瑞星卡卡安全论坛

瑞星报的  看图
日志也没什么饿，本人也没看出有毒
Logfile of HijackThis v1.99.1
Scan saved at 7:44:48, on 2007-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
E:\我的文件\soft\挂QQ\TenyQQ.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
F:\soft\Tencent\QQ2006\QQ.exe
F:\soft\Tencent\TM2007\TMDlls\TIMPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\装机人员工具\扫描专杀软件\ha_hijackthis_1991\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301+
O4 - HKLM\..\Run: [77439B6E8B9E768128226F7D85E5B686] E:\我的文件\soft\挂QQ\TenyQQ.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [RavStub] "C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {8DD9C2E0-50B6-46BC-BB00-2D252282BFCA} (HnCtrl Class) - http://ww2.hnnn.net/download/HnActivex.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4CF9B52-A94E-4A27-AD90-904A81D0643A} (QPicControl Control) - http://my.paipai.com/activex/qpic.cab
O16 - DPF: {EC53936E-6D4A-4307-9092-A2FC48EAFC56} (Web800 Control) - http://service.qq.com/web800.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B24BF55-436B-440A-B8B3-84AE8F35B82D}: NameServer = 60.191.134.204 60.191.134.197
O23 - Service: PeanuthullCore - 广东网域 - C:\Program Files\PeanutHull3\PhCore.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe



[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)


附件: 571945200783174757.jpg

210.213.252.43:63100
怎么 IP又变成这个了。。。。

建议最好关闭一些危险的端口。。。日志没有问题。。。

系统有漏洞？？？？

到底怎么回事饿。

有人打开你445端口。。。攻击
应该装补丁或关闭4用防火墙45端口

补丁全装了。！
防火强我不用的，
端口我都封了
有人打开我445端口。。。？
怎么每次的IP都不一样。
不会用假IP的吧，
一搜  其他人也有着情况
每次上网都有。！

IP可以代理。。。
不放心换SRENG日志

==我发SRENG日至。

瑞心报出来是不是就是防止住了。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301+>  [N/A]
    <77439B6E8B9E768128226F7D85E5B686><E:\我的文件\soft\挂QQ\TenyQQ.exe>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

启动文件夹
N/A

==================================
服务
[PeanuthullCore / PeanuthullCore][Stopped/Manual Start]
  <C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1512, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1488, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2852, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1412, C:\PROGRAM FILES\同花顺财通\LIVEUPDATE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3652, F:\SOFT\TENCENT\TM2007\TMDLLS\TIMPLATFORM.EXE

日志不全，是杀毒软件叫，是不能防住

我已经封了几个危险的端口
是不是就没事了？