1   1  /  1  页   跳转

Dllhost.exe

收藏
AndrewHuan
头像
初生襁褓狮
  • 帖子:30
  • 注册: 2007-03-04
  • 来自:
发表于: 2007-03-31 17:00 | 只看楼主 短消息 资料
字号: 1楼

Dllhost.exe

今天用卡卡检查提示说可能感染backdoor.rwx.2005病毒,用卡卡取得进程模块如下,高手帮忙看看是不是病毒阿,最好提出专杀工具,呵呵,本人较笨
[dllhost.exe]
PID = 0x724
CommandLine = C:\WINDOWS\dllhost.exe -netsvcs
    dllhost.exe
    0x400000
    C:\WINDOWS\dllhost.exe
    3.0.2.3
   
   
    2005-10-16 12:00:00

    ntdll.dll
    0x7c920000
    C:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2004-08-17 20:00:00

    kernel32.dll
    0x7c800000
    C:\WINDOWS\system32\kernel32.dll
    5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)
    Microsoft Corporation
    Windows NT BASE API Client DLL
    2006-07-05 18:55:59

    user32.dll
    0x77d10000
    C:\WINDOWS\system32\user32.dll
    5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
    Microsoft Corporation
    Windows XP USER API Client DLL
    2005-03-03 02:10:05

    GDI32.dll
    0x77ef0000
    C:\WINDOWS\system32\gdi32.dll
    5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)
    Microsoft Corporation
    GDI Client DLL
    2005-12-29 10:56:04

    advapi32.dll
    0x77da0000
    C:\WINDOWS\system32\advapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Advanced Windows 32 Base API
    2004-08-17 20:00:00

    RPCRT4.dll
    0x77e50000
    C:\WINDOWS\system32\rpcrt4.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Procedure Call Runtime
    2004-08-17 20:00:00

    oleaut32.dll
    0x770f0000
    C:\WINDOWS\system32\oleaut32.dll
    5.1.2600.2180
    Microsoft Corporation
   
    2004-08-17 20:00:00

    msvcrt.dll
    0x77be0000
    C:\WINDOWS\system32\msvcrt.dll
    7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT CRT DLL
    2004-08-17 20:00:00

    ole32.dll
    0x76990000
    C:\WINDOWS\system32\ole32.dll
    5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)
    Microsoft Corporation
    Microsoft OLE for Windows
    2005-07-26 12:39:50

    mpr.dll
    0x71a90000
    C:\WINDOWS\system32\mpr.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Multiple Provider Router DLL
    2004-08-17 20:00:00

    version.dll
    0x77bd0000
    C:\WINDOWS\system32\version.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Version Checking and File Installation Libraries
    2004-08-17 20:00:00

    comctl32.dll
    0x5d170000
    C:\WINDOWS\system32\comctl32.dll
    5.82 (xpsp.060825-0040)
    Microsoft Corporation
    Common Controls Library
    2006-08-25 23:49:44

    shell32.dll
    0x7d590000
    C:\WINDOWS\system32\shell32.dll
    6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)
    Microsoft Corporation
    Windows Shell Common Dll
    2006-12-20 05:49:35

    SHLWAPI.dll
    0x77f40000
    C:\WINDOWS\system32\shlwapi.dll
    6.00.2900.2995 (xpsp.060913-0019)
    Microsoft Corporation
    Shell Light-weight Utility Library
    2006-09-23 12:12:34

    wininet.dll
    0x771b0000
    C:\WINDOWS\system32\wininet.dll
    7.00.6000.16414 (vista_gdr.070108-1520)
    Microsoft Corporation
    Internet Extensions for Win32
    2007-01-12 09:27:42

    Normaliz.dll
    0x370000
    C:\WINDOWS\system32\normaliz.dll
    6.0.5441.0 (winmain(wmbla).060628-1735)
    Microsoft Corporation
    Unicode Normalization DLL
    2006-06-29 08:05:44

    iertutil.dll
    0x6e850000
    C:\WINDOWS\system32\iertutil.dll
    7.00.6000.16414 (vista_gdr.070108-1520)
    Microsoft Corporation
    Run time utility for Internet Explorer
    2007-01-08 19:02:04

    wsock32.dll
    0x71a40000
    C:\WINDOWS\system32\wsock32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Socket 32-Bit DLL
    2004-08-17 20:00:00

    WS2_32.dll
    0x71a20000
    C:\WINDOWS\system32\ws2_32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Socket 2.0 32-Bit DLL
    2004-08-17 20:00:00

    WS2HELP.dll
    0x71a10000
    C:\WINDOWS\system32\ws2help.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Socket 2.0 Helper for Windows NT
    2004-08-17 20:00:00

    winmm.dll
    0x76b10000
    C:\WINDOWS\system32\winmm.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    MCI API DLL
    2004-08-17 20:00:00

    AVICAP32.dll
    0x73af0000
    C:\WINDOWS\system32\avicap32.dll
    5.1.2600.0 (xpclient.010817-1148)
    Microsoft Corporation
    AVI Capture window class
    2004-08-17 20:00:00

    MSVFW32.dll
    0x73b40000
    C:\WINDOWS\system32\msvfw32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Video for Windows DLL
    2004-08-17 20:00:00

    IMM32.DLL
    0x76300000
    C:\WINDOWS\system32\imm32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows XP IMM32 API Client DLL
    2004-08-17 20:00:00

    LPK.DLL
    0x62c20000
    C:\WINDOWS\system32\lpk.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Language Pack
    2004-08-17 20:00:00

    USP10.dll
    0x73fa0000
    C:\WINDOWS\system32\usp10.dll
    1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Uniscribe Unicode script processor
    2004-08-17 20:00:00

    comctl32.dll
    0xdb0000
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    6.0 (xpsp.060825-0040)
    Microsoft Corporation
    User Experience Controls Library
    2006-08-25 08:49:42

    uxtheme.dll
    0x5adc0000
    C:\WINDOWS\system32\uxtheme.dll
    6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft UxTheme Library
    2004-08-17 20:00:00

    msctfime.ime
    0x73640000
    C:\WINDOWS\system32\MSCTFIME.IME
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Text Frame Work Service IME
    2004-08-17 20:00:00

    Secur32.dll
    0x77fc0000
    C:\WINDOWS\system32\secur32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Security Support Provider Interface
    2004-08-17 20:00:00

    RASAPI32.dll
    0x76eb0000
    C:\WINDOWS\system32\rasapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Access API
    2004-08-17 20:00:00

    rasman.dll
    0x76e60000
    C:\WINDOWS\system32\rasman.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Access Connection Manager
    2004-08-17 20:00:00

    NETAPI32.dll
    0x5fdd0000
    C:\WINDOWS\system32\netapi32.dll
    5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)
    Microsoft Corporation
    Net Win32 API DLL
    2006-08-17 20:29:48

    TAPI32.dll
    0x76e80000
    C:\WINDOWS\system32\tapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft(R) Windows(TM) Telephony API Client DLL
    2004-08-17 20:00:00

    rtutils.dll
    0x76e50000
    C:\WINDOWS\system32\rtutils.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Routing Utilities
    2004-08-17 20:00:00

    msv1_0.dll
    0x77c40000
    C:\WINDOWS\system32\msv1_0.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Authentication Package v1.0
    2004-08-17 20:00:00

    iphlpapi.dll
    0x76d30000
    C:\WINDOWS\system32\iphlpapi.dll
    5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)
    Microsoft Corporation
    IP Helper API
    2006-05-19 21:14:08

    USERENV.dll
    0x759d0000
    C:\WINDOWS\system32\userenv.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Userenv
    2004-08-17 20:00:00

    sensapi.dll
    0x72240000
    C:\WINDOWS\system32\sensapi.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    SENS Connectivity API DLL
    2004-08-17 20:00:00

    mswsock.dll
    0x719c0000
    C:\WINDOWS\system32\mswsock.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Windows Sockets 2.0 Service Provider
    2004-08-17 20:00:00

    hnetcfg.dll
    0x60fd0000
    C:\WINDOWS\system32\hnetcfg.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Home Networking Configuration Manager
    2004-08-17 20:00:00

    wshtcpip.dll
    0x71a00000
    C:\WINDOWS\system32\wshtcpip.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Sockets Helper DLL
    2004-08-17 20:00:00
最后编辑2007-05-17 13:17:28
分享到:
gototop
 
龙神在天
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-03-31
  • 来自:
发表于: 2007-03-31 17:25 | 短消息 资料
字号: 2楼

新版灰鸽子dllhost.exe的一些特点及手工查杀流程
http://forum.ikaka.com/topic.asp?board=28&artid=8289457
gototop
 
小新年啊
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-05-17
  • 来自:
发表于: 2007-05-17 13:27 | 短消息 资料
字号: 3楼

我用人工的方式杀了,启动还是有。杀不掉。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT