怎么回事

wflqniao · 发表于 2008-11-4 09:34:45

ver 1.1

Windows XP
注册表启动信息
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
VModes                                              VModes UpdateRegistryOnly
VTTimer                                              VTTimer.exe
VTTrayp                                              VTtrayp.exe
runeip                                              "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
RfwMain                                              "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
RavTask                                              "C:\Program Files\Rising\Rav\RavTask.exe" -system

===========================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe                                           C:\WINDOWS\system32\ctfmon.exe

===========================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
DebugOptions                                        2048
Documents
DosPrint                                           no
load
NetMessage                                           no
NullPort                                           None
Programs                                           com exe bat pif cmd

===========================================
系统进程列表
映像名称                                                       PID
E:\王国鹏\梦幻\梦幻西游\download\ProcessInfo.exe             0
System                                                       4
\SystemRoot\System32\smss.exe                                  472
\??\C:\WINDOWS\system32\csrss.exe                            540
\??\C:\WINDOWS\system32\winlogon.exe                         564
C:\WINDOWS\system32\services.exe                               608
C:\WINDOWS\system32\lsass.exe                                  620
C:\WINDOWS\system32\svchost.exe                               772
C:\WINDOWS\system32\svchost.exe                               832
C:\Program Files\Rising\Rav\CCenter.exe                      916
C:\WINDOWS\System32\svchost.exe                               932
C:\WINDOWS\system32\svchost.exe                               1000
C:\WINDOWS\system32\svchost.exe                               1052
C:\PROGRAM FILES\RISING\RAV\ravmond.exe                      1088
C:\Program Files\Rising\Rfw\rfwsrv.exe                         1100
C:\Program Files\Rising\Rfw\rfwProxy.exe                      1128
C:\Program Files\Rising\Rfw\rfwstub.exe                      1456
C:\PROGRAM FILES\RISING\RAV\RavStub.exe                      1632
C:\WINDOWS\Explorer.EXE                                        1748
C:\Program Files\Rising\Rfw\RfwMain.exe                      1808
C:\WINDOWS\system32\spoolsv.exe                               1848
C:\Program Files\Rising\AntiSpyware\rstray.exe                764
C:\Program Files\Rising\Rav\RavTask.exe                      960
C:\WINDOWS\system32\ctfmon.exe                               1020
C:\Program Files\Rising\Rav\Ravmon.exe                         1096
C:\WINDOWS\system32\wdfmgr.exe                               1944
C:\WINDOWS\System32\alg.exe                                  2100
C:\Program Files\Internet Explorer\iexplore.exe                2588
C:\Program Files\Thunder\Program\Thunder5.exe                2036
E:\王国鹏\梦幻\梦幻西游\my.exe                               3324
E:\王国鹏\梦幻\梦幻西游\download\ProcessInfo.exe             2536

===========================================

wflqniao · 发表于 2008-11-4 09:37:28

梦幻西游进程信息
3324 my.exe
地址             长度             模块路径                                  模块描述                                           公司                                     版本
4194304          1552384          E:\王国鹏\梦幻\梦幻西游\my.exe             梦幻西游                                           Netease                                  1, 0, 0, 1
2089943040       602112          C:\WINDOWS\system32\ntdll.dll             NT Layer DLL                                        Microsoft Corporation                      5.1.2600.5512
2088763392       1171456          C:\WINDOWS\system32\kernel32.dll          Windows NT BASE API Client DLL                      Microsoft Corporation                      5.1.2600.5512
1561788416       630784          C:\WINDOWS\system32\COMCTL32.dll          Common Controls Library                            Microsoft Corporation                      6.00.2900.5512
2010775552       692224          C:\WINDOWS\system32\ADVAPI32.dll          Advanced Windows 32 Base API                         Microsoft Corporation                      5.1.2600.5512
2011496448       598016          C:\WINDOWS\system32\RPCRT4.dll             Remote Procedure Call Runtime                      Microsoft Corporation                      5.1.2600.5512
2013003776       69632          C:\WINDOWS\system32\Secur32.dll          Security Support Provider Interface                Microsoft Corporation                      5.1.2600.5512
2012151808       299008          C:\WINDOWS\system32\GDI32.dll             GDI Client DLL                                     Microsoft Corporation                      5.1.2600.5512
2010185728       589824          C:\WINDOWS\system32\USER32.dll             Windows XP USER API Client DLL                      Microsoft Corporation                      5.1.2600.5512
1982857216       118784          C:\WINDOWS\system32\IMM32.DLL             Windows XP IMM32 API Client DLL                      Microsoft Corporation                      5.1.2600.5512
1656881152       36864          C:\WINDOWS\system32\LPK.DLL                Language Pack                                        Microsoft Corporation                      5.1.2600.5512
1945763840       438272          C:\WINDOWS\system32\USP10.dll             Uniscribe Unicode script processor                   Microsoft Corporation                      1.0420.2600.5512
1610612736       475136          C:\WINDOWS\system32\kmon.dll             KaKa Monitors                                        Beijing Rising Information Technology Co., Ltd. 1, 0, 0, 28
268435456       196608          C:\Program Files\Rising\AntiSpyware\comx3.dll comx3 Dynamic Link Library                         Beijing Rising Information Technology Co., Ltd. 21.00
10878976       102400          C:\Program Files\Rising\AntiSpyware\Syslay.dll Syslay                                              Beijing Rising Information Technology Co., Ltd. 21.00
1995571200       32768          C:\WINDOWS\system32\Wtsapi32.dll          Windows Terminal Server SDK APIs                   Microsoft Corporation                      5.1.2600.5512
2008940544       360448          C:\WINDOWS\system32\msvcrt.dll             Windows NT CRT DLL                                  Microsoft Corporation                      7.0.2600.5512
1982660608       65536          C:\WINDOWS\system32\WINSTA.dll             Winstation Library                                  Microsoft Corporation                      5.1.2600.5512
1608318976       348160          C:\WINDOWS\system32\NETAPI32.dll          Net Win32 API DLL                                  Microsoft Corporation                      5.1.2600.5512
1975910400       655360          C:\WINDOWS\system32\urlmon.dll             OLE32 Extensions for Win32                         Microsoft Corporation                      6.00.2900.5512
1989738496       1298432          C:\WINDOWS\system32\ole32.dll             Microsoft OLE for Windows                            Microsoft Corporation                      5.1.2600.5512
2012479488       483328          C:\WINDOWS\system32\SHLWAPI.dll          Shell Light-weight Utility Library                   Microsoft Corporation                      6.00.2900.5512

怎么回事

接上个

浏览过的版块