| [Question] Tool list all .dll trong memory của sysinternal |
14/05/2007 09:41:56 (+0700) | #1 | 58990 |
![[Avatar]](/hvaonline/images/avatar/6d8fd617dbf3e2c1e12be59585cdb1f9.jpg "[Avatar]")
|
tmd
Member
![[Minus]](/hvaonline/templates/viet/images/minus.gif "[Minus]") |
0 |
![[Plus]](/hvaonline/templates/viet/images/plus.gif "[Plus]")
|
|
Joined: 28/06/2006 03:39:48
Messages: 2951
Offline
|
|
Tool này do ông Mark Russinovich viết ra. Sử dụng chung với mấy cái soft như process viewer/monitor,hijackthis... để xem hệ thống. Cái tool này nó show ra 99% các .dll được sử dụng bởi các .exe ở trong bộ nhớ. Nhiều .dll của malware khi inject vào các process bình thường đều bị thấy bởi cái tool này.
vào www.sysinternals.com để down cái tool đó về, listdlls
khi sử dụng chạy listdlls > dirpatch\tenfile.txt rồi coi cái .txt nó khoảng vài chục kb, coi cái .dll nào đó lạ hoắc rồi tính tiếp.
Ví dụ như cái đoạn nhỏ nhắn này.
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
.....................
.....................
Explorer.EXE pid: 2448
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x7c900000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf4000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77c10000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77dd0000 0x9b000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77f10000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d40000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77f60000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 0x814000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x774e0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77120000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x75f80000 0xfc000 6.00.2900.2180 C:\WINDOWS\system32\BROWSEUI.dll
0x77760000 0x16c000 6.00.2900.2180 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 0x94000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 0x80000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x76c30000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x5b860000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x771b0000 0xa6000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x76f60000 0x2c000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x77c00000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x5ad70000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5cb70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b40000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77be0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x769c0000 0xb3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x773d0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d090000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77b40000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x77a20000 0x54000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
0x76600000 0x1d000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
0x5ba60000 0x71000 6.00.2900.2180 C:\WINDOWS\system32\themeui.dll
0x77fe0000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x20000000 0x2c5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x76980000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\LINKINFO.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x71bf0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x77920000 0xf3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x00fa0000 0xe000 C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll
0x77260000 0x9c000 6.00.2900.2180 C:\WINDOWS\system32\urlmon.dll
0x76400000 0x1a6000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76e80000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\rtutils.dll
0x76c00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x71ab0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x76d60000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x76360000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x74b30000 0x46000 6.00.2900.2180 C:\WINDOWS\system32\webcheck.dll
0x71ad0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
0x76280000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\stobject.dll
0x74af0000 0xa000 6.00.2900.2180 C:\WINDOWS\system32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\POWRPROF.dll
0x76f50000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll
0x72d20000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77bd0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\midimap.dll
0x73030000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll
0x76bb0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c60000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x01cb0000 0x26000 3.00.0000.4384 C:\WINDOWS\system32\igfxpph.dll
0x01ce0000 0x13000 3.00.0000.4384 C:\WINDOWS\system32\hccutils.DLL
0x01d10000 0x21000 3.00.0000.4384 C:\WINDOWS\system32\igfxres.dll
0x01d80000 0x16f000 3.00.0000.4384 C:\WINDOWS\system32\igfxress.dll
0x01f30000 0xe000 3.00.0000.4384 C:\WINDOWS\system32\igfxsrvc.dll
0x71b20000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MPR.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x01f80000 0x12000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x76ee0000 0x3c000 5.01.2600.2180 C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x02330000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x76f20000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\rasadhlp.dll
0x02360000 0x10000 1.01.0004.0000 C:\PROGRA~1\FLASHGET\jccatch.dll
0x76390000 0x1d000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.dll
0x75e90000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\SXS.DLL
0x6c1b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x01f40000 0x31000 C:\Program Files\UniKey\UKHook40.dll
0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
0x027f0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x02c20000 0x35000 2.01.0004.0005 C:\Program Files\Advanced System Optimizer\ShellExt.dll
0x02c70000 0x11000 1.00.0000.0001 C:\Program Files\Bkav2006\ContextMenu.dll
0x5cb00000 0x6e000 6.00.2900.2180 C:\WINDOWS\system32\shimgvw.dll
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x77c70000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\msv1_0.dll
0x02da0000 0x88000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x71a50000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76fb0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x73b30000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\mscms.dll
0x73000000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\WINSPOOL.DRV
0x75970000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\MSGINA.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x49000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x03910000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x75cf0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x5edd0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x77690000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
0x71d40000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5df10000 0x5e000 5.01.2600.2180 C:\WINDOWS\system32\wzcdlg.dll
0x4d4f0000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x73d70000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\shgina.dll
0x73380000 0x57000 6.00.2900.2180 C:\WINDOWS\system32\zipfldr.dll
0x72410000 0x1a000 6.00.2900.2180 C:\WINDOWS\system32\mydocs.dll
0x02e40000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\xpsp1res.dll
0x732e0000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RichEd32.dll
0x74e30000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
------------------------------------------------------------------------------
UniKey.exe pid: 3796
Command line: "C:\Program Files\UniKey\UniKey.exe"
Base Size Version Path
0x00400000 0x44000 C:\Program Files\UniKey\UniKey.exe
0x7c900000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf4000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x763b0000 0x49000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x77f60000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77c10000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f10000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d40000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x773d0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
0x7c9c0000 0x814000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x10000000 0x31000 C:\Program Files\UniKey\UKHook40.dll
0x5ad70000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x76c90000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\imagehlp.dll
0x76bb0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c60000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x76c30000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a80000 0x94000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x774e0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x003e0000 0xe000 C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll
0x771b0000 0xa6000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77120000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
---------------------------------------------
WINWORD.EXE pid: 3208
Command line: "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
Base Size Version Path
0x30000000 0xbaa000 11.00.5604.0000 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
0x7c900000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf4000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77f10000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d40000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x774e0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x30c90000 0xba7000 11.00.5606.0000 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
0x5ad70000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x773d0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Comctl32.dll
0x77f60000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 0x814000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x5d090000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x39700000 0xeb000 5.50.0099.2010 C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll
0x77120000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x76fd0000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x77c00000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x012f0000 0xe000 C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll
0x771b0000 0xa6000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a80000 0x94000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x37320000 0x21000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL
0x73000000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\WINSPOOL.DRV
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x75e90000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\SXS.DLL
0x374b0000 0x6000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\stintl.dll
0x77920000 0xf3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x01810000 0xc000 0.03.1897.0000 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll
0x01820000 0xcb000 0.03.1897.0000 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll
0x76380000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x76c90000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\imagehlp.dll
0x76bb0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c60000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x76c30000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77b40000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
0x769c0000 0xb3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b860000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\netapi32.dll
0x76990000 0x25000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x71b20000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MPR.dll
0x75f60000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x71bf0000 0x13000 5.01.2600.2180 C:\WINDOWS\System32\SAMLIB.dll
0x75f70000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x75970000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\MSGINA.dll
0x76360000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x49000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x77fe0000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x39800000 0x1b3000 6.00.3260.0000 C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL
0x76f50000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.DLL
0x05a00000 0x2c5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x76980000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\LINKINFO.dll
0x3f100000 0x331000 3.01.0000.2303 C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL
0x73bc0000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\dciman32.dll
0x373f0000 0x2e000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL
0x37360000 0x27000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FSTOCK.DLL
0x37440000 0x49000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL
0x372e0000 0x1f000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FDATE.DLL
0x373a0000 0x2b000 11.00.5510.0000 C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPLACE.DLL
0x10000000 0x31000 C:\Program Files\UniKey\UKHook40.dll
0x55430000 0x118000 2.00.2201.0000 C:\Program Files\Common Files\Microsoft Shared\INK\INKOBJ.DLL
0x4ec50000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x35980000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\SENDTO.DLL
0x35a10000 0x7000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\1033\envelopr.dll
------------------------------------------------------------------------------
Adobelm_Cleanup.0001 pid: 2428
Command line: "C:\DOCUME~1\Monkey\LOCALS~1\Temp\Adobelm_Cleanup.0001" 488 "C:\DOCUME~1\Monkey\LOCALS~1\Temp\""Adobelm_Cleanup.0001.dir.0000"
Base Size Version Path
0x00400000 0x14000 1.00.0000.0001 C:\DOCUME~1\Monkey\LOCALS~1\Temp\Adobelm_Cleanup.0001
0x7c900000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf4000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d40000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77dd0000 0x9b000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5ad70000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x77c10000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x009d0000 0xe000 C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll
0x771b0000 0xa6000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77f60000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77a80000 0x94000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x77120000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x774e0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x773d0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x76c90000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\imagehlp.dll
0x76bb0000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c60000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x76c30000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
Cái dòng đó là con w32.qqpas.wi(kav) đính kèm(inject) vào unikey.exe,explorer.exe.. và một số .exe khác. chuyện này lý giải tại sao vô số trình diệt báo access denied khi phát hiện/diệt malware. Bkav ko ngoại lệ.
Biết nó ở đâu là coi như đời nó đã xong. Một số loại nó thích inject .dll vào các trình bình thường, dùng soft này để mò tốt.
|
|
| 3 giai đoạn của con... người, ban đầu dek biết gì thì phải thăm dò, sau đó biết rồi thì phải thân thiết, sau cùng khi quá thân thiết rồi thì phải tình thương mến thương. Nhưng mà không thương được thì ... |
|
 |
|
|
|
|
| Users currently in here |
|
1 Anonymous
|
|
Powered by JForum - Extended by HVAOnline
hvaonline.net | hvaforum.net | hvazone.net | hvanews.net | vnhacker.org
1999 - 2013 ©
v2012|0504|218|
|
|
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
Thảo luận virus, trojan, spyware, worm...
![[Profile]](/hvaonline/templates/viet/images/en_US/icon_profile.gif "[Profile]"){kind=icon}
![[PM]](/hvaonline/templates/viet/images/en_US/icon_pm.gif "[PM]"){kind=icon}
![[Up]](/hvaonline/templates/viet/images/en_US/icon_up.gif "[Up]"){kind=icon}
![[Print Copy]](/hvaonline/templates/viet/images/en_US/icon_print.gif "[Print Copy]"){kind=icon}
![[digg]](/hvaonline/templates/viet/images/digg.gif "[digg]")
![[delicious]](/hvaonline/templates/viet/images/delicious.gif "[delicious]")
![[google]](/hvaonline/templates/viet/images/google.gif "[google]")
![[yahoo]](/hvaonline/templates/viet/images/yahoo.gif "[yahoo]")
![[technorati]](/hvaonline/templates/viet/images/technorati.gif "[technorati]")
![[reddit]](/hvaonline/templates/viet/images/reddit.gif "[reddit]")
![[stumbleupon]](/hvaonline/templates/viet/images/stumbleupon.gif "[stumbleupon]")