启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <DAEMON Tools-2052><"D:\Program Files\D-Tools\daemon.exe"  -lang 2052>  [DAEMON'S HOME]
    <KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize>  [Kaspersky Lab]
    <Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <SVCHOST><C:\WINDOWS\MDM.EXE>  [N/A]
    <Rundll><C:\WINDOWS\system32\rundll.exe>  [bit]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
PID: 700][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1160][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  [N/A, N/A]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1764][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 124]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2209]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll]  [Kaspersky Lab, 5.0.388.1]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 1896][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.2209]
[PID: 1904][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.2209]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2209]
[PID: 1924][D:\Program Files\D-Tools\daemon.exe]  [DAEMON'S HOME, 3.47.0.0]
    [C:\WINDOWS\daemon.dll]  [N/A, 3.47.0.0]
    [D:\Program Files\D-Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [D:\Program Files\D-Tools\Plugins\Images\bw5mount.dll]  [N/A, 1.0.2.0]
    [D:\Program Files\D-Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.02.0.0]
    [D:\Program Files\D-Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.01.0.0]
    [D:\Program Files\D-Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.02.0.0]
    [D:\Program Files\D-Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
[PID: 2044][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe]  [Adobe Systems Inc., 6.0.1.2004121400]
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs]  [Adobe Systems Inc., 6.0.0.0]
[PID: 352][C:\WINDOWS\system32\rundll.exe]  [bit, 1.00]
[PID: 360][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 376][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
[PID: 600][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1816][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2784][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  [Adobe Systems Incorporated, 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 124]
    [d:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  [Kaspersky Lab, 5.0.388.2]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl]  [Kaspersky Lab, 5.0.388.0]
[PID: 3544][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3800][E:\软件\SREng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

Autorun.inf
[C:\]
[autorun]
open=rundll.exe
shell\open=打开(&O)
shell\open\Command=rundll.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=rundll.exe
[D:\]
[autorun]
open=rundll.exe
shell\open=打开(&O)
shell\open\Command=rundll.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=rundll.exe
[E:\]
[autorun]
open=rundll.exe
shell\open=打开(&O)
shell\open\Command=rundll.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=rundll.exe
[F:\]
[autorun]
open=rundll.exe
shell\open=打开(&O)
shell\open\Command=rundll.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=rundll.exe

【回复“newcenturymoon”的帖子】
怎么把日志都发上来，一个txt的文档