Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

100% recources taken by RUNDLL32.exe grr

Discuss 100% recources taken by RUNDLL32.exe grr in the Antivirus Protection forum on Dev Shed.
100% recources taken by RUNDLL32.exe grr Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old January 25th, 2005, 06:30 PM
crazzedbull crazzedbull is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Posts: 1 crazzedbull User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 m 58 sec
Reputation Power: 0
100% recources taken by RUNDLL32.exe grr
Here is a hijackthis log: mabe that will help :

Logfile of HijackThis v1.99.0
Scan saved at 04:01:23, on 2005-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program\NetLimiter\NetLimiter.exe
C:\Program\dudez\protowall\ProtoWall.exe
C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\Program\F-Secure\Common\FIH32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\F-Secure\FSGUI\fsguiexe.exe
C:\Program\Hub Client\Poison Ivy\YnHub.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [PBReboot] c:\windows\rundll.exe c:\windows\system\setupx.dll,InstallHinfSection DefaultInstall 2 c:\windows\reboot.inf
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ProtoWall] C:\Program\dudez\protowall\ProtoWall.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095790904957
O23 - Service: F-Secure BackWeb - Unknown - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown - C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\system32\r_server.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program\RealVNC\VNC4\WinVNC4.exe
Reply With Quote
  #2  
Old January 25th, 2005, 08:35 PM
balamm's Avatar
balamm balamm is offline
Permanently Banned
Dev Shed Intermediate (1500 - 1999 posts)
  
Join Date: Mar 2004
Posts: 1,742 balamm User rank is Corporal (100 - 500 Reputation Level)balamm User rank is Corporal (100 - 500 Reputation Level)balamm User rank is Corporal (100 - 500 Reputation Level)balamm User rank is Corporal (100 - 500 Reputation Level) 
Time spent in forums: 6 Days 12 h 8 m 2 sec
Warnings Level: 10
Number of bans: 1
Reputation Power: 0
It's quite likely a virus masquerading as a process but please don't post your logs in this forum.

Read the notice at the top of this section for info on that.
Reply With Quote
  #3  
Old January 26th, 2005, 02:31 PM
edwinbrains's Avatar
edwinbrains edwinbrains is offline
Retired Moderator
Dev Shed God 4th Plane (6500 - 6999 posts)
  
Join Date: Jan 2004
Location: London, UK
Posts: 6,670 edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced Folder
Time spent in forums: 1 Week 6 Days 23 h 39 m 19 sec
Reputation Power: 92
Thread moved from Windows Help to Antivirus Protection.
__________________
- Edwin -

The General Rules Thread | The General FAQ Thread
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > 100% recources taken by RUNDLL32.exe grr

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway