禁止本地TOTAL RECORDER 7.TMP发送UDP数据包,地址为:0.0.0.0:2096 => 202.96.128.166:53[域名解析]程序名称为:C:\Documents and Settings\dyinghong\Local Settings\Temp\is-KSKTF.tmp\TOTAL RECORDER 7.TMP
2008-05-30 16:15:01, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1873 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 16:05:01, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1280 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 15:54:59, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:4528 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 15:49:56, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2535 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 15:48:48, 系统禁止本地SOGOUPY.IME发送UDP数据包,地址为:0.0.0.0:2534 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\KINGSOFT ANTISPY\kasmain.exe>>C:\WINNT\system32\SOGOUPY.IME
2008-05-30 15:47:33, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:2495 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 15:45:18, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1101 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 15:45:00, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1050 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 15:44:43, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1029 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2008-05-30 15:38:18, 系统禁止本地NEROCHECK.EXE发送UDP数据包,地址为:0.0.0.0:1756 => 202.96.128.166:53[域名解析]程序名称为:C:\Documents and Settings\dyinghong\Local Settings\Temp\Rar$EX15.141\NEROCHECK.EXE
2008-05-30 15:37:02, 系统禁止本地VNETCLIENT.EXE发送UDP数据包,地址为:0.0.0.0:1751 => 202.96.128.166:53[域名解析]程序名称为:C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; WPS; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; MAXTHON 2.0)
过客2007 - 2008-5-30 19:50:00
怪事,日志没有明显的木马.

从你的那个来看的话,应该是这两个的问题:

1.C:\PROGRAM FILES\ChinaNet\VNETCLIENT.EXE
2.
C:\WINNT\system32\SOGOUPY.IME


建议你卸载搜狗拼音试试.
1
查看完整版本: 奇怪!!!!!难道中木马了??
© 2000 - 2024 Rising Corp. Ltd.