瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我的电脑中了hx.exe这种病毒,一上网就会运行这个软件,请高手帮我看一下

12   2  /  2  页   跳转

我的电脑中了hx.exe这种病毒,一上网就会运行这个软件,请高手帮我看一下

收藏
paul2lilin
头像
初生襁褓狮
  • 帖子:42
  • 注册: 2006-08-31
  • 来自:
发表于: 2007-05-23 20:48 | 显示全部 短消息 资料
字号: 11楼

[C:\Program Files\Winamp\Plugins\in_cdda.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_dshow.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_midi.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_mod.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_mp3.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_mp4.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_nsv.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_vorbis.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_wave.dll]  [N/A, ]
    [C:\Program Files\Winamp\libsndfile.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\in_wm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\Winamp\Plugins\out_ds.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\out_wave.dll]  [N/A, ]
    [C:\Program Files\Winamp\Plugins\gen_ff.dll]  [N/A, ]
    [C:\Program Files\Winamp\nde.dll]  [N/A, ]
    [C:\WINDOWS\system32\hreax.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrmm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgptl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fksdy.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\servhost.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\wintdll.dll]  [N/A, ]
    [C:\DOCUME~1\林小玲\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfplat.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
[PID: 356][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 2844][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 2636][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 3116][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\CnsM.dll]  [北京三七二一科技有限公司, 2.5.3.1005]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\hreax.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrmm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgptl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fksdy.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
[PID: 3656][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 3972][C:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3, 3, 200, 290]
gototop
 
paul2lilin
头像
初生襁褓狮
  • 帖子:42
  • 注册: 2006-08-31
  • 来自:
发表于: 2007-05-23 20:50 | 显示全部 短消息 资料
字号: 12楼

[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\PROGRA~1\3721\CnsM.dll]  [北京三七二一科技有限公司, 2.5.3.1005]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\WINDOWS\system32\hreax.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrmm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgptl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fksdy.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
    [C:\Program Files\Tencent\TT\TTNetFavor.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\servhost.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\wintdll.dll]  [N/A, ]
    [C:\DOCUME~1\林小玲\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll]  [Network Associates, Inc., 4.3.20]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\InternetSearchObject.dll]  [Microsoft Corporation, 1.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 3548][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 264][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\system32.jmp]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.ime]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
gototop
 
paul2lilin
头像
初生襁褓狮
  • 帖子:42
  • 注册: 2006-08-31
  • 来自:
发表于: 2007-05-23 20:51 | 显示全部 短消息 资料
字号: 13楼

[PID: 3924][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 4068][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 2276][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 5448][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-

1520)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\InternetSearchObject.dll]  [Microsoft Corporation, 1.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.5825.0]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll]  [Network Associates, Inc., 4.3.20]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1356][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 2696][C:\Documents and Settings\林小玲\桌面\sreng2.4\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\PROGRA~1\3721\CnsM.dll]  [北京三七二一科技有限公司, 2.5.3.1005]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, ]
    [C:\WINDOWS\system32\hreax.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrmm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgptl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fksdy.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\servhost.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\wintdll.dll]  [N/A, ]
    [C:\DOCUME~1\林小玲\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
[PID: 3804][C:\WINDOWS\System32\alg32.exe]  [N/A, ]
    [C:\WINDOWS\System32\Winhttps.dll]  [N/A, ]
gototop
 
paul2lilin
头像
初生襁褓狮
  • 帖子:42
  • 注册: 2006-08-31
  • 来自:
发表于: 2007-05-23 20:54 | 显示全部 短消息 资料
字号: 14楼

=================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\System32\Winhttps.dll(, N/A)
MT-TcpFilter
    C:\WINDOWS\system32\Winhttps.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkf
[D:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkf
[E:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkf
[F:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkf

==================================
gototop
 
paul2lilin
头像
初生襁褓狮
  • 帖子:42
  • 注册: 2006-08-31
  • 来自:
发表于: 2007-05-23 20:54 | 显示全部 短消息 资料
字号: 15楼

HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
    [1808] C:\DOCUME~1\林小玲\LOCALS~1\Temp\wmbose.exe

==================================


[/CODE]


就这么多了,请高手帮忙看看,无限感激.
gototop
 
paul2lilin
头像
初生襁褓狮
  • 帖子:42
  • 注册: 2006-08-31
  • 来自:
发表于: 2007-05-23 21:24 | 显示全部 短消息 资料
字号: 16楼

正在按楼上的高手的方法弄,好像那个杀毒软件确实没有提示有毒了,再下个专杀杀一下先.
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT