瑞星卡卡安全论坛

请看下下
2006-03-20,11:20:11

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Home Edition Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATICCC><"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RTHDCPL><RTHDCPL.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KBD><C:\HP\KBD\KBD.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KAVPersonal50><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[ATI CATALYST 系统托盘]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ATI CATALYST 系统托盘.lnk><N>
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><N>
[卡巴斯基反黑客]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\卡巴斯基反黑客.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[kavsvc / kavsvc]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>

==================================
浏览器加载项
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Hotmail Attachments Control]
  {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} <C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx, N/A>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[用比特精灵下载(&B)]
  <D:\Program Files\BitSpirit\bsurl.htm, N/A>

正在运行的进程
[PID: 792][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 868][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4119>
[PID: 912][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 924][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1072][C:\WINDOWS\System32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4119>
    [C:\WINDOWS\System32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 1116][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1192][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1304][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1492][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\EBPMON2.DLL]  <SEIKO EPSON CORPORATION><2, 20, 0, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PF5NTMUI.DLL]  <Panasonic Communications Co., Ltd.><5.07>
[PID: 1700][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4119>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 1784][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.1.63.0>
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  <Nero AG><2, 0, 0, 8>
    [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  <Nero AG><2, 0, 4, 3>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll]  <Kaspersky Lab><5.0.388.1>
[PID: 600][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1596][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 584][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>

【回复“zq77”的帖子】
楼主的日志没有问题
再说楼主也是用管理员来登陆的
怎么会找不到管理员呢
我也不明白