| 引用: |
【BlackStone的贴子】用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)
工具的下载、使用参考
........................... |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Cmpnt File not found: C:\WINDOWS\system\loadms.exe
+ Control Panel C:\Program Files\Silicon Motion 公司\Silicon Motion 控制程序\Smctrlw.exe
+ CtrlVol c:\program files\acer\launch manager\ctrlvol.exe
+ ExFilter hookdll c:\windows\system32\hookdll.dll
+ HotkeyApp c:\program files\acer\launch manager\hotkeyapp.exe
+ KeyHook File not found: C:\Progra~1\ACER\Launch Manager\KeyHook.exe
+ LaunchAp LAUNCHAP c:\program files\acer\launch manager\launchap.exe
+ LaunchApp LaunchApp MFC Application Wistron Corp. c:\windows\launapp.exe
+ LTSMMSG SoftModem Messaging Applet Lucent Technologies c:\windows\ltsmmsg.exe
+ Nokia Tray Application NclTray Module Nokia Mobile Phones c:\program files\common files\nokia\ncltools\ncltray.exe
+ PowerKey Powerkey Acer c:\program files\acer\launch manager\powerkey.exe
+ RavTask RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtask.exe
+ ServiceLayer ServiceLayer Module Nokia Mobile Phones c:\program files\common files\nokia\services\servicelayer.exe
+ StormCodec_Helper c:\program files\ringz studio\storm codec\stormset.exe
+ SynTPEnh Synaptics TouchPad Enhancements Synaptics, Inc. c:\program files\synaptics\syntp\syntpenh.exe
+ SynTPLpr TouchPad Driver Helper Application Synaptics, Inc. c:\program files\synaptics\syntp\syntplpr.exe
+ Wbutton newapp MFC Application c:\program files\acer\launch manager\wbutton.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ Adobe Gamma Loader.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ PCSuiteForNokia7650 Detect.lnk ConnMngmntBox Module Symbian Ltd. c:\program files\nokia\pc suite for nokia 7650\connmngmntbox.exe
+ PCSuiteForNokia7650 TS.lnk ECTaskScheduler Module c:\program files\nokia\pc suite for nokia 7650\ectaskscheduler.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ MSNShell c:\program files\msnshell\bin\msnshell.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ AcroIEHlprObj Class AcroIEHelper Module c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
+ Infofo 工具栏 珊瑚虫 Infofo 工具栏 珊瑚虫工作室 泰格工作室 c:\program files\infofo bar\infofobar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864 c:\windows\web\related.htm
Task Scheduler
+ Symantec NetDetect.job Symantec NetDetect Symantec Corporation c:\program files\symantec\liveupdate\ndetect.exe
HKLM\System\CurrentControlSet\Services
+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe
+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ac97intc Intel(r) Integrated Controller Hub Audio Driver Intel Corporation c:\windows\system32\drivers\ac97intc.sys
+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys
+ cs429x Crystal AC9x WDM Driver Cirrus Logic, Inc. c:\windows\system32\drivers\cwawdm.sys
+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys
+ HOOKAPI HOOKAPI Driver 瑞星软件有限公司 c:\program files\rising\rav\hookapi.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys
+ HookReg c:\program files\rising\rav\hookreg.sys
+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys
+ ids00026 File not found: C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
+ LucentSoftModem SoftModem Device Driver Lucent Technologies c:\windows\system32\drivers\ltsm.sys
+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys
+ MSTabBtn Wistron Tablet PC Buttons HID Driver Wistron c:\windows\system32\drivers\mstabbtn.sys
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. c:\program files\tencent\qq\npkcrypt.sys
+ NSCIRDA NSC Fast Infrared Driver. National Semiconductor Corporation c:\windows\system32\drivers\nscirda.sys
+ O2SCBUS OZSCR O2Micro c:\windows\system32\drivers\ozscr.sys
+ POWERKEY c:\program files\acer\launch manager\powerkey.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ rtl8139 Realtek RTL8139/810X Family NDIS 5.1 Drv Realtek Semiconductor Corporation c:\windows\system32\drivers\r8139n51.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ smimini Silicon Motion Video Miniport Driver Silicon Motion Inc. c:\windows\system32\drivers\smiminib.sys
+ SymEvent Symantec Event Library Symantec Corporation c:\program files\symantec\symevent.sys
+ SynTP Synaptics Touchpad Driver Synaptics, Inc. c:\windows\system32\drivers\syntp.sys
+ Wbutton c:\windows\system32\drivers\wbutton.sys
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\System32\TMC100~1.SCR Screenweaver SE Screensaver Engine Grooveware Multimedia c:\windows\system32\tm c100 screensaver.scr
