SREng日志(注明:我是在安全模式下扫的,管用不?)
2006-11-11,10:25:36
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<MsWinb><rem C:\Program Files\白猫清理工\MsWinb.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<explorer><C:\WINDOWS\system32\explorer.exe> []
<iexplore><C:\WINDOWS\system32\iexplore.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\rundl132.exe> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<systemdll><regsvr32 /s c:\WINDOWS\system32\system.dll> []
<IEXPLORER><C:\WINDOWS\System32\IEXPLORER.EXE> [Microsoft Corporation]
<system><C:\WINDOWS\system32\system.exe> [Microsoft Corporation]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<system><C:\WINDOWS\system32\system.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> []
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\internet explorer\fcguxsrz.dll> []
<{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}><C:\WINDOWS\System32\Cnscheck001.dll> []
==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[卡巴斯基反病毒软件6.0 / AVP]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab>
[Disk Managering / DisManager]
<C:\WINDOWS\DisManager.exe><N/A>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<D:\ZZ\tools\ewido_4.0.0.172c_3.3\guard.exe><Anti-Malware Development a.s.>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Machine Debug Manager / MDM]
<"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"><N/A>
[Rising Personal Firewall Service / RfwService]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[System Envents / System Envents]
<C:\WINDOWS\Server><N/A>
[windows update / windows update]
<C:\WINDOWS\cctv.com><N/A>
==================================
浏览器加载项
[]
{E936184C-31D7-561B-BA1B-A317F03F34FB} <c:\WINDOWS\system32\system.dll, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
==================================
正在运行的进程
[PID: 500][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 572][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 600][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[c:\program files\internet explorer\fcguxsrz.dll] <><1, 0, 0, 11>
[PID: 644][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 656][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 832][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 940][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1040][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1060][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1444][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[c:\program files\internet explorer\fcguxsrz.dll] <><1, 0, 0, 11>
[C:\WINDOWS\System32\Cnscheck001.dll] <N/A><N/A>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1716][C:\WINDOWS\System32\conime.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\Cnscheck001.dll] <N/A><N/A>
[PID: 1732][C:\WINDOWS\System32\cmd.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1768][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] <Kaspersky Lab><6.0.5.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl] <Kaspersky Lab><6.0.0.300>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl] <Kaspersky Lab><6.0.0.300>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl] <Kaspersky Lab><6.0.0.300>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\basegui.dll] <Kaspersky Lab><6.0.0.300>
[C:\WINDOWS\System32\Cnscheck001.dll] <N/A><N/A>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl] <Kaspersky Lab><6.0.0.16>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl] <Kaspersky Lab><6.0.0.299>
[PID: 424][D:\ZZ\tools\TheWorldFull\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[D:\ZZ\tools\THEWOR~1\Plugin\SysState\SysState.dll] <Phoenix Stdio><1, 0, 0, 4>
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[C:\WINDOWS\System32\Cnscheck001.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[C:\WINDOWS\System32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\System32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 580][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\Cnscheck001.dll] <N/A><N/A>
[PID: 1556][D:\ZZ\tools\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\System32\Cnscheck001.dll] <N/A><N/A>
==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
