本帖最后由 pcl_test 于 2016-7-13 00:28 编辑
1.txt中- 2011-06-15,15:22:33
- System Repair Engineer 2.8.4.1331
- Smallfrogs (http://www.KZTechs.com)
- Windows 7 Ultimate Edition (Build 7600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 计划任务
- Windows 安全更新检查
- API HOOK
- 隐藏进程
-
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
- <Beike Antiarp><"C:\Program Files\Beike\Antiarp\beikearpmain.exe" -startup> [(Verified)Beike Internet Security Technology Co.,Ltd]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <Apoint><C:\Program Files\DellTPad\Apoint.exe> [(Verified)Alps Electric Co., LTD.]
- <StartCCC><"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun> [File is missing]
- <wdcertm_ccb><C:\Windows\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe> [ Beijing WatchData System Co., Ltd.]
- <USBKeyTools.exe><C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe> [北京华大智宝电子系统有限公司]
- <CCBCertificate><C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe> []
- <avast><"C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui> [(Verified)AVAST Software]
- <Beike Antiarp><"C:\Program Files\Beike\Antiarp\beikearpmain.exe" -startup> [(Verified)Beike Internet Security Technology Co.,Ltd]
- <360Safetray><"C:\Program Files\360\360safe\safemon\360Tray.exe" /start> [(Verified)360.cn]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows]
- <Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <WebCheck><> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
- <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><C:\Windows\System32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
- <Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Windows><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
- <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
- <Web Platform Customizations><C:\Windows\System32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
- <N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><C:\Windows\system32\Bubbles.scr> [(Verified)Microsoft Windows]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [AMD External Events Utility / AMD External Events Utility][Running/Auto Start]
- <C:\Windows\system32\atiesrxx.exe><AMD>
- [Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
- <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
- [avast! Antivirus / avast! Antivirus][Running/Auto Start]
- <"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"><AVAST Software>
- ==================================
- 浏览器加载项
- [迅雷FLV视频嗅探及下载支持]
- {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <d:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [迅雷下载支持]
- {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [avast! WebRep]
- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} <C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll, (Signed) >
- ==================================
- 正在运行的进程
- [PID: 332 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
- [PID: 468 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
- [PID: 536 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
-
-
- ==================================
- 文件关联
- .TXT Error. [C:\Windows\notepad.exe %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["%SystemRoot%\hh.exe" %1]
- .HLP Error. []
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS Error. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- [C:\]
- [AutoRun]
- ICON = c.ico
- [D:\]
- [AutoRun]
- ICON = d.ico
- [E:\]
- [AutoRun]
- ICON = e.ico
- [F:\]
- [AutoRun]
- ICON = f.ico
- ==================================
- HOSTS
- N/A
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeDebugPrivilege [PID = 2892, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 3956, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
- ==================================
- 计划任务
- N/A
- ==================================
- Windows 安全更新检查
- N/A
- ==================================
- API HOOK
- 入口点错误:SetWindowsHookExA (危险等级: 高, 被下面模块所HOOK: 0x001F00AD)
- 入口点错误:SetWindowsHookExW (危险等级: 高, 被下面模块所HOOK: 0x001F00E9)
- 入口点错误:UnhookWindowsHookEx (危险等级: 高, 被下面模块所HOOK: 0x001F0125)
- ==================================
- 隐藏进程
- N/A
- ==================================
实际上是SREnglog.log中的文本处理:希望能够知输出autorun.inf 部分的内容,
谢谢
能不能截取中间一部分到2.txt- Autorun.inf
- [C:\]
- [AutoRun]
- ICON = c.ico
- [D:\]
- [AutoRun]
- ICON = d.ico
- [E:\]
- [AutoRun]
- ICON = e.ico
- [F:\]
- [AutoRun]
- ICON = f.ico
| 
发表于 2011-6-15 16:15
| 
发表于 2011-6-15 18:20
| 
发表于 2011-6-15 21:37
| 