瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助,进程里有个RUNDLL32。EXE 如何解决

12   1  /  2  页   跳转

求助,进程里有个RUNDLL32。EXE 如何解决

收藏
jackiejo2008
头像
初生襁褓狮
  • 帖子:99
  • 注册: 2006-10-02
  • 来自:
发表于: 2006-10-04 14:41 | 只看楼主 短消息 资料
字号: 1楼

求助,进程里有个RUNDLL32。EXE 如何解决

求助,最近病毒太猖狂了,买的正版瑞星,都解决不了,让我极度郁闷!

首先我进程里有个RUNDLLE32.EXE CPU站用很多, 还有就是一上网 就提示有病毒,C盘里老有个JIJY3的文件,请求帮助
最后编辑2006-10-04 15:43:27
分享到:
gototop
 
loneline
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-10-04
  • 来自:
发表于: 2006-10-04 14:53 | 短消息 资料
字号: 2楼

晕了``我的问题和你一样的啊不知道怎么解决呢``
gototop
 
westbeck
头像
初生襁褓狮
  • 帖子:3572
  • 注册: 2006-07-27
  • 来自:
发表于: 2006-10-04 14:56 | 短消息 资料
字号: 3楼

瑞星提示的病毒名称和路径
gototop
 
小小微尘
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-04
  • 来自:
发表于: 2006-10-04 14:59 | 短消息 资料
字号: 4楼

哈哈,我也有,应该是中了SXS.EXE,应该还不止一种,
gototop
 
loneline
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-10-04
  • 来自:
发表于: 2006-10-04 15:05 | 短消息 资料
字号: 5楼

原来瑞星如此废物``我倒``
gototop
 
jackiejo2008
头像
初生襁褓狮
  • 帖子:99
  • 注册: 2006-10-02
  • 来自:
发表于: 2006-10-04 15:27 | 只看楼主 短消息 资料
字号: 6楼

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\System32\ctfmon.exe) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
(run)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
(PHIME2002ASync)(C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [Microsoft Corporation]
(PHIME2002A)(C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [Microsoft Corporation]
(Cmaudio)(RunDll32 cmicnfg.cpl,CMICtrlWnd) []
(ATIPTA)(C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe) [ATI Technologies, Inc.]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(Tray)(C:\WINDOWS\command\rundll32.exe) []
(KAVPersonal50)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize) [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(9)(C:\WINDOWS\System32\Ravdm.exe) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINDOWS\System32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({57B86673-276A-48B2-BAE7-C6DBB3020EB8})(C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll) [Anti-Malware Development a.s.]
({9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1})(C:\WINDOWS\System32\cnscheck100.dll) []




--------------------------------------------------------------------------------



启动文件夹

[Microsoft Office]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk)(N)



--------------------------------------------------------------------------------



服务

[Ati HotKey Poller / Ati HotKey Poller]
(C:\WINDOWS\System32\Ati2evxx.exe)(N/A)
[ATI Smart / ATI Smart]
(C:\WINDOWS\system32\ati2sgag.exe)()
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
(C:\Program Files\ewido anti-spyware 4.0\guard.exe)(Anti-Malware Development a.s.)
[kavsvc / kavsvc]
("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe")(Kaspersky Lab)
[Macromedia Licensing Service / Macromedia Licensing Service]
("C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe")(N/A)
[Rising Proxy Service / RfwProxySrv]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
("C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini")(N/A)
[TlMPLatform.exe / TlMPLatform.exe ]
(C:\Program Files\tencent\qqnet.exe)(N/A)



--------------------------------------------------------------------------------



浏览器加载项

[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} (D:\C盘\QQ2003III丐丐版\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[conimehlp Class]
{B10343BD-1DC6-442F-9BA2-D44C708CEE83} (C:\WINDOWS\System32\mskey32.dll, Microsoft)
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} (C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A)
[网页特效制作专家 ]
{8DE0FCD4-5EB5-11D3-AD25-00002100131a} (F:\特效软件\网页特效专家\, N/A)
[屏幕取色*]
{8DE0FCD4-5EB5-11D3-AD25-00002100131c} (F:\特效软件\网页特效专家, N/A)
[海浪视窗主页 ]
{8DE0FCD4-5EB5-11D3-AD25-00002100131e} (F:\特效软件\网页特效专家\syste, N/A)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (D:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft)
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} (D:\C盘\QQ2003III丐丐版\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} (C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft)
[InfosecCertInstall Class]
{0EB487C8-E9AC-43A6-8C4C-083999B0622F} (C:\WINDOWS\Downloaded Program Files\certInStall.dll, )
[]
{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} (C:\WINDOWS\eg_auth_1049.dll, N/A)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\System32\aliedit\AliEdit.dll, www.alipay.com)
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, )
[]
{8B3B8135-9DAA-40E7-8941-962795F9C1CB} (C:\WINDOWS\System32\syswbsvc32.dll, N/A)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, )
[MeChatU Class]
{BE9D5F13-40C1-44CA-9950-B9211E4B60DD} (C:\WINDOWS\Downloaded Program Files\MeChatUser.dll, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.)
[AxUSBKey Class]
{DA215190-98B2-47DE-AE24-DA95481DFFBA} (C:\WINDOWS\DOWNLO~1\USBKey.dll, )
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司)
[使用网际快车下载]
(D:\PROGRA~1\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(D:\PROGRA~1\FlashGet\jc_all.htm, N/A)

--------------------------------------------------------------------------------
gototop
 
jackiejo2008
头像
初生襁褓狮
  • 帖子:99
  • 注册: 2006-10-02
  • 来自:
发表于: 2006-10-04 15:27 | 只看楼主 短消息 资料
字号: 7楼

正在运行的进程

[PID: 536][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 592][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 616][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 668][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 680][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 836][C:\WINDOWS\System32\Ati2evxx.exe] (N/A)(N/A)
[PID: 864][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 940][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 1008][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 1348][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2800.1221 (xpsp2.030511-1403))
[C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] (Anti-Malware Development a.s.)(4, 0, 0, 172)
[C:\WINDOWS\System32\mskey32.dll] (Microsoft)(1, 0, 0, 1)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[C:\PROGRA~1\WMATOM~1\w2m.dll] (All Your Software)(1.1)
[PID: 1408][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.0 (XPClient.010817-1148))
[PID: 1512][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] (ATI Technologies, Inc.)(6.14.10.5062)
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] (ATI Technologies, Inc.)(6.14.10.5062)
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] (ATI Technologies, Inc.)(6.14.10.5062)
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] (ATI Technologies, Inc.)(6.14.10.5062)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[PID: 1520][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] (RealNetworks, Inc.)(0.1.0.1622)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[PID: 1568][C:\WINDOWS\System32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[PID: 248][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 280][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 388][C:\Program Files\ewido anti-spyware 4.0\guard.exe] (Anti-Malware Development a.s.)(4, 0, 0, 172)
[C:\Program Files\ewido anti-spyware 4.0\engine.dll] (Anti-Malware Development a.s.)(4, 0, 0, 172)
[PID: 492][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 900][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106 (xpsp1.020828-1920))
[PID: 2212][C:\WINDOWS\command\rundll32.exe] (N/A)(N/A)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[PID: 2228][C:\WINDOWS\System32\conime.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[PID: 3880][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106 (xpsp1.020828-1920))
[D:\C盘\QQ2003III丐丐版\QQ\QQIEHelper.dll] (深圳市腾讯计算机系统有限公司)(1, 1, 0, 5)
[C:\WINDOWS\System32\mskey32.dll] (Microsoft)(1, 0, 0, 1)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] (Kaspersky Lab)(1.0.227.342)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] (Kaspersky Lab)(1.0.227.3)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] (Kaspersky Lab)(5.0.227.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] (Kaspersky Lab)(5.0.227.0)
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] (Macromedia, Inc.)(8,0,22,0)
[PID: 360][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106 (xpsp1.020828-1920))
[D:\C盘\QQ2003III丐丐版\QQ\QQIEHelper.dll] (深圳市腾讯计算机系统有限公司)(1, 1, 0, 5)
[C:\WINDOWS\System32\mskey32.dll] (Microsoft)(1, 0, 0, 1)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] (Kaspersky Lab)(1.0.227.342)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] (Kaspersky Lab)(1.0.227.3)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] (Kaspersky Lab)(5.0.227.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] (Kaspersky Lab)(5.0.227.0)
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] (Macromedia, Inc.)(8,0,22,0)
[PID: 2356][C:\sreng2\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\WINDOWS\System32\tdll.dll] (N/A)(N/A)


高手帮忙看看
gototop
 
westbeck
头像
初生襁褓狮
  • 帖子:3572
  • 注册: 2006-07-27
  • 来自:
发表于: 2006-10-04 15:35 | 短消息 资料
字号: 8楼

把日志贴完吧
gototop
 
小小微尘
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-04
  • 来自:
发表于: 2006-10-04 15:36 | 短消息 资料
字号: 9楼

我是用超级兔子清理王清掉的
gototop
 
終生學習
头像
横据古稀狮
  • 帖子:5914
  • 注册: 2004-08-16
  • 来自:
发表于: 2006-10-04 15:41 | 短消息 资料
字号: 10楼

C:\WINDOWS\System32\tdll.dll我记得瑞星把tdll.dll是当作病毒来处理,好象是威金
用橙色八月C:\WINDOWS\command\rundll32.exe
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT