这是sreng的log
2006-05-22,14:07:12
System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
< HIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BigDogPath><; C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<eMuleAutoStart><; C:\Program Files\eMule\emule.exe -AutoStart>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Gigaget><; "C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\GigagetShell.exe" /s>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<KuGoo3><; "C:\Program Files\Kugoo3Cr\KuGoo.exe">
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><; "C:\DOCUME~1\孙斌\LOCALS~1\Temp\msnmsgr.exe" /background>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NWEReboot><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><; C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Thunder><; "C:\Program Files\Thunder\ThunderShell.exe" /s>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Xplus><; "g:\Program Files\Xplus\Xplus_Wait.exe" /min>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Xplus_spy><; "g:\Program Files\Xplus\xvcclip.exe" /min>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<xvcclip><; g:\Program Files\Xplus\xvcclip.exe>
==================================
启动文件夹
服务
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[LightScribeService Direct Disc Labeling Service / LightScribeService]
<"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[Network Shell Hardware / NSLHA]
<C:\WINDOWS\system32\conn.exe><N/A>
==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[系统标准按钮(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[GigagetIEHelper Class]
{111CAA23-6F4F-42AC-8555-B48C1D87BBAB} <C:\WINDOWS\system32\gigagetbho_v10.dll, Giganology Inc.>
[系统标准按钮(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Internet Explorer Helper]
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[使用迅雷下载]
<C:\Program Files\Thunder\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\getAllurl.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 592][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 752][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1184][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1416][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Super Rabbit\HappyPlayer\Codecs\mmfinfo.dll] <N/A><N/A>
[C:\Program Files\Super Rabbit\HappyPlayer\Codecs\mkunicode.dll] <N/A><N/A>
[C:\program files\winrar\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.388.1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 1572][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1680][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] <Hewlett-Packard Company><1.4.39.1>
[PID: 1748][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 784][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1888][C:\Program Files\港湾网络\农林科大认证软件\HammerSupplicant.exe] <HarbourNetworks><1, 0, 0, 1>
[C:\WINDOWS\system32\W32N50.dll] <rinting Communications Assoc., Inc. (PCAUSA)><5.00.13.50>
[PID: 1132][C:\Program Files\GreenBrowser\GreenBrowser.exe] <MoreQuick><1, 0, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 2024][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2084][C:\Program Files\Windows Media Player\wmplayer.exe] <Microsoft Corporation><9.00.00.3250>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\Program Files\Super Rabbit\HappyPlayer\Codecs\ffdshow.ax] <N/A><1.0.2.2007>
[C:\Program Files\Common Files\TopDomain\eXchange\HIKTRN.ax] <Nanjing Universal Networks (U-NET) Co., LTD.><1.02.1.221>
[C:\Program Files\Super Rabbit\HappyPlayer\Codecs\mpeg2dmx.ax] <Moonlight Cordless Ltd.><3, 1, 200, 50117>
[C:\Program Files\Super Rabbit\HappyPlayer\Codecs\vsfilter.dll] <Gabest><1, 0, 1, 3>
[C:\Program Files\Common Files\TopDomain\eXchange\ASFDMX.ax] <Nanjing Universal Networks (U-NET) Co., LTD.><1.02.1.221>
[C:\Program Files\Common Files\TopDomain\eXchange\RMFDMX.ax] <Nanjing Universal Networks (U-NET) Co., LTD.><1.02.1.221>
[C:\Program Files\Common Files\Ahead\DSFilter\NeSplitter.ax] <Nero AG><3, 2, 0, 15b>
[PID: 1904][C:\WINDOWS\system32\NOTEPAD.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1872][C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\Gigaget.exe] <N/A><N/A>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\updatedownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 45>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\log4cplus.dll] <><1, 0, 2, 1>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 135>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\FloatBar.dll] <Giganology Inc.><1, 0, 0, 2>
[C:\Program Files\Thunder\Gigaget_1.0.0.23_Rip_Cnfan.org\Gigaget\iTargetAD.dll] <N/A><N/A>
[PID: 3028][C:\Program Files\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.0.4.96>
[C:\Program Files\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 1>
[C:\Program Files\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 1>
[C:\Program Files\Thunder\log4cplus.dll] <><1, 0, 2, 1>
[C:\Program Files\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[C:\Program Files\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 73>
[C:\Program Files\Thunder\iThunder.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 30>
[C:\Program Files\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 4>
[PID: 2152][C:\program files\winrar\WinRAR.exe] <N/A><N/A>
[PID: 496][C:\DOCUME~1\孙斌\LOCALS~1\Temp\Rar$EX00.515\SREng.exe] <Smallfrogs Studio><2.0.12.350>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}] |
