哦,很奇怪的一件事,ntoskrnl.exe被网络访问或访问网络,很频繁,尤其是夜里的时候。
alg.exe也在昨天发现访问过一次ftp地址
221.202.122.7 这个地址,很是疑惑,于是一并发上来。
此外,在刚刚,突然发现alg.exe在以FTP端口访问 221.202.122.7 这个地址,很是疑惑,于是一并发上来。
文件我上传在另外的板块了:
http://bbs.ikaka.com//showtopic-8618973.aspx想了解一下,这个正常么??
Ntoskrnl.exe
5.1.2600.5755 2,189,056 06 年 2 月 2009 11:08 x 86 SP 3 SP3GDR
ntoskrnl.exe
ile Version: 5.1.2600.5755
File Description: NT Kernel & System (NTOSKRNL.EXE)
File Path: C:\WINDOWS\system32\NTOSKRNL.EXE
Digital Signature:
Process ID: 0x0 (Hexadecimal) 0 (Decimal)
Connection origin: remote initiated
Protocol: ICMP
Local Address: 192.168.1.100
ICMP Type: 0 (Echo Reply)
ICMP Code: 0
Remote Name:
Remote Address: 60.214.112.169
Ethernet packet details:
Ethernet II (Packet Length: 82)
Destination: 00-19-d2-c3-3c-d7
Source: 00-18-f8-74-68-cb
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 244
Protocol: 0x1 (ICMP - Internet Control Message Protocol)
Header checksum: 0xbaff (Correct)
Source: 60.214.112.169
Destination: 192.168.1.100
Internet Control Message Protocol
Type: 0 (Echo Reply)
Code: 0
Data (44 bytes)
Binary dump of the packet:
0000: 00 19 D2 C3 3C D7 00 18 : F8 74 68 CB 08 00 45 00 | ....<....th...E.
0010: 00 44 57 72 00 00 F4 01 : FF BA 3C D6 70 A9 C0 A8 | .DWr......<.p...
0020: 01 64 00 00 C2 92 02 00 : 8C 00 61 62 63 64 65 66 | .d........abcdef
0030: 67 68 69 6A 6B 6C 6D 6E : 6F 70 71 72 73 74 75 76 | ghijklmnopqrstuv
0040: 77 61 62 63 64 65 66 67 : 68 69 67 00 00 00 28 62 | wabcdefghig...(b
0050: 75 66 : | uf
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)