我的日志，请高手帮忙分析下！ bbs.ikaka.com

南方一匹狼 - 2007-10-13 15:20:00

2007-10-08 15:03
[BackDoor]
C:\WINDOWS\SYSTEM32\SMESS.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DHCL
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCL
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_DHCL
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\DHCL
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_DHCL
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCL

2007-10-08 15:03
[uusee]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DC7094C6-8F61-42ED-AECE-63F5EEF647C5}

2007-10-08 15:04
[BackDoor]
C:\WINDOWS\SYSTEM32\SMESS.EXE

2007-10-13 13:32
[Trojan]
C:\DOCUMENTS AND SETTINGS\GE_YH\LOCAL SETTINGS\TEMP\TEMPQ.EXE
C:\WINDOWS\SYSTEM32\SIDIOI85.DLL

2007-10-13 13:32
[cnwin]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\IDSCNP

2007-10-13 13:32
[moffice]
C:\WINDOWS\SYSTEM32\DRIVERS\SIDIOI85.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_SIDIOI85
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SIDIOI85
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SIDIOI85
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SIDIOI85

2007-10-13 13:32
[CNNIC KeyWords]
C:\PROGRAM FILES\CNNIC\CDN\
C:\PROGRAM FILES\CNNIC\CDN\CDNACS.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNAUX.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNBL.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNCMD.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNCOL.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNDET.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNDET.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNDISP.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNDRAG.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNFORIE.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNHINT.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNPREV.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNPRH.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNRENEW.EXE
C:\PROGRAM FILES\CNNIC\CDN\CDNREPL.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNSIGN.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNTDNS.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNTRAN.DAT
C:\PROGRAM FILES\CNNIC\CDN\CDNUC.EXE
C:\PROGRAM FILES\CNNIC\CDN\CDNUNINS.EXE
C:\PROGRAM FILES\CNNIC\CDN\CDNUP.EXE
C:\PROGRAM FILES\CNNIC\CDN\CDNUPLIB.DLL
C:\PROGRAM FILES\CNNIC\CDN\CDNVERS.DAT
C:\PROGRAM FILES\CNNIC\CDN\CLIENT.DLL
C:\PROGRAM FILES\CNNIC\CDN\IDNCONV.DLL
C:\PROGRAM FILES\CNNIC\CDN\IDNCONVS.DLL
C:\PROGRAM FILES\CNNIC\CDN\IESRCH.DLL
C:\PROGRAM FILES\CNNIC\CDN\IMADOM.DAT
C:\PROGRAM FILES\CNNIC\CDN\IMAOE.DLL
C:\PROGRAM FILES\CNNIC\CDN\RBTNHTM.CAB
C:\PROGRAM FILES\CNNIC\CDN\SPKW.DAT
C:\PROGRAM FILES\CNNIC\CDN\SRC.DAT
C:\PROGRAM FILES\CNNIC\CDN\WMHLPR.DLL
C:\WINDOWS\SYSTEM32\CDNNS.DLL
C:\WINDOWS\SYSTEM32\CDNPROT.DAT
C:\WINDOWS\SYSTEM32\DRIVERS\CDNPROT.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\CDNTRAN.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\FIHEJECG.SYS
HKEY_CLASSES_ROOT\CDNFORIE.IEHLPROBJ
HKEY_CLASSES_ROOT\CDNFORIE.IEHLPROBJ.1
HKEY_CLASSES_ROOT\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
HKEY_CLASSES_ROOT\CLSID\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_CLASSES_ROOT\CLSID\{8CDCBBA0-4BE1-4199-8389-1B19ED41D3E8}
HKEY_CLASSES_ROOT\CLSID\{F5824EFB-728A-4726-A5A5-85A68B20EDC3}
HKEY_CLASSES_ROOT\IEUPBHO.BHO
HKEY_CLASSES_ROOT\IEUPBHO.BHO.1
HKEY_CLASSES_ROOT\INTERFACE\{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_CLASSES_ROOT\INTERFACE\{75FCFD39-9DE7-4EE8-AD31-0C9FC00F1DA8}
HKEY_CLASSES_ROOT\INTERFACE\{9C991F1E-D6FE-4B74-B6EC-763FF528FAE1}
HKEY_CLASSES_ROOT\INTERFACE\{F248EBAB-D894-4682-80E3-F48AABF4B12D}
HKEY_CLASSES_ROOT\TYPELIB\{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_CLASSES_ROOT\TYPELIB\{BD7DD6B0-68E5-44AE-9CD9-63A8E7A65F3B}
HKEY_CLASSES_ROOT\TYPELIB\{DF571585-070D-4EB1-8B0E-99023F934FD4}
HKEY_CLASSES_ROOT\WMHLPR.WMEVTSINK
HKEY_CLASSES_ROOT\WMHLPR.WMEVTSINK.1
HKEY_CLASSES_ROOT\WMHLPR.WMHLPROBJ
HKEY_CLASSES_ROOT\WMHLPR.WMHLPROBJ.1
HKEY_CURRENT_USER\SOFTWARE\CNNIC
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\访问通用网址
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8CDCBBA0-4BE1-4199-8389-1B19ED41D3E8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F5824EFB-728A-4726-A5A5-85A68B20EDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{75FCFD39-9DE7-4EE8-AD31-0C9FC00F1DA8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9C991F1E-D6FE-4B74-B6EC-763FF528FAE1}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{F248EBAB-D894-4682-80E3-F48AABF4B12D}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{BD7DD6B0-68E5-44AE-9CD9-63A8E7A65F3B}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{DF571585-070D-4EB1-8B0E-99023F934FD4}
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\CDNCLIENT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F5824EFB-728A-4726-A5A5-85A68B20EDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CDNCLIENT
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\CDNPROT
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\CDNTRAN
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\FIHEJECG
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDNPROT
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDNTRAN
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FIHEJECG

2007-10-13 13:32
[Trojan.acpidisk]
C:\WINDOWS\SYSTEM32\DRIVERS\ACPIDISK.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_ACPIDISK
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ACPIDISK
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ACPIDISK
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPIDISK

2007-10-13 13:32
[Trojan.zero3.zhu]
C:\WINDOWS\SYSTEM32\SYSTEM.DAT
HKEY_CLASSES_ROOT\CLSID\{ACADABAF-1000-0010-8000-10AA006D2EA4}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ACADABAF-1000-0010-8000-10AA006D2EA4}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{ACADABAF-1000-0010-8000-10AA006D2EA4}

2007-10-13 13:32
[Trojan.GdiServer.regin]
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\OINFOMON.OCX
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VGX\REGIN.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\GDISERVER.EXE
C:\WINDOWS\SYSTEM32\GDISVC.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\GDI SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GDI SERVER

2007-10-13 13:32
[Unknown Trojan Horse/Virus]
C:\WINDOWS\SYSTEM32\MPRMSGSE.AXZ
C:\WINDOWS\SYSTEM32\MSCPX32R.DET
C:\WINDOWS\TEMP\TOP.EXE
C:\WINDOWS\TEMP\~MYF.TMP

2007-10-13 13:38
[CNNIC KeyWords]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F5824EFB-728A-4726-A5A5-85A68B20EDC3}

2007-10-13 13:38
[Trojan.GdiServer.regin]
C:\WINDOWS\SYSTEM32\GDISVC.EXE

2007-10-13 13:38
[Unknown Trojan Horse/Virus]
C:\WINDOWS\TEMP\410C0C8A.EXE

2007-10-13 13:54
[Trojan.GdiServer.regin]
C:\PROGRAM FILES\COMMON FILES\SYSTEM\GDISERVER.EXE
C:\WINDOWS\SYSTEM32\GDISVC.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\GDI SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\GDI SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GDI SERVER

2007-10-13 13:55
[Trojan.GdiServer.regin]
C:\PROGRAM FILES\COMMON FILES\SYSTEM\GDISERVER.EXE
C:\WINDOWS\SYSTEM32\GDISVC.EXE

2007-10-13 14:57
[Adware]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CCC5F3A-B1C8-4A3C-B2CB-ABC7FEF17DB5}\RP21\A0004851.DLL

2007-10-13 14:57
[Trojan]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CCC5F3A-B1C8-4A3C-B2CB-ABC7FEF17DB5}\RP21\A0004862.SYS

2007-10-13 14:57
[Trojan.GdiServer.regin]
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\GDI SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GDI SERVER

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

瑞星卡卡安全论坛