【回复“andy88”的帖子】
C:\WINNT\system32\envsec.exe
请将这个文件打包，发到：baohelin@yahoo.com.cn

www.sysinternals.com/Files/Autoruns.zip

保存一个日志发上来

具体可参考这个

10楼　邮件以发出～
11楼　保存日志干什么？你的意思我没懂～

我怎么能清理掉它呢？

引用:

【andy88的贴子】10楼　邮件以发出～ 11楼　保存日志干什么？你的意思我没懂～ ...........................

用autoruns保存个日志，看看你的问题

引用:

【BlackStone的贴子】 用autoruns保存个日志，看看你的问题 ...........................

不会啊！你那个是什么界面？

这个怎么传附件，我以经保存了，但是传不上来

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINNT\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ MINI_BFYY三代科技 版权所有 (C) 2004 - 2005深圳市三代科技开发有限公司d:\program files\ringz studio\storm downloader\stormdownloader.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ StormCodec_Helperd:\program files\ringz studio\storm codec\stormset.exe

+ Synchronization ManagerMicrosoft Synchronization ManagerMicrosoft Corporationc:\winnt\system32\mobsync.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

+ TVTray\

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Internat.exeKeyboard Language Indicator AppletMicrosoft Corporationc:\winnt\system32\internat.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Pollerc:\winnt\system32\ati2evxx.exe

+ Autodesk Licensing ServiceAnchor service for Autodesk products licensed with SafeCastAutodesk, Inc.c:\program files\common files\autodesk shared\service\adskscsrv.exe

+ Browser维护网络上计算机的最新列表以及提供这个列表给请求的程序。Microsoft Corporationc:\winnt\system32\services.exe

+ C-DillaSrvC-Dilla RTS ServiceC-Dilla Ltdc:\winnt\system32\drivers\cdantsrv.exe

+ Dhcp通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。Microsoft Corporationc:\winnt\system32\services.exe

+ dmserver逻辑磁盘管理器监视狗服务Microsoft Corporationc:\winnt\system32\services.exe

+ Dnscache解析和缓冲域名系统 (DNS) 名称。Microsoft Corporationc:\winnt\system32\services.exe

+ EnvSecc:\winnt\system32\envsec.exe

+ Eventlog记录程序和 Windows 发送的事件消息。事件日志包含对诊断问题有所帮助的信息。您可以在“事件查看器”中查看报告。Microsoft Corporationc:\winnt\system32\services.exe

+ lanmanserver提供 RPC 支持、文件、打印以及命名管道共享。Microsoft Corporationc:\winnt\system32\services.exe

+ lanmanworkstation提供网络链结和通讯。Microsoft Corporationc:\winnt\system32\services.exe

+ LmHosts允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。Microsoft Corporationc:\winnt\system32\services.exe

+ Messenger发送和接收系统管理员或者“警报器”服务传递的消息。Microsoft Corporationc:\winnt\system32\services.exe

+ NtmsSvc管理可移动媒体、驱动程序和库。Microsoft Corporationc:\winnt\system32\svchost.exe

+ PlugPlay管理设备安装以及配置，并且通知程序关于设备更改的情况。Microsoft Corporationc:\winnt\system32\services.exe

+ PolicyAgent管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。Microsoft Corporationc:\winnt\system32\lsass.exe

+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。Microsoft Corporationc:\winnt\system32\services.exe

+ RemoteRegistry允许远程注册表操作。Microsoft Corporationc:\winnt\system32\regsvc.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\winnt\system32\svchost.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\winnt\system32\lsass.exe

+ Schedule允许程序在指定时间运行。Microsoft Corporationc:\winnt\system32\mstask.exe

+ seclogon在不同凭据下启用启动过程Microsoft Corporationc:\winnt\system32\services.exe

+ SENS跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\winnt\system32\svchost.exe

+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\winnt\system32\spoolsv.exe

+ StiSvcStill Image Devices MonitorMicrosoft Corporationc:\winnt\system32\stisvc.exe

+ TrkWks当文件在网络域的 NTFS 卷中移动时发送通知。Microsoft Corporationc:\winnt\system32\services.exe

+ WinMgmt提供系统管理信息。Microsoft Corporationc:\winnt\system32\wbem\winmgmt.exe

+ wuauserv从 Windows Update 启用重要的 Windows 更新的下载和安装。如果禁用该服务，操作系统可以在 Windows Update Web 网站手动更新。Microsoft Corporationc:\winnt\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 5Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ CRLUpdateUPDCRLMicrosoft Corporationc:\winnt\system32\updcrl.exe

+ EnableRevocationMicrosoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\winnt\system32\ie4uinit.exe

+ Internet Explorer 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ Outlook Express 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\winnt\inf\unregmp2.exe

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ 自定义浏览器Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\winnt\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ Network.ConnectionTrayNetwork Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\winnt\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ jetAudioShell Extension for jetAudioJetAudio, Inc.d:\program files\jetaudio\jetflext.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realone player\rpshell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar2.dll

+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll

+ IEHlprObj ClassIEHelper Modulec:\winnt\system32\qylhelper.dll

+ Infofo 工具栏珊瑚虫 Infofo 工具栏珊瑚虫工作室 泰格工作室c:\program files\infofo bar\infofobar.dll

+ ThunderIEHelper Classxunleibho Modulec:\winnt\system32\xunleibho_v4.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll

+ 新浪点点通\

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe

+ 豪杰超级解霸V8c:\herosoft\herov8\sthsdvd.exe

+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司d:\program files\浩方对战平台\gameclient.exe

+ 网址大全File not found: http://www.coc.cc

+ 易趣购物File not found: http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn

+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\winnt\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\winnt\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ apihookdll.dllc:\winnt\system32\apihookdll.dll

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\winnt\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\winnt\system32\comdlg32.dll

+ DllDirectoryc:\winnt\system32

+ gdi32GDI Client DLLMicrosoft Corporationc:\winnt\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\winnt\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\winnt\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\winnt\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\ole32.dll

+ oleaut32Microsoft Corporationc:\winnt\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\winnt\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\winnt\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\winnt\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\winnt\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ user32Windows 2000 USER API Client DLLMicrosoft Corporationc:\winnt\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\winnt\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\winnt\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\winnt\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdllOffline Network AgentMicrosoft Corporationc:\winnt\system32\cscdll.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\winnt\system32\wlnotify.dll

+ wzcnotifWireless Zero Configuration Service UIMicrosoft Corporationc:\winnt\system32\wzcdlg.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BC583E6-FF85-48B8-AFC1-67824E03F7C9}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BC583E6-FF85-48B8-AFC1-67824E03F7C9}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACBB62D2-9844-4B2C-809E-C7082A4D9C5A}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACBB62D2-9844-4B2C-809E-C7082A4D9C5A}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADD91916-50F7-4F76-BEB2-585378D9DC6C}] DATAGRAM 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADD91916-50F7-4F76-BEB2-585378D9DC6C}] SEQPACKET 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B653099E-CF14-4715-817C-29A902B2194F}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B653099E-CF14-4715-817C-29A902B2194F}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E88FD801-A696-47A0-BD73-13B83E53AAB2}] DATAGRAM 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E88FD801-A696-47A0-BD73-13B83E53AAB2}] SEQPACKET 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1D493F6-E495-4C10-B9AD-651D1A9F8DF4}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1D493F6-E495-4C10-B9AD-651D1A9F8DF4}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

不会传附件我分两部分粘上的！是连着的一点没丢