我用瑞星听诊器扫的日志帮忙分析一下拉!
自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SoundMan = SOUNDMAN.EXE
RavMon = C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
YLive.exe = C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
yassistse = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll = C:\WINDOWS\System32\ctfmon.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\System32\webcheck.dll
SysTray = C:\WINDOWS\System32\st
object.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\System32\browseui.dll= Browseui 预加载程序
%SystemRoot%\System32\browseui.dll= 组件类别缓存程序
SYSTEM.INI BOOT SHELL EXPLORER.EXE
其他相关项
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search searchassistant ----> http://seek.yisou.com/srchasst.htm
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search CustomizeSearch ----> http://seek.yisou.com/srchcust.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> Administrator
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> Administrator
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
进程列表
[System Process]
System
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\rising\Rav\Rav.exe
D:\新建文件夹\RavDetect.exe
进程详细信息
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\rarext.dll
fb:C++HOOK
StringList *
_^[YY]
C,;C$s/
StringList
Archive
RAROptions
FileHeader
BlockHeader
BaseBlock
ExtResource
LanguageResources
ArchiveModules *
RarFormat *
RarCommand *
ZipFormat *
ZipCommand *
ModuleFormat *
ModuleCommand *
ModuleFormat *[2]
ArcFormat *[2]
D$N;CT~
Archive *[2]
Archive *
ArchiveShell *
_^[YY]
ArchiveShell
ArcFormat *
ModuleCommand
ModuleFormat
ZipCommand
ZipFormat
RarCommand
RarFormat
ArchiveModules
ArcFormat
ArcCommand
ListItemsArray
ListItemsArray *
File *
SaveFilePos
RawRead
SaveFilePos *
RAROptions *
RawRead *
ExtResource *
LanguageResources *
YZ]_^[
CClassFactory *
_^[YY]
CShellExtension *
CShellExtension
CClassFactory
FIClassFactory
IShellPropSheetExt
IContextMenu
IShellExtInit
FIPersistFile
FIDropTarget
FIUnknown
FIPersist
std::bad_alloc
bad_alloc *
std::exception
_^[YY]
std::bad_cast
std::bad_typeid
_RWSTDMutex
**BCCxh1
_^[YY]
std::type_info
type_info_hash
_^[YY]
_^[YY]
_^[YY]
H_^[Y]
e@FBC;u
_^[YY]
QUVWRSPT
0_^[Y]
jjjjjjj
jjjjjj
jjjjjj
jjjjjjj
Borland C++ - Copyright 1999 Inprise Corporation
SIMULATE_TLS: A second thread was about to be crea
Nonshared DATA segment required
Cannot run multiple instances of a DLL under WIN32
Formats\*.fmt
Formats\%s
Prepare
GetNextName
GetListItem
Extract
GetComment
Windows
rar|r##
VAX/VMS
VM/CMS
Atari ST
Mac-OS
Z-System
TOPS-20
SMS/QDOS
Acorn RISC OS
Windows VFAT
Tandem
zip|jar
FileList
AllVolumes
Software\WinRAR%s%s
RichEdit20W
DllGetVersion
TempFolder
\rartemp
\Software\Microsoft\Windows\CurrentVersion\Policie
NoDrives
kernel32.dll
GetDiskFreeSpaceExA
rarlng.dll
*messages***
COMBOBOX
rardeb.log
%02d:%02d:%02d rarext: %s
rarcxtXXXXXX
%s cw -y "%s" "%s"
rarext.lng
AddArc
EmailOpt
EmailArc
ExtrTo
ExtrHere
ExtrSep
OpenSFX
Convert
MenuIcons
Setup\MenuItems
CascadedMenu
WinRAR
Rar$MLXXXXXX
t -iext
%s %s -ow
"-anf=%s"
"-an=%s"
"?%s\"
%s %s
ExtractTo
Extract
ExtractHere
ExtractSeparate
EmailArcTo
Archive
UseRAR
EXTARCINFODLG
EXTCMTARCINFODLG
Software\Microsoft\Windows\CurrentVersion\App Path
winrar.exe
PathsAbs
PathsNone
%s %c %s%s%s-r0 -- %s
-ieml.
"@%s"
Rar$LSXXXXXX
Profiles\%d
Default
borlndmm
hrdir_b.c: LoadLibrary != mmdll borlndmm failed
borlndmm
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysReallocMem$qqrpvi
creating heap lock
no named exception thrown
bad exception thrown
bad alloc exception thrown
rwstderr
___CPPdebugHook
Stack Overflow!
allocating handle lock table
creating handle lock
creating global handle lock
),(((((),(((
XXXXXX
Error 0
Invalid function number
No such file or directory
Path not found
Too many open files
Permission denied
Bad file number
Memory arena trashed
Not enough memory
Invalid memory block address
Invalid environment
Invalid format
Invalid access code
Invalid data
Bad address
No such device
Attempted to remove current directory
Not same device
No more files
Invalid argument
Arg list too big
Exec format error
Cross-device link
Too many open files
No child processes
Inappropriate I/O control operation
Executable file in use
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Math argument
Result too large
File already exists
Possible deadlock
Operation not permitted
No such process
Interrupted function call
Input/output error
No such device or address
Resource temporarily unavailable
Block device required
Resource busy
Not a directory
Is a directory
Directory not empty
Unknown error
creating global stream lock
allocating stream lock table
creating stream lock
(null)
%H:%M:%S
%m/%d/%y
%A, %B %d, %Y
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
January
February
August
September
October
November
December
printf : floating point formats not linked
scanf : floating point formats not linked
printf : floating point formats not linked
scanf : floating point formats not linked
Error: system code page access failure; MBCS table
%02d/%02d/%04d %02d:%02d:%02d.%03d
kernel32.dll
GetProcAddress
Borland32
Pure virtual function called
Abnormal program termination
No space for copy of command line
No space for copy of command line
creating atexit lock
An exception (%08X) occurred during DllEntryPoint
creating thread data lock
Semaphore error
___CPPdebugHook
**BCCxh1
(&A)...
%s(&E)
Service Pack 1
C:\Program Files\WinRAR\WinRAR.exe
(null)
((((( H
inRAR\WinRAR.exe
rarext.dll
DllCanUnloadNow
DllGetClass
Object___CPPdebugHook
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\dmserver.dll (made by Microsoft Corp.)
