rundll32.exe是病毒吗？最近今天不知道怎么起的，一开网页就发现机子变慢，用任务管理器查看发现有一项rundll32.exe占CPU100%，不开网页机子速度正常怎么才能使机子变啊？用杀毒软件和木马客星都查不出问题呢！请高手帮哈帮哈！

【回复“真龙之魂”的帖子】
或许有可疑DLL插入到rundll32.exe进程中

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS
导出全部日志

内存中的进程:
[System Process]
capp.exe
conime.exe
csrss.exe
ctfmon.exe
explorer.exe
IEXPLORE.EXE
Iparmor.exe
kav.exe
kavsvc.exe
lsass.exe
matlab.exe
matlabserver.exe
nvsvc32.exe
QQ.exe
realsched.exe
rundll32.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
System
taskmgr.exe
TIMPlatform.exe
VM_STI.EXE
winlogon.exe
C:\WINDOWS.0\system32\ADVAPI32.dll
C:\WINDOWS.0\system32\appHelp.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll
C:\WINDOWS.0\System32\CLBCATQ.DLL
C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll
C:\WINDOWS.0\system32\comdlg32.dll
C:\WINDOWS.0\System32\COMRes.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll
C:\WINDOWS.0\system32\CRYPT32.dll
C:\WINDOWS.0\System32\DCIMAN32.dll
C:\WINDOWS.0\System32\DDRAW.dll
C:\WINDOWS.0\System32\ddrawex.dll
C:\WINDOWS.0\System32\DNSAPI.dll
C:\WINDOWS.0\System32\Macromed\Flash\flash.ocx
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll
C:\WINDOWS.0\system32\GDI32.dll
C:\Program Files\Iparmor\getportlistxp.dll
C:\WINDOWS.0\System32\hookdll.dll
C:\Program Files\Iparmor\hookhookdll.dll
C:\WINDOWS.0\System32\IMM32.DLL
C:\Program Files\Iparmor\Iparmor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll
C:\WINDOWS.0\System32\iphlpapi.dll
C:\WINDOWS.0\System32\jscript.dll
C:\WINDOWS.0\system32\kernel32.dll
C:\WINDOWS.0\System32\LPK.DLL
C:\WINDOWS.0\System32\MFC42.DLL
C:\WINDOWS.0\System32\MFC42LOC.DLL
C:\WINDOWS.0\System32\midimap.dll
C:\WINDOWS.0\System32\mlang.dll
C:\WINDOWS.0\system32\mpr.dll
C:\WINDOWS.0\System32\MSACM32.dll
C:\WINDOWS.0\System32\msacm32.drv
C:\WINDOWS.0\system32\MSASN1.dll
C:\WINDOWS.0\System32\MSCTF.dll
C:\WINDOWS.0\System32\msctfime.ime
C:\WINDOWS.0\System32\mshtml.dll
C:\WINDOWS.0\System32\Msimtf.dll
C:\WINDOWS.0\System32\MSLS31.DLL
C:\WINDOWS.0\System32\MSVCP60.dll
C:\WINDOWS.0\system32\MSVCRT.DLL
C:\WINDOWS.0\system32\mswsock.dll
C:\WINDOWS.0\System32\netapi32.dll
C:\WINDOWS.0\System32\nsp.dll
C:\WINDOWS.0\System32\ntdll.dll
C:\WINDOWS.0\System32\NTMARTA.DLL
C:\WINDOWS.0\system32\OLE32.DLL
C:\WINDOWS.0\system32\oleaut32.dll
C:\WINDOWS.0\System32\oledlg.dll
C:\WINDOWS.0\System32\olepro32.dll
C:\WINDOWS.0\System32\rasadhlp.dll
C:\WINDOWS.0\System32\RASAPI32.DLL
C:\WINDOWS.0\System32\rasman.dll
C:\WINDOWS.0\System32\RICHED20.DLL
C:\WINDOWS.0\System32\Rnr20.dll
C:\WINDOWS.0\system32\RPCRT4.dll
C:\WINDOWS.0\System32\rtutils.dll
C:\WINDOWS.0\System32\SAMLIB.dll
C:\WINDOWS.0\System32\Secur32.dll
C:\WINDOWS.0\System32\SETUPAPI.dll
C:\WINDOWS.0\System32\shdoclc.dll
C:\WINDOWS.0\System32\shdocvw.dll
C:\WINDOWS.0\system32\shell32.dll
C:\WINDOWS.0\system32\SHLWAPI.dll
C:\Program Files\Iparmor\socketinit.dll
C:\WINDOWS.0\System32\SXS.DLL
C:\WINDOWS.0\System32\TAPI32.dll
C:\WINDOWS.0\system32\urlmon.dll
C:\WINDOWS.0\system32\user32.dll
C:\WINDOWS.0\system32\USERENV.dll
C:\WINDOWS.0\System32\USP10.dll
C:\WINDOWS.0\System32\uxtheme.dll
C:\WINDOWS.0\system32\version.dll
C:\WINDOWS.0\System32\wdmaud.drv
C:\WINDOWS.0\system32\wininet.dll
C:\WINDOWS.0\System32\winmm.dll
C:\WINDOWS.0\System32\winrnr.dll
C:\WINDOWS.0\System32\winspool.drv
C:\WINDOWS.0\system32\WLDAP32.dll
C:\WINDOWS.0\System32\WS2_32.dll
C:\WINDOWS.0\System32\WS2HELP.dll
C:\WINDOWS.0\System32\wship6.dll
C:\WINDOWS.0\System32\wshtcpip.dll
C:\WINDOWS.0\System32\wsock32.dll
C:\WINDOWS.0\System32\capp.exe
C:\WINDOWS.0\System32\CdnTdns.dll
C:\WINDOWS.0\system32\comctl32.dll
C:\WINDOWS.0\system32\MSVCRT.dll
C:\WINDOWS.0\System32\mswsock.dll
C:\WINDOWS.0\System32\NETAPI32.dll
C:\WINDOWS.0\System32\ole32.dll
C:\WINDOWS.0\System32\Rasapi32.dll
C:\WINDOWS.0\system32\SHELL32.dll
C:\Program Files\Iparmor\SocketArmor.dll
C:\WINDOWS.0\system32\USER32.dll
C:\WINDOWS.0\system32\VERSION.dll
C:\WINDOWS.0\System32\WINMM.dll
C:\WINDOWS.0\System32\WSOCK32.dll
C:\WINDOWS.0\System32\conime.exe
C:\WINDOWS.0\System32\IMM32.dll
C:\WINDOWS.0\system32\msvcrt.dll
C:\WINDOWS.0\System32\ctfmon.exe
C:\WINDOWS.0\System32\MSUTB.dll
C:\WINDOWS.0\system32\ole32.dll
C:\WINDOWS.0\System32\ACTIVEDS.dll
C:\WINDOWS.0\System32\actxprxy.dll
C:\WINDOWS.0\System32\adsldpc.dll
C:\WINDOWS.0\System32\ATL.DLL
C:\Program Files\BaiDu\bar\BaiduBar.dll
C:\WINDOWS.0\System32\BatMeter.dll
C:\WINDOWS.0\System32\browselc.dll
C:\WINDOWS.0\System32\BROWSEUI.dll
C:\WINDOWS.0\System32\CFGMGR32.dll
C:\WINDOWS.0\system32\credui.dll
C:\WINDOWS.0\System32\CSCDLL.dll
C:\WINDOWS.0\System32\cscui.dll
C:\WINDOWS.0\System32\davclnt.dll
C:\WINDOWS.0\System32\drprov.dll
C:\WINDOWS.0\System32\DUSER.dll
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\System32\Wbem\framedyn.dll
C:\WINDOWS.0\system32\IMAGEHLP.dll
C:\WINDOWS.0\system32\iphlpapi.dll
C:\WINDOWS.0\System32\LINKINFO.dll
C:\WINDOWS.0\system32\MPR.dll
C:\WINDOWS.0\System32\MPRAPI.dll
C:\WINDOWS.0\System32\MSGINA.dll
C:\WINDOWS.0\System32\msi.dll
C:\WINDOWS.0\System32\MSIMG32.dll
C:\WINDOWS.0\System32\msutb.dll
C:\WINDOWS.0\System32\NETRAP.dll
C:\WINDOWS.0\system32\NETSHELL.dll
C:\WINDOWS.0\System32\NETUI0.dll
C:\WINDOWS.0\System32\NETUI1.dll
C:\WINDOWS.0\System32\ntlanman.dll
C:\WINDOWS.0\System32\ntshrui.dll
C:\WINDOWS.0\System32\nwprovau.dll
C:\WINDOWS.0\System32\ODBC32.dll
C:\WINDOWS.0\System32\odbcint.dll
C:\WINDOWS.0\system32\OLEAUT32.dll
C:\WINDOWS.0\System32\POWRPROF.dll
C:\WINDOWS.0\System32\printui.dll
C:\WINDOWS.0\System32\RASAPI32.dll
C:\WINDOWS.0\System32\RASDLG.dll
C:\WINDOWS.0\System32\rsaenh.dll
C:\WINDOWS.0\System32\SHDOCVW.dll
C:\WINDOWS.0\System32\srclient.dll
C:\WINDOWS.0\SYSTEM32\stdup.dll
C:\WINDOWS.0\System32\sti.dll
C:\WINDOWS.0\System32\stobject.dll
C:\WINDOWS.0\System32\themeui.dll
C:\WINDOWS.0\System32\UxTheme.dll
C:\WINDOWS.0\System32\webcheck.dll
C:\WINDOWS.0\system32\WININET.dll
C:\WINDOWS.0\System32\WINSPOOL.DRV
C:\WINDOWS.0\System32\WINSTA.dll
C:\WINDOWS.0\System32\WINTRUST.dll
C:\WINDOWS.0\system32\WS2_32.dll
C:\WINDOWS.0\system32\WS2HELP.dll
C:\WINDOWS.0\System32\WTSAPI32.dll
C:\WINDOWS.0\System32\atl.dll
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\System32\imgutil.dll
C:\WINDOWS.0\System32\mshtmled.dll
C:\WINDOWS.0\System32\msratelc.dll
C:\WINDOWS.0\System32\MSRATING.DLL
C:\Program Files\Tencent\QQ\MSVCP60.dll
C:\WINDOWS.0\SYSTEM32\NETAPI32.dll
C:\WINDOWS.0\System32\OLEACC.dll
C:\WINDOWS.0\System32\pngfilt.dll
C:\Program Files\Tencent\QQ\QQIEHelper.dll
C:\WINDOWS.0\System32\vbscript.dll
C:\WINDOWS.0\System32\winabc.ime
C:\WINDOWS.0\SYSTEM32\WS2_32.dll
C:\WINDOWS.0\SYSTEM32\WS2HELP.dll
C:\WINDOWS.0\System32\asycfilt.dll
C:\WINDOWS.0\System32\AVICAP32.dll
C:\Program Files\Tencent\qq\BasicCtrlDll.dll
C:\Program Files\Tencent\qq\BQQApplication.dll
C:\Program Files\Tencent\qq\CameraDll.dll
C:\Program Files\Tencent\qq\CommercesMng.dll
C:\Program Files\Tencent\qq\CoralAssist.DLL
C:\Program Files\Tencent\qq\CoralQQ.DLL
C:\Program Files\Tencent\qq\CQQApplication.dll
C:\WINDOWS.0\System32\devenum.dll
C:\Program Files\Tencent\qq\DialerAllinOne.dll
C:\WINDOWS.0\System32\DINPUT.dll
C:\Program Files\Tencent\qq\FlashAvatarDll.dll
C:\Program Files\Tencent\qq\gdiplus.dll
C:\Program Files\Tencent\qq\GroupConnection.dll
C:\WINDOWS.0\System32\HID.DLL
C:\Program Files\Tencent\qq\HostingMgr.dll
C:\Program Files\Tencent\qq\ImageOle.dll
C:\Program Files\Tencent\qq\IPSearcher.dll
C:\Program Files\Tencent\qq\LoginCtrl.dll
C:\Program Files\Tencent\qq\LongConnection.dll
C:\Program Files\Tencent\qq\MailSummary.dll
C:\Program Files\Tencent\qq\MFC42.DLL
C:\WINDOWS.0\System32\msadp32.acm
C:\WINDOWS.0\System32\msdmo.dll
C:\Program Files\Tencent\qq\MSVCP60.dll
C:\Program Files\Tencent\qq\MSVCP80.dll
C:\Program Files\Tencent\qq\MSVCR80.dll
C:\WINDOWS.0\System32\MSVFW32.dll
C:\Program Files\Tencent\qq\NewSkin.dll
C:\Program Files\Tencent\qq\npkcntc.dll
C:\Program Files\Tencent\qq\npkpdb.dll
C:\Program Files\Tencent\qq\OEMApplication.dll
C:\WINDOWS.0\System32\OLEPRO32.DLL
C:\Program Files\Tencent\qq\PersonalDesktop.dll
C:\Program Files\Tencent\qq\PhoneAPI.dll
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\QQAddr.dll
C:\Program Files\Tencent\qq\QQAllInOne.dll
C:\Program Files\Tencent\qq\QQAPI.dll
C:\Program Files\Tencent\qq\QQAvatar.dll
C:\Program Files\Tencent\qq\QQBaseClassInDll.dll
C:\Program Files\Tencent\qq\QQConfigPlugin.dll
C:\Program Files\Tencent\qq\QQCustomFace.dll
C:\Program Files\Tencent\qq\QQFileTransfer.dll
C:\Program Files\Tencent\qq\QQGroupMng.dll
C:\Program Files\Tencent\qq\QQHelperDll.dll
C:\Program Files\Tencent\qq\QQMainFrame.dll
C:\Program Files\Tencent\qq\QQPet.dll
C:\Program Files\Tencent\qq\QQPhoneHelper.dll
C:\Program Files\Tencent\qq\QQPlugin.dll
C:\Program Files\Tencent\qq\QQRes.dll
C:\Program Files\Tencent\qq\QQSceneMng.dll
C:\Program Files\Tencent\qq\QQSpace.dll
C:\Program Files\Tencent\qq\QQSysMsgMng.dll
C:\Program Files\Tencent\qq\QQUdpGetFileLib.dll
C:\Program Files\Tencent\qq\QQZip.dll
C:\Program Files\Tencent\qq\QRingMng.dll
C:\Program Files\Tencent\qq\RICHED20.dll
C:\Program Files\Tencent\qq\RICHED32.DLL
C:\Program Files\Tencent\qq\SCCore.dll
C:\Program Files\Tencent\qq\ShareFiles.dll
C:\Program Files\Tencent\QQ\TIMProxy.dll
C:\Program Files\Tencent\qq\UserDefinedHead.dll
C:\Program Files\Tencent\qq\vbscript.dll
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS.0\System32\rundll32.exe
C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\COMCTL32.dll
C:\WINDOWS.0\system32\OLEAUT32.DLL
C:\WINDOWS.0\System32\taskmgr.exe
C:\WINDOWS.0\System32\UTILDLL.dll
C:\WINDOWS.0\System32\VDMDBG.dll
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\WINDOWS.0\System32\ksproxy.ax
C:\WINDOWS.0\System32\ksuser.dll
C:\WINDOWS.0\VM_STI.EXE
==================================================
启动项目:
C:\LXHOME\RAV\RAVMON.EXE /AUTO
"C:\WINDOWS.0\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
C:\WINDOWS.0\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS.0\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
RUNDLL32 CMICNFG.CPL,CMICTRLWND
RUNDLL32.EXE NVQTWK,NVCPLDAEMON INITIALIZE
NWIZ.EXE /INSTALL
C:\WINDOWS.0\SYSTEM32\CAPP.EXE
C:\LXHOME\RAV\RAVTIMER.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE /MINIMIZE
C:\WINDOWS.0\SYSTEM32\RUNDLL32.EXE NMGAMEX.DLL,LIVEPROCESS /AA
C:\WINDOWS.0\VM_STI.EXE USB PC CAMERA 301P
"C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE"  -OSBOOT
C:\WINDOWS.0\SYSTEM32\CTFMON.EXE
desktop.ini
腾讯QQ珊瑚虫版.lnk

这个就是日志，我看不懂，请高手帮忙看哈问题出在哪里

【回复“真龙之魂”的帖子】
晕倒
这是什么日志啊？

==================================================
系统服务列表:
%SystemRoot%\System32\svchost.exe -k netsvcs
Abiosdsk
abp480n5
System32\DRIVERS\ACPI.sys
ACPIEC
adpu160m
system32\drivers\aec.sys
\SystemRoot\System32\drivers\afd.sys
Aha154x
\??\C:\WINDOWS.0\System32\drivers\ahook.sys
aic78u2
aic78xx
%SystemRoot%\System32\svchost.exe -k LocalService
%SystemRoot%\System32\alg.exe
AliIde
System32\DRIVERS\amdk7.sys
amsint
%SystemRoot%\system32\svchost.exe -k netsvcs
asc
asc3350p
asc3550
System32\DRIVERS\asyncmac.sys
System32\DRIVERS\atapi.sys
Atdisk
System32\DRIVERS\atmarpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\audstub.sys
BattC
Beep
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
cbidf2k
System32\DRIVERS\CCDECODE.sys
cd20xrnt
Cdaudio
Cdfs
System32\drivers\cdnhook.sys
System32\DRIVERS\cdrom.sys
Changer
%SystemRoot%\system32\cisvc.exe
%SystemRoot%\system32\clipsrv.exe
CmdIde
system32\drivers\cmuda.sys
C:\WINDOWS.0\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
ContentFilter
ContentIndex
Cpqarray
%SystemRoot%\system32\svchost.exe -k netsvcs
dac2w2k
dac960nt
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\disk.sys
%SystemRoot%\System32\dmadmin.exe /com
System32\drivers\dmboot.sys
System32\drivers\dmio.sys
System32\drivers\dmload.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\drivers\DMusic.sys
%SystemRoot%\System32\svchost.exe -k NetworkService
dpti2o
system32\drivers\drmkaud.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\services.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
Fastfat
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\fdc.sys
Fips
System32\DRIVERS\flpydisk.sys
System32\DRIVERS\fsvga.sys
Fs_Rec
System32\DRIVERS\ftdisk.sys
System32\DRIVERS\gameenum.sys
System32\DRIVERS\msgpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\hidgame.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\hidusb.sys
hpn
i2omgmt
i2omp
System32\DRIVERS\i8042prt.sys
System32\DRIVERS\imapi.sys
C:\WINDOWS.0\System32\imapi.exe
inetaccs
ini910u
Inport
IntelIde
System32\DRIVERS\ipfltdrv.sys
System32\DRIVERS\ipinip.sys
System32\DRIVERS\ipnat.sys
System32\DRIVERS\ipsec.sys
System32\DRIVERS\irenum.sys
ISAPISearch
System32\DRIVERS\isapnp.sys
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
System32\DRIVERS\kbdclass.sys
System32\drivers\klif.sys
System32\drivers\klmc.sys
system32\drivers\kmixer.sys
\??\C:\WINDOWS.0\System32\drivers\kmsinput.sys
KSecDD
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
lbrtfdc
ldap
LicenseService
%SystemRoot%\System32\svchost.exe -k LocalService
D:\MATLAB\webserver\bin\win32\matlabserver.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
mnmdd
C:\WINDOWS.0\System32\mnmsrvc.exe
Modem
System32\DRIVERS\mouclass.sys
System32\DRIVERS\mouhid.sys
MountMgr
mraid35x
System32\DRIVERS\mrxdav.sys
System32\DRIVERS\mrxsmb.sys
C:\WINDOWS.0\System32\msdtc.exe
Msfs
C:\WINDOWS.0\System32\msiexec.exe /V
system32\drivers\MSKSSRV.sys
system32\drivers\MSPCLOCK.sys
system32\drivers\MSPQM.sys
system32\drivers\MSTEE.sys
system32\drivers\msmpu401.sys
Mup
System32\DRIVERS\NABTSFEC.sys
NDIS
System32\Drivers\ms280.sys
System32\DRIVERS\NdisIP.sys
System32\DRIVERS\ndistapi.sys
System32\DRIVERS\ndisuio.sys
System32\DRIVERS\ndiswan.sys
NDProxy
System32\DRIVERS\netbios.sys
System32\DRIVERS\netbt.sys
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\netdde.exe
%SystemRoot%\System32\lsass.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\NMnt.sys
Npfs
\??\C:\Program Files\Tencent\qq\npkcrypt.sys
Ntfs
%SystemRoot%\System32\lsass.exe
%SystemRoot%\system32\svchost.exe -k netsvcs
Null
System32\DRIVERS\nv4_mini.sys
system32\drivers\nvidesm.sys
%SystemRoot%\System32\nvsvc32.exe
System32\DRIVERS\nv_agp.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\nwlnkflt.sys
System32\DRIVERS\nwlnkfwd.sys
System32\DRIVERS\nwlnkipx.sys
System32\DRIVERS\nwlnknb.sys
System32\DRIVERS\nwlnkspx.sys
System32\DRIVERS\nwrdr.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\parport.sys
PartMgr
ParVdm
System32\DRIVERS\pci.sys
PCIDump
System32\DRIVERS\pciide.sys
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PerfDisk
PerfNet
PerfOS
PerfProc
%SystemRoot%\system32\services.exe
%SystemRoot%\System32\lsass.exe
System32\DRIVERS\raspptp.sys
\SystemRoot\System32\drivers\prodrv05.sys
System32\drivers\prohlp01.sys
%SystemRoot%\system32\lsass.exe
System32\DRIVERS\psched.sys
System32\DRIVERS\ptilink.sys
ql1080
Ql10wnt
ql12160
ql1240
ql1280
System32\DRIVERS\rasacd.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\rasl2tp.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\raspppoe.sys
System32\DRIVERS\raspti.sys
System32\DRIVERS\rdbss.sys
System32\DRIVERS\RDPCDD.sys
RDPDD
System32\DRIVERS\rdpdr.sys
RDPNP
RDPWD
C:\WINDOWS.0\system32\sessmgr.exe
System32\DRIVERS\redbook.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k LocalService
%SystemRoot%\System32\locator.exe
%SystemRoot%\system32\svchost -k rpcss
%SystemRoot%\System32\rsvp.exe
System32\DRIVERS\R8139n51.SYS
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\SCardSvr.exe
%SystemRoot%\System32\SCardSvr.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\secdrv.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
System32\DRIVERS\serenum.sys
System32\DRIVERS\serial.sys
Sfloppy
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
Simbad
System32\DRIVERS\SLIP.sys
Sparrow
system32\drivers\splitter.sys
%SystemRoot%\system32\spoolsv.exe
\SystemRoot\System32\DRIVERS\sr.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\srv.sys
%SystemRoot%\System32\svchost.exe -k LocalService
C:\WINDOWS.0\System32\rundll32.exe C:\WINDOWS.0\System32\STDSVER.DLL,Service
%SystemRoot%\System32\svchost.exe -k imgsvc
System32\DRIVERS\StreamIP.sys
System32\DRIVERS\swenum.sys
system32\drivers\swmidi.sys
C:\WINDOWS.0\System32\dllhost.exe /Processid:{8F6D2C57-AF26-44DC-B98D-97D78FEBA9FE}
symc810
symc8xx
sym_hi
sym_u3
system32\drivers\sysaudio.sys
%SystemRoot%\system32\smlogsvc.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\tcpip.sys
System32\DRIVERS\tcpip6.sys
TDPIPE
TDTCP
System32\DRIVERS\termdd.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
C:\WINDOWS.0\System32\tlntsvr.exe
TosIde
%SystemRoot%\system32\svchost.exe -k netsvcs
TSDDD
Udfs
ultra
System32\DRIVERS\update.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k LocalService
%SystemRoot%\System32\ups.exe
System32\DRIVERS\usbehci.sys
System32\DRIVERS\usbhub.sys
System32\DRIVERS\usbohci.sys
System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\drivers\vga.sys
ViaIde
VolSnap
%SystemRoot%\System32\vssvc.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
W3SVC
System32\DRIVERS\wanarp.sys
WDICA
system32\drivers\wdmaud.sys
%SystemRoot%\System32\svchost.exe -k LocalService
%systemroot%\system32\svchost.exe -k netsvcs
Winsock
WinSock2
WinTrust
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
WmiApRpl
C:\WINDOWS.0\System32\wbem\wmiapsrv.exe
System32\DRIVERS\WSTCODEC.SYS
%systemroot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\Drivers\usbVM31b.sys
{A29D9EAB-214E-4FCD-A7D7-B8048DB53AB6}
{A766235E-7FF8-468B-8FC8-1085CA2261B3}
{FDD4F0F1-7EA6-477C-9929-6BD5A137764E}

C:\WINDOWS.0\System32\hookdll.dll
有问题

进入注册表
搜索hookdll.dll
找到后全部删除

删除
C:\WINDOWS.0\System32\hookdll.dll

我在注册表没能搜索到hookdll.dll，只找个APIHookdll.dll,这个可以删吗

还有木马客星发现6个可以文件C:\WINDOWS.0\System32\capp.exe
C:\WINDOWS.0\SYSTEM32\nvsvc32.exe
C:\WINDOWS.0\System32\hookdll.dll
C:\WINDOWS.0\System32\nsp.dll
C:\WINDOWS.0\System32\CdnTdns.dll
C:\WINDOWS.0\SYSTEM32\stdup.dll
这些是什么东西，可以删吗

【回复“真龙之魂”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS
导出全部日志

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 15:59:58, on 2006-4-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
D:\MATLAB\webserver\bin\win32\matlabserver.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\WINDOWS.0\System32\rundll32.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\System32\RunDll32.exe
C:\WINDOWS.0\System32\capp.exe
C:\WINDOWS.0\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS.0\System32\ctfmon.exe
C:\WINDOWS.0\System32\conime.exe
C:\Program Files\Iparmor\Iparmor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GJH\桌面\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook:
O2 - BHO: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS.0\SYSTEM32\stdup.dll
O2 - BHO: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll (file missing)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ????? - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CApp] C:\WINDOWS.0\System32\capp.exe
O4 - HKLM\..\Run: [RavTimer] C:\Lxhome\Rav\RavTimer.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS.0\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS.0\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunServices: [RavMon] C:\Lxhome\Rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\System32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 图片→八哥网摘 - c:\Program Files\
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 网页→八哥网摘 - c:\Program Files\
O8 - Extra context menu item: 解霸实时播放 - C:\HEROSOFT\Hero3000\MPURLGET.HTM
O8 - Extra context menu item: 选定→八哥网摘 - c:\Program Files\
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: {414E7D87-8073-4EFB-9E4B-C8DF04C979EE} (PortalCom AAA 1.0) - http://61.236.121.14/PortalAX02.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128574160312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02AF188-65DF-481E-8CF5-0B6F90D49F92}: NameServer = 61.236.127.254 61.144.56.100

请不言放弃看看！谢谢