Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:68            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1710          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1715          0.0.0.0:0              LISTENING
  TCP    59.38.117.130:137      0.0.0.0:0              LISTENING
  TCP    59.38.117.130:138      0.0.0.0:0              LISTENING
  TCP    59.38.117.130:139      0.0.0.0:0              LISTENING
  TCP    59.38.117.130:1710    219.238.233.252:80    ESTABLISHED
  TCP    59.38.117.130:1715    219.238.233.252:80    ESTABLISHED
  TCP    127.0.0.1:1027        0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1635        0.0.0.0:0              LISTENING
  TCP    169.254.64.33:137      0.0.0.0:0              LISTENING
  TCP    169.254.64.33:138      0.0.0.0:0              LISTENING
  TCP    169.254.64.33:139      0.0.0.0:0              LISTENING
  UDP    0.0.0.0:68            *:*
  UDP    59.38.117.130:137      *:*
  UDP    59.38.117.130:138      *:*
  UDP    127.0.0.1:1027        *:*
  UDP    127.0.0.1:1635        *:*
  UDP    169.254.64.33:137      *:*
  UDP    169.254.64.33:138      *:*

说明:其中59.38.117.130 是本机IP地址
但是 169.254.64.33 不知怎么的也出现这个.所以我查了一下如下:
[查询结果]  您的查询: [ip地址] 169.254.64.33 => 169.254.64.33
·本站主数据: Internet保留地址 用于网络硬件自动标记
·本站辅数据: 还没人提交数据
·参考数据一: 美国 
·参考数据二: 非Internet地址 
[查询提供] www.123cha.com

我的电脑没有共享 ,不知怎么关闭137 138 139端口

第二个大问题:
在运行菜单中 有 "C:\ xsiff.exe -pass -hide -log pass.log"  这样的记录
我从没打过这些东西上去.请问黑客是利用什么漏洞进我的电脑打这东西进去的呢?

2007-04-21,13:39:14

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 98 SE  -

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <WingKav><REM G:\反木马\MUMA\wingkav2007.exe>  [81915]
    <ScanRegistry><REM C:\WINDOWS\scanregw.exe /autorun>  [Microsoft Corporation]
    <TaskMonitor><REM C:\WINDOWS\taskmon.exe>  [Microsoft Corporation]
    <Batchreg1><REM >  [N/A]
    <SystemTray><REM SysTray.Exe>  [Microsoft Corporation]
    <LoadPowerProfile><REM Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [Microsoft Corporation]
    <Recover><REM >  [N/A]
    <SKYNET Personal FireWall><G:\防火墙\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <LoadPowerProfile><REM Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [Microsoft Corporation]
    <SchedulingAgent><REM C:\WINDOWS\SYSTEM\mstask.exe>  [Microsoft Corporation]

==================================
启动文件夹
[腾讯QQ]
  <C:\WINDOWS\Start Menu\Programs\启动\腾讯QQ.lnk --> E:\6\QQ.EXE [TENCENT]><H>
[QQ游戏启动加速程序]
  <C:\WINDOWS\Start Menu\Programs\启动\QQ游戏启动加速程序.lnk --> D:\QQGAME\ACCEL.EXE [深圳市腾讯计算机系统有限公司]><H>

==================================
服务
N/A

==================================
驱动程序
N/A

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\6\QQ.EXE, TENCENT>
[南方证券交易客户端]
  {902E3F13-F3C2-11D3-B8AD-00062950CE21} <D:\南方超强行情\南方版\NfTradeClient.exe, N/A>
[NetAnts]
  {57E91B47-F40A-11D1-B792-444553540000} <G:\NETANT\NETANTS\NetAnts.exe,  >
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9C.OCX, Adobe Systems, Inc.>
[XDownload Class]
  {165D83D3-359C-4783-9BF0-6FA6DC42A3F1} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\SSDOWNLOAD.DLL, 北京世纪超星>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\SYSTEM\INPUTC~1.DLL, (>
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\WINDOWS\DOWNLO~1\POWERL~1.OCX, PPStream.com>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\WINDOWS\DOWNLO~1\RECORDER.OCX, Bluesky Studio (http://www.bluesky.cn)>
[Blueskyvoice Control]
  {BA0F088C-72C1-475A-92F8-42391DEF6961} <C:\WINDOWS\DOWNLO~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSINIT.OCX, 金山软件股份有限公司>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\VQQSDL10.DLL, Tencent Technology (Shenzhen) Company Limited>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBASE.OCX, Tencent Corporation>
[添加到QQ自定义面板]
  <E:\6\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\6\AddEmotion.htm, N/A>
[上传到QQ网络硬盘]
  <E:\6\AddToNetDisk.htm, N/A>
[用QQ彩信发送该图片]
  <E:\6\SendMMS.htm, N/A>
[&Download by NetAnts]
  <G:\NETANT\NETANTS\NAGet.htm, N/A>
[Download &All by NetAnts]
  <G:\NETANT\NETANTS\NAGetAll.htm, N/A>
[使用Web迅雷下载]
  <G:\曹天元物理\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <G:\曹天元物理\GetAllUrl.htm, N/A>
[使用网际快车下载]
  <G:\网际快车 VER 1.6 完美版\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <G:\网际快车 VER 1.6 完美版\FLASHGET\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 4294927095][C:\WINDOWS\SYSTEM\MPREXE.EXE]  [Microsoft Corporation, 4.10.1998]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  [N/A, N/A]
[PID: 4294875483][C:\WINDOWS\EXPLORER.EXE]  [Microsoft Corporation, 4.72.3110.1]
[PID: 4294711591][C:\WINDOWS\SYSTEM\RNAAPP.EXE]  [Microsoft Corporation, 4.10.2222]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294717095][C:\WINDOWS\SYSTEM\TAPISRV.EXE]  [Microsoft Corporation, 4.10.2222]
    [C:\WINDOWS\SYSTEM\G400DD32.DLL]  [Matrox Graphics Inc., 4.12.01.2120]
[PID: 4294639971][C:\WINDOWS\SYSTEM\DDHELP.EXE]  [Microsoft Corporation, 4.06.03.0518]
    [E:\6\TIMPROXY.DLL]  [tencent, 0, 3, 2, 4]
[PID: 4294650983][E:\6\TIMPLATFORM.EXE]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9C.OCX]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294471951][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294781131][G:\防火墙\FIREWALL\PFW.EXE]  [广州众达天网技术有限公司, 3.0.0.1007]
    [G:\防火墙\FIREWALL\COMPRESSWRAP.DLL]  [N/A, N/A]
    [G:\防火墙\FIREWALL\SKYPROCSIO.DLL]  [N/A, N/A]
    [G:\防火墙\FIREWALL\SKYMISC.DLL]  [N/A, N/A]
    [E:\6\QQPHONEHELPER.DLL]  [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
    [E:\6\QQSCENEMNG.DLL]  [N/A, N/A]
    [E:\6\QQADDR.DLL]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [E:\6\PERSONALDESKTOP.DLL]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\6\COMMERCESMNG.DLL]  [(, 1, 0, 0, 1]
    [E:\6\QQCUSTOMFACE.DLL]  [N/A, N/A]
    [E:\6\QQSYSMSGMNG.DLL]  [N/A, N/A]
    [E:\6\BQQAPPLICATION.DLL]  [N/A, N/A]
    [E:\6\QQPET.DLL]  [ , 1, 0, 0, 1]
    [E:\6\DIALERALLINONE.DLL]  [tencent, 1, 4, 0, 0]
    [E:\6\PHONEAPI.DLL]  [$, 1, 0, 0, 1]
    [E:\6\FLASHAVATARDLL.DLL]  [(, 1, 4, 0, 1]
    [E:\6\QQAVATAR.DLL]  [N/A, N/A]
    [E:\6\QRINGMNG.DLL]  [N/A, N/A]
    [E:\6\LONGCONNECTION.DLL]  [tencent, 5, 0, 200, 160]
    [E:\6\QQCONFIGPLUGIN.DLL]  [(, 1, 0, 0, 1]
    [E:\6\QQPLUGIN.DLL]  [N/A, N/A]
    [E:\6\USERDEFINEDHEAD.DLL]  [(, 1, 0, 0, 1]
    [E:\6\QQGROUPMNG.DLL]  [$, 1, 0, 0, 1]
    [E:\6\QQSPACE.DLL]  [ , 1, 0, 0, 1]
    [E:\6\QQALLINONE.DLL]  [N/A, N/A]
    [E:\6\SCCORE.DLL]  [TENCENT, 2, 0, 0, 1]
    [E:\6\GROUPLIVE.DLL]  [N/A, N/A]
    [E:\6\QQKNOWLEDGESEARCH.DLL]  [,, 1, 0, 0, 1]
    [E:\6\MAILSUMMARY.DLL]  [$, 1, 0, 0, 1]
    [E:\6\HOSTINGMGR.DLL]  [$, 1, 0, 0, 1]
    [E:\6\CAMERADLL.DLL]  [$, 1, 0, 0, 1]
    [E:\6\NEWSKIN.DLL]  [$, 1, 0, 0, 1]
    [E:\6\CQQAPPLICATION.DLL]  [N/A, N/A]
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9C.OCX]  [Adobe Systems, Inc., 9,0,45,0]
    [E:\6\QQMAINFRAME.DLL]  [N/A, N/A]
    [E:\6\WIZARDCTRL.DLL]  [$, 1, 0, 0, 1]
    [E:\6\QQRES.DLL]  [tencent, 1, 0, 0, 1]
    [E:\6\LOGINCTRL.DLL]  [$, 1, 0, 0, 1]
    [E:\6\NPKCNTC.DLL]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\6\NPKPDB.DLL]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\6\TIMPROXY.DLL]  [tencent, 0, 3, 2, 4]
    [E:\6\QQAPI.DLL]  [(, 1, 0, 0, 1]
[PID: 4294393671][E:\6\QQ.EXE]  [TENCENT, 0, 0, 0, 0]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  [N/A, N/A]
    [E:\6\QQBASECLASSINDLL.DLL]  [,, 1, 0, 0, 1]
    [E:\6\QQHELPERDLL.DLL]  [$, 1, 0, 0, 1]
    [E:\6\BASICCTRLDLL.DLL]  [Tencent, 6, 0, 200, 320]
    [C:\WINDOWS\SYSTEM\DCIMAN32.DLL]  [Intel(R) Corp., Microsoft Corp., 4.03.1998]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294445815][G:\SRENG杀毒\SRENG\SRENG.EXE]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MS.w95.spi.osp
    C:\WINDOWS\SYSTEM\mswsosp.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.tcp
    C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.udp
    C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.raw
    C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.rsvptcp
    C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MS.w95.spi.rsvpudp
    C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================