瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手 我这台电脑中病毒了 附日志 怎么杀

12   2  /  2  页   跳转

高手 我这台电脑中病毒了 附日志 怎么杀

收藏
风格一派
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-02-05
  • 来自:
发表于: 2006-02-05 13:37 | 显示全部 短消息 资料
字号: 11楼

System Information Collect Tool - Designed By Smallfrogs


20060205-13:32
Windows 2000 Service Pack 4
Internet Explorer: 6.0.2800.1106


*****************************************************************
      Runing Processes information
*****************************************************************
=====================================================
PROCESS NAME:  System
-----------------------------------------------------
  Process ID  = 0x00000008
  Thread count= 36
  Parent process ID = 0
  Priority Class    = 32


Modules:
------------------------------------


=====================================================
PROCESS NAME:  smss.exe
-----------------------------------------------------
  Process ID  = 0x00000094
  Thread count= 6
  Parent process ID = 8
  Priority Class    = 32


Modules:
------------------------------------
\SystemRoot\System32\smss.exe (0x48580000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\WINNT\System32\sfcfiles.dll (0x67720000)



=====================================================
PROCESS NAME:  csrss.exe
-----------------------------------------------------
    WARNING: OpenProcess failed with error 5 ()
  Process ID  = 0x000000ac
  Thread count= 9
  Parent process ID = 148


Modules:
------------------------------------


=====================================================
PROCESS NAME:  winlogon.exe
-----------------------------------------------------
  Process ID  = 0x000000a8
  Thread count= 18
  Parent process ID = 148
  Priority Class    = 128


Modules:
------------------------------------
\??\D:\WINNT\system32\winlogon.exe (0x01000000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\WINNT\system32\MSVCRT.dll (0x78000000)

D:\WINNT\system32\KERNEL32.dll (0x77E60000)

D:\WINNT\system32\ADVAPI32.dll (0x796D0000)

D:\WINNT\system32\RPCRT4.DLL (0x786F0000)

D:\WINNT\system32\GDI32.dll (0x77F40000)

D:\WINNT\system32\USER32.dll (0x77DF0000)

D:\WINNT\system32\USERENV.dll (0x794D0000)

D:\WINNT\system32\NDdeApi.dll (0x76940000)

D:\WINNT\system32\sfc.dll (0x76920000)

D:\WINNT\system32\sfcfiles.dll (0x67720000)

D:\WINNT\system32\Secur32.dll (0x797B0000)

D:\WINNT\system32\PROFMAP.dll (0x68830000)

D:\WINNT\system32\NETAPI32.dll (0x75100000)

D:\WINNT\system32\NTDSAPI.dll (0x77BD0000)

D:\WINNT\system32\DNSAPI.DLL (0x77960000)

D:\WINNT\system32\WSOCK32.DLL (0x74FD0000)

D:\WINNT\system32\WS2_32.DLL (0x74FB0000)

D:\WINNT\system32\WS2HELP.DLL (0x74FA0000)

D:\WINNT\system32\WLDAP32.DLL (0x77930000)

D:\WINNT\system32\NETRAP.dll (0x75150000)

D:\WINNT\system32\SAMLIB.dll (0x750E0000)

D:\WINNT\system32\IMM32.DLL (0x75E00000)

D:\WINNT\system32\LPK.DLL (0x6C330000)

D:\WINNT\system32\USP10.dll (0x65D20000)

D:\WINNT\system32\sockspy.dll (0x10000000)

D:\WINNT\system32\msgina.dll (0x77CA0000)

D:\WINNT\system32\SHELL32.dll (0x78F90000)

D:\WINNT\system32\SHLWAPI.dll (0x70A70000)

D:\WINNT\system32\COMCTL32.dll (0x71710000)

D:\WINNT\system32\WINSTA.dll (0x64E20000)

D:\WINNT\system32\WINMM.dll (0x77530000)

D:\WINNT\system32\setupapi.dll (0x6D990000)

D:\WINNT\system32\wdmaud.drv (0x77520000)

D:\WINNT\system32\wintrust.dll (0x768D0000)

D:\WINNT\system32\CRYPT32.dll (0x79C40000)

D:\WINNT\system32\MSASN1.DLL (0x773F0000)

D:\WINNT\system32\IMAGEHLP.dll (0x77900000)

D:\WINNT\system32\ole32.dll (0x77A30000)

D:\WINNT\system32\mscat32.dll (0x769A0000)

D:\WINNT\system32\rsaenh.dll (0x7CA00000)

D:\WINNT\system32\VERSION.dll (0x777E0000)

D:\WINNT\system32\LZ32.DLL (0x75950000)

D:\WINNT\system32\cscdll.dll (0x77080000)

D:\WINNT\system32\WlNotify.dll (0x768C0000)

D:\WINNT\system32\CERTCLI.DLL (0x75510000)

D:\WINNT\system32\ATL.DLL (0x773A0000)

D:\WINNT\system32\WINSCARD.DLL (0x76900000)

D:\WINNT\system32\WINSPOOL.DRV (0x777C0000)

D:\WINNT\system32\MPR.DLL (0x79B20000)

D:\WINNT\system32\msacm32.drv (0x773C0000)

D:\WINNT\system32\MSACM32.dll (0x773D0000)

D:\WINNT\system32\cscui.dll (0x77810000)

D:\WINNT\system32\wzcdlg.dll (0x02090000)

D:\WINNT\system32\OLEAUT32.dll (0x77990000)

D:\WINNT\system32\WZCSAPI.DLL (0x020B0000)

D:\WINNT\system32\CLBCATQ.DLL (0x72C50000)

D:\WINNT\system32\msv1_0.dll (0x782D0000)

D:\WINNT\system32\IPHLPAPI.DLL (0x77300000)

D:\WINNT\system32\ICMP.DLL (0x774E0000)

D:\WINNT\system32\MPRAPI.DLL (0x772E0000)

D:\WINNT\system32\ACTIVEDS.DLL (0x77370000)

D:\WINNT\system32\ADSLDPC.DLL (0x77340000)

D:\WINNT\system32\RTUTILS.DLL (0x777F0000)

D:\WINNT\system32\RASAPI32.DLL (0x774A0000)

D:\WINNT\system32\RASMAN.DLL (0x77480000)

D:\WINNT\system32\TAPI32.DLL (0x774F0000)

D:\WINNT\system32\DHCPCSVC.DLL (0x77320000)



=====================================================
PROCESS NAME:  services.exe
-----------------------------------------------------
  Process ID  = 0x000000dc
  Thread count= 39
  Parent process ID = 168
  Priority Class    = 32


Modules:
------------------------------------
D:\WINNT\system32\services.exe (0x01000000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\WINNT\system32\RPCRT4.DLL (0x786F0000)

D:\WINNT\system32\KERNEL32.DLL (0x77E60000)

D:\WINNT\system32\ADVAPI32.DLL (0x796D0000)

D:\WINNT\system32\NETAPI32.DLL (0x75100000)

D:\WINNT\system32\MSVCRT.dll (0x78000000)

D:\WINNT\system32\Secur32.dll (0x797B0000)

D:\WINNT\system32\NTDSAPI.dll (0x77BD0000)

D:\WINNT\system32\DNSAPI.DLL (0x77960000)

D:\WINNT\system32\WSOCK32.DLL (0x74FD0000)

D:\WINNT\system32\WS2_32.DLL (0x74FB0000)

D:\WINNT\system32\WS2HELP.DLL (0x74FA0000)

D:\WINNT\system32\WLDAP32.DLL (0x77930000)

D:\WINNT\system32\NETRAP.dll (0x75150000)

D:\WINNT\system32\SAMLIB.dll (0x750E0000)

D:\WINNT\system32\USER32.DLL (0x77DF0000)

D:\WINNT\system32\GDI32.dll (0x77F40000)

D:\WINNT\system32\UMPNPMGR.DLL (0x76740000)

D:\WINNT\system32\USERENV.DLL (0x794D0000)

D:\WINNT\system32\SCESRV.DLL (0x767B0000)

D:\WINNT\system32\IMM32.DLL (0x75E00000)

D:\WINNT\system32\LPK.DLL (0x6C330000)

D:\WINNT\system32\USP10.dll (0x65D20000)

D:\WINNT\system32\sockspy.dll (0x10000000)

D:\WINNT\system32\eventlog.dll (0x76830000)

D:\WINNT\system32\dhcpcsvc.dll (0x77320000)

D:\WINNT\system32\ICMP.DLL (0x774E0000)

D:\WINNT\system32\IPHLPAPI.DLL (0x77300000)

D:\WINNT\system32\MPRAPI.DLL (0x772E0000)

D:\WINNT\system32\OLE32.DLL (0x77A30000)

D:\WINNT\system32\OLEAUT32.DLL (0x77990000)

D:\WINNT\system32\ACTIVEDS.DLL (0x77370000)

D:\WINNT\system32\ADSLDPC.DLL (0x77340000)

D:\WINNT\system32\RTUTILS.DLL (0x777F0000)

D:\WINNT\system32\SETUPAPI.DLL (0x6D990000)

D:\WINNT\system32\RASAPI32.DLL (0x774A0000)

D:\WINNT\system32\RASMAN.DLL (0x77480000)

D:\WINNT\system32\TAPI32.DLL (0x774F0000)

D:\WINNT\system32\COMCTL32.DLL (0x71710000)

D:\WINNT\system32\SHLWAPI.DLL (0x70A70000)

D:\WINNT\system32\dnsrslvr.dll (0x76840000)

D:\WINNT\system32\lmhsvc.dll (0x76820000)

D:\WINNT\system32\WINSTA.DLL (0x64E20000)

D:\WINNT\system32\dmserver.dll (0x76860000)

D:\WINNT\system32\CFGMGR32.DLL (0x77070000)

D:\WINNT\system32\Srvsvc.dll (0x76780000)

D:\WINNT\system32\WINSPOOL.DRV (0x777C0000)

D:\WINNT\system32\MPR.DLL (0x79B20000)

D:\WINNT\system32\wkssvc.dll (0x76710000)

D:\WINNT\system32\cryptdll.dll (0x76610000)

D:\WINNT\system32\cryptsvc.dll (0x76870000)

D:\WINNT\system32\psbase.dll (0x783B0000)

D:\WINNT\system32\rsaenh.dll (0x7CA00000)

D:\WINNT\system32\CRYPT32.dll (0x79C40000)

D:\WINNT\system32\MSASN1.DLL (0x773F0000)

D:\WINNT\system32\xactsrv.dll (0x75620000)

D:\WINNT\system32\browser.dll (0x79A70000)

D:\WINNT\system32\ESENT.dll (0x70070000)

D:\WINNT\system32\seclogon.dll (0x767A0000)

D:\WINNT\system32\trkwks.dll (0x76760000)

D:\WINNT\system32\msgsvc.dll (0x76810000)

D:\WINNT\system32\wmicore.dll (0x766F0000)

D:\WINNT\system32\msafd.dll (0x74F50000)

D:\WINNT\System32\wshtcpip.dll (0x74F90000)



=====================================================
PROCESS NAME:  lsass.exe
-----------------------------------------------------
  Process ID  = 0x000000e8
  Thread count= 17
  Parent process ID = 168
  Priority Class    = 32
gototop
 
风格一派
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-02-05
  • 来自:
发表于: 2006-02-05 13:38 | 显示全部 短消息 资料
字号: 12楼

Modules:
------------------------------------
D:\WINNT\system32\lsass.exe (0x01000000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\WINNT\system32\KERNEL32.dll (0x77E60000)

D:\WINNT\system32\LSASRV.dll (0x78540000)

D:\WINNT\system32\MSVCRT.dll (0x78000000)

D:\WINNT\system32\cryptdll.dll (0x76610000)

D:\WINNT\system32\ADVAPI32.DLL (0x796D0000)

D:\WINNT\system32\RPCRT4.DLL (0x786F0000)

D:\WINNT\system32\Secur32.dll (0x797B0000)

D:\WINNT\system32\USER32.dll (0x77DF0000)

D:\WINNT\system32\GDI32.dll (0x77F40000)

D:\WINNT\system32\SAMSRV.dll (0x799D0000)

D:\WINNT\system32\DNSAPI.DLL (0x77960000)

D:\WINNT\system32\WSOCK32.DLL (0x74FD0000)

D:\WINNT\system32\WS2_32.DLL (0x74FB0000)

D:\WINNT\system32\WS2HELP.DLL (0x74FA0000)

D:\WINNT\system32\MSASN1.dll (0x773F0000)

D:\WINNT\system32\NETAPI32.dll (0x75100000)

D:\WINNT\system32\NTDSAPI.dll (0x77BD0000)

D:\WINNT\system32\WLDAP32.DLL (0x77930000)

D:\WINNT\system32\NETRAP.dll (0x75150000)

D:\WINNT\system32\SAMLIB.dll (0x750E0000)

D:\WINNT\system32\IMM32.DLL (0x75E00000)

D:\WINNT\system32\LPK.DLL (0x6C330000)

D:\WINNT\system32\USP10.dll (0x65D20000)

D:\WINNT\system32\sockspy.dll (0x10000000)

D:\WINNT\system32\msprivs.dll (0x76580000)

D:\WINNT\system32\kerberos.dll (0x78280000)

D:\WINNT\system32\msv1_0.dll (0x782D0000)

D:\WINNT\system32\CRYPT32.DLL (0x79C40000)

D:\WINNT\system32\IPHLPAPI.DLL (0x77300000)

D:\WINNT\system32\ICMP.DLL (0x774E0000)

D:\WINNT\system32\MPRAPI.DLL (0x772E0000)

D:\WINNT\system32\OLE32.DLL (0x77A30000)

D:\WINNT\system32\OLEAUT32.DLL (0x77990000)

D:\WINNT\system32\ACTIVEDS.DLL (0x77370000)

D:\WINNT\system32\ADSLDPC.DLL (0x77340000)

D:\WINNT\system32\RTUTILS.DLL (0x777F0000)

D:\WINNT\system32\SETUPAPI.DLL (0x6D990000)

D:\WINNT\system32\USERENV.DLL (0x794D0000)

D:\WINNT\system32\RASAPI32.DLL (0x774A0000)

D:\WINNT\system32\RASMAN.DLL (0x77480000)

D:\WINNT\system32\TAPI32.DLL (0x774F0000)

D:\WINNT\system32\COMCTL32.DLL (0x71710000)

D:\WINNT\system32\SHLWAPI.DLL (0x70A70000)

D:\WINNT\system32\DHCPCSVC.DLL (0x77320000)

D:\WINNT\system32\netlogon.dll (0x76520000)

D:\WINNT\system32\schannel.dll (0x78160000)

D:\WINNT\system32\rsabase.dll (0x7CA00000)

D:\WINNT\system32\mpr.dll (0x79B20000)

D:\WINNT\system32\scecli.dll (0x763D0000)

D:\WINNT\system32\polagent.dll (0x76480000)

D:\WINNT\system32\MFC42u.DLL (0x76F70000)

D:\WINNT\system32\oakley.DLL (0x79A90000)

D:\WINNT\system32\MFC42LOC.DLL (0x6BC20000)

D:\WINNT\system32\msafd.dll (0x74F50000)

D:\WINNT\System32\wshtcpip.dll (0x74F90000)

D:\WINNT\system32\rsaenh.dll (0x00CB0000)

D:\WINNT\system32\dssenh.dll (0x67400000)



=====================================================
PROCESS NAME:  svchost.exe
-----------------------------------------------------
  Process ID  = 0x00000198
  Thread count= 9
  Parent process ID = 220
  Priority Class    = 32


Modules:
------------------------------------
D:\WINNT\system32\svchost.exe (0x01000000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\WINNT\system32\ADVAPI32.DLL (0x796D0000)

D:\WINNT\system32\KERNEL32.DLL (0x77E60000)

D:\WINNT\system32\RPCRT4.DLL (0x786F0000)

D:\WINNT\system32\OLE32.DLL (0x77A30000)

D:\WINNT\system32\GDI32.dll (0x77F40000)

D:\WINNT\system32\USER32.dll (0x77DF0000)

D:\WINNT\system32\IMM32.DLL (0x75E00000)

D:\WINNT\system32\LPK.DLL (0x6C330000)

D:\WINNT\system32\USP10.dll (0x65D20000)

D:\WINNT\system32\sockspy.dll (0x10000000)

d:\winnt\system32\rpcss.dll (0x7CA90000)

D:\WINNT\system32\MSVCRT.dll (0x78000000)

d:\winnt\system32\USERENV.dll (0x794D0000)

d:\winnt\system32\WS2_32.dll (0x74FB0000)

d:\winnt\system32\WS2HELP.DLL (0x74FA0000)

d:\winnt\system32\Secur32.dll (0x797B0000)

d:\winnt\system32\WINSTA.dll (0x64E20000)

D:\WINNT\system32\rsaenh.dll (0x7CA00000)

D:\WINNT\system32\CRYPT32.dll (0x79C40000)

D:\WINNT\system32\MSASN1.DLL (0x773F0000)

D:\WINNT\system32\mswsock.dll (0x74F70000)

D:\WINNT\system32\DNSAPI.DLL (0x77960000)

D:\WINNT\system32\WSOCK32.DLL (0x74FD0000)

D:\WINNT\system32\msafd.dll (0x74F50000)

D:\WINNT\System32\wshtcpip.dll (0x74F90000)

D:\WINNT\System32\rnr20.dll (0x77800000)

D:\WINNT\system32\iphlpapi.dll (0x77300000)

D:\WINNT\system32\ICMP.DLL (0x774E0000)

D:\WINNT\system32\MPRAPI.DLL (0x772E0000)

D:\WINNT\system32\SAMLIB.DLL (0x750E0000)

D:\WINNT\system32\NETAPI32.DLL (0x75100000)

D:\WINNT\system32\NTDSAPI.dll (0x77BD0000)

D:\WINNT\system32\WLDAP32.DLL (0x77930000)

D:\WINNT\system32\NETRAP.dll (0x75150000)

D:\WINNT\system32\OLEAUT32.DLL (0x77990000)

D:\WINNT\system32\ACTIVEDS.DLL (0x77370000)

D:\WINNT\system32\ADSLDPC.DLL (0x77340000)

D:\WINNT\system32\RTUTILS.DLL (0x777F0000)

D:\WINNT\system32\SETUPAPI.DLL (0x6D990000)

D:\WINNT\system32\RASAPI32.DLL (0x774A0000)

D:\WINNT\system32\RASMAN.DLL (0x77480000)

D:\WINNT\system32\TAPI32.DLL (0x774F0000)

D:\WINNT\system32\COMCTL32.DLL (0x71710000)

D:\WINNT\system32\SHLWAPI.DLL (0x70A70000)

D:\WINNT\system32\DHCPCSVC.DLL (0x77320000)

D:\WINNT\System32\winrnr.dll (0x777A0000)

D:\WINNT\system32\rasadhlp.dll (0x777B0000)

D:\WINNT\System32\wshisn.dll (0x75420000)

D:\WINNT\System32\wshnetbs.dll (0x75440000)

D:\WINNT\system32\CLBCATQ.DLL (0x72C50000)

D:\WINNT\system32\msv1_0.dll (0x782D0000)

D:\WINNT\system32\msi.dll (0x745E0000)



=====================================================
PROCESS NAME:  CCenter.exe
-----------------------------------------------------
  Process ID  = 0x000001b0
  Thread count= 3
  Parent process ID = 220
  Priority Class    = 32


Modules:
------------------------------------
D:\Program Files\Rising\Rav\CCenter.exe (0x00400000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\WINNT\system32\KERNEL32.dll (0x77E60000)

D:\WINNT\system32\USER32.dll (0x77DF0000)

D:\WINNT\system32\GDI32.dll (0x77F40000)

D:\WINNT\system32\ADVAPI32.dll (0x796D0000)

D:\WINNT\system32\RPCRT4.DLL (0x786F0000)

D:\WINNT\system32\IMM32.DLL (0x75E00000)

D:\WINNT\system32\LPK.DLL (0x6C330000)

D:\WINNT\system32\USP10.dll (0x65D20000)

D:\WINNT\system32\sockspy.dll (0x10000000)



=====================================================
PROCESS NAME:  Ravmond.exe
-----------------------------------------------------
  Process ID  = 0x000001c0
  Thread count= 26
  Parent process ID = 220
  Priority Class    = 32


Modules:
------------------------------------
D:\Program Files\Rising\Rav\Ravmond.exe (0x00400000)

D:\WINNT\system32\ntdll.dll (0x77F80000)

D:\Program Files\Rising\Rav\BWList.dll (0x10000000)

D:\WINNT\system32\MFC42.DLL (0x6BC40000)

D:\WINNT\system32\MSVCRT.dll (0x78000000)

D:\WINNT\system32\KERNEL32.dll (0x77E60000)

D:\WINNT\system32\GDI32.dll (0x77F40000)

D:\WINNT\system32\USER32.dll (0x77DF0000)

D:\WINNT\system32\ADVAPI32.dll (0x796D0000)

D:\WINNT\system32\RPCRT4.DLL (0x786F0000)

D:\WINNT\system32\SHELL32.dll (0x78F90000)

D:\WINNT\system32\SHLWAPI.dll (0x70A70000)

D:\WINNT\system32\COMCTL32.dll (0x71710000)

D:\WINNT\system32\MSVCP60.dll (0x780C0000)

D:\WINNT\system32\WSOCK32.dll (0x74FD0000)

D:\WINNT\system32\WS2_32.DLL (0x74FB0000)

D:\WINNT\system32\WS2HELP.DLL (0x74FA0000)

D:\WINNT\system32\OLEAUT32.dll (0x77990000)

D:\WINNT\system32\ole32.dll (0x77A30000)

D:\WINNT\system32\VERSION.dll (0x777E0000)

D:\WINNT\system32\LZ32.DLL (0x75950000)

D:\WINNT\system32\IMM32.DLL (0x75E00000)

D:\WINNT\system32\LPK.DLL (0x6C330000)

D:\WINNT\system32\USP10.dll (0x65D20000)

D:\WINNT\system32\sockspy.dll (0x00620000)

D:\WINNT\system32\MFC42LOC.DLL (0x6BC20000)

D:\Program Files\Rising\Rav\RsCommX.dll (0x00B90000)

D:\Program Files\Rising\Rav\RSAPPMGR.DLL (0x00FC0000)

D:\Program Files\Rising\Rav\CfgDll.dll (0x090E0000)

D:\Program Files\Rising\Rav\RSCOMMON.DLL (0x23700000)

D:\Program Files\Rising\Rav\RsLog.dll (0x09370000)

D:\Program Files\Rising\Rav\HOOKSYS.dll (0x09380000)

D:\Program Files\Rising\Rav\Scanner.dll (0x094B0000)

D:\Program Files\Rising\Rav\libload.dll (0x13100000)

D:\Program Files\Rising\Rav\VirusLib.dll (0x09610000)

D:\Program Files\Rising\Rav\regmon.dll (0x09750000)

D:\Program Files\Rising\Rav\psapi.dll (0x731B0000)

D:\WINNT\system32\IMAGEHLP.dll (0x77900000)

D:\Program Files\Rising\Rav\HookWeb.dll (0x099E0000)

D:\Program Files\Rising\Rav\MemMon.dll (0x09A00000)

D:\Program Files\Rising\Rav\expscan.dll (0x09A30000)

D:\Program Files\Rising\Rav\mPorts.dll (0x09A50000)

D:\WINNT\system32\iphlpapi.dll (0x77300000)

D:\WINNT\system32\ICMP.DLL (0x774E0000)

D:\WINNT\system32\MPRAPI.DLL (0x772E0000)

D:\WINNT\system32\SAMLIB.DLL (0x750E0000)

D:\WINNT\system32\NETAPI32.DLL (0x75100000)

D:\WINNT\system32\Secur32.dll (0x797B0000)

D:\WINNT\system32\NTDSAPI.dll (0x77BD0000)

D:\WINNT\system32\DNSAPI.DLL (0x77960000)

D:\WINNT\system32\WLDAP32.DLL (0x77930000)

D:\WINNT\system32\NETRAP.dll (0x75150000)

D:\WINNT\system32\ACTIVEDS.DLL (0x77370000)

D:\WINNT\system32\ADSLDPC.DLL (0x77340000)

D:\WINNT\system32\RTUTILS.DLL (0x777F0000)

D:\WINNT\system32\SETUPAPI.DLL (0x6D990000)

D:\WINNT\system32\USERENV.DLL (0x794D0000)

D:\WINNT\system32\RASAPI32.DLL (0x774A0000)

D:\WINNT\system32\RASMAN.DLL (0x77480000)

D:\WINNT\system32\TAPI32.DLL (0x774F0000)

D:\WINNT\system32\DHCPCSVC.DLL (0x77320000)

D:\Program Files\Rising\Rav\MailMon.dll (0x09F60000)

D:\Program Files\Rising\Rav\SpamEng.dll (0x09F90000)

D:\Program Files\Rising\Rav\engine.dll (0x13A80000)

D:\WINNT\system32\msafd.dll (0x74F50000)

D:\WINNT\System32\wshtcpip.dll (0x74F90000)

D:\Program Files\Rising\Rav\PostTrt.dll (0x0AA60000)

D:\Program Files\Rising\Rav\UnExe.dll (0x0AAA0000)

D:\Program Files\Rising\Rav\ScanExec.dll (0x13AB0000)

D:\Program Files\Rising\Rav\ScanEx.dll (0x0B310000)

D:\Program Files\Rising\Rav\NvFile.dll (0x0B620000)

D:\Program Files\Rising\Rav\ScanMac.dll (0x13AF0000)

D:\Program Files\Rising\Rav\ScanSct.dll (0x0B940000)

D:\WINNT\system32\CLBCATQ.DLL (0x72C50000)

D:\Program Files\Rising\Rav\Unpacker.dll (0x0FA50000)

D:\WINNT\system32\perfproc.dll (0x68A50000)

D:\Program Files\Rising\Rav\ExtOLE.dll (0x0C480000)

D:\Program Files\Rising\Rav\ScanNet.dll (0x11410000)



=====================================================
PROCESS NAME:  spoolsv.exe
-----------------------------------------------------
  Process ID  = 0x000001ec
  Thread count= 12
  Parent process ID = 220
  Priority Class    = 32
gototop
 
风格一派
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-02-05
  • 来自:
发表于: 2006-02-05 13:44 | 显示全部 短消息 资料
字号: 13楼

还有n多的
gototop
 
风格一派
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-02-05
  • 来自:
发表于: 2006-02-05 13:51 | 显示全部 短消息 资料
字号: 14楼

关键部分 具体点呢``
gototop
 
风格一派
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-02-05
  • 来自:
发表于: 2006-02-05 13:53 | 显示全部 短消息 资料
字号: 15楼

Boot items in Registry
*****************************************************************
------------------------------------------------------------
0:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
------------------------------------------------------------
eMuleAutoStart……E:\Program Files\eMule\eMule.exe -AutoStart
------------------------------------------------------------
1:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
------------------------------------------------------------
------------------------------------------------------------
2:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
------------------------------------------------------------
------------------------------------------------------------
3:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
------------------------------------------------------------
------------------------------------------------------------
4:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
------------------------------------------------------------
------------------------------------------------------------
5:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows  键值名称:load
------------------------------------------------------------
load……
------------------------------------------------------------
6:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows  键值名称:run
------------------------------------------------------------
run……
------------------------------------------------------------
7:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System  键值名称:Shell
------------------------------------------------------------
------------------------------------------------------------
8:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
------------------------------------------------------------
------------------------------------------------------------
9:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
------------------------------------------------------------
Synchronization Manager……mobsync.exe /logon
LANServer……rem D:\PROGRA~1\LANSER~1\CSERVER.EXE
DSLAGENTEXE……rem dslagent.exe
TkBellExe……"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
WeatherOnTray……D:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
HbTools……D:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
SoundMan……SOUNDMAN.EXE
RavTask……"D:\Program Files\Rising\Rav\RavTask.exe" -system
------------------------------------------------------------
10:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
------------------------------------------------------------
------------------------------------------------------------
11:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
------------------------------------------------------------
------------------------------------------------------------
12:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService
------------------------------------------------------------
------------------------------------------------------------
13:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
------------------------------------------------------------
------------------------------------------------------------
14:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
------------------------------------------------------------
------------------------------------------------------------
15:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon  键值名称:Shell
------------------------------------------------------------
Shell……explorer.exe
------------------------------------------------------------
16:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon  键值名称:Userinit
------------------------------------------------------------
Userinit……D:\WINNT\system32\userinit.exe,
------------------------------------------------------------
17:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows  键值名称:AppInit_DLLs
------------------------------------------------------------
AppInit_DLLs……sockspy.dll


*****************************************************************
      File association information
*****************************************************************
------------------------------------------------------------
0:HKEY_CLASSES_ROOT\.exe
------------------------------------------------------------
<DEFAULT> = exefile, 正常!
------------------------------------------------------------
1:HKEY_CLASSES_ROOT\exefile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常!
------------------------------------------------------------
2:HKEY_CLASSES_ROOT\exefile\shell\runas\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常!
------------------------------------------------------------
3:HKEY_CLASSES_ROOT\.txt
------------------------------------------------------------
<DEFAULT> = txtfile, 正常!
------------------------------------------------------------
4:HKEY_CLASSES_ROOT\txtfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = notepad.exe %1, 不正常!正常值:%SystemRoot%\system32\NOTEPAD.EXE %1。请使用RegFix修复关联!软件可以到 http://www.KZTechs.com 下载。
------------------------------------------------------------
5:HKEY_CLASSES_ROOT\.reg
------------------------------------------------------------
<DEFAULT> = regfile, 正常!
------------------------------------------------------------
6:HKEY_CLASSES_ROOT\regfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = regedit.exe "%1", 正常!
------------------------------------------------------------
7:HKEY_CLASSES_ROOT\.bat
------------------------------------------------------------
<DEFAULT> = batfile, 正常!
------------------------------------------------------------
8:HKEY_CLASSES_ROOT\batfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常!
------------------------------------------------------------
9:HKEY_CLASSES_ROOT\.com
------------------------------------------------------------
<DEFAULT> = comfile, 正常!
------------------------------------------------------------
10:HKEY_CLASSES_ROOT\comfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常!
------------------------------------------------------------
11:HKEY_CLASSES_ROOT\.scr
------------------------------------------------------------
<DEFAULT> = scrfile, 正常!
------------------------------------------------------------
12:HKEY_CLASSES_ROOT\scrfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" /s, 不正常!正常值:"%1" /S。请使用RegFix修复关联!软件可以到 http://www.KZTechs.com 下载。
------------------------------------------------------------
13:HKEY_CLASSES_ROOT\.pif
------------------------------------------------------------
<DEFAULT> = piffile, 正常!
------------------------------------------------------------
14:HKEY_CLASSES_ROOT\piffile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常!
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT