瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】系统启动时有CMD.EXE,如何取消??
qwe0023 - 2007-5-20 22:51:00
系统启动时有CMD.EXE,用卡巴杀毒没有发现病毒,CPU占用不高,但每次启动都有,用360看看,见下图

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kis><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[InterBase Guardian / InterBaseGuardian][Stopped/Manual Start]
  <d:\Delphi7\InterBase\bin\ibguard.exe><Borland Software Corporation>
[InterBase Server / InterBaseServer][Stopped/Manual Start]
  <d:\Delphi7\InterBase\bin\ibserver.exe><Borland Software Corporation>
[Machine Debug Manager / MDM][Stopped/Disabled]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[OracleMTSRecoveryService / OracleMTSRecoveryService][Running/Auto Start]
  <d:\oracle\ora92\bin\omtsreco.exe "OracleMTSRecoveryService"><Oracle Corporation>
[OracleOraHome92Agent / OracleOraHome92Agent][Running/Auto Start]
  <d:\oracle\ora92\bin\agntsrvc.exe><Oracle Corporation>
[OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start]
  <d:\oracle\ora92\BIN\ONRSD.EXE><N/A>
[OracleOraHome92HTTPServer / OracleOraHome92HTTPServer][Stopped/Manual Start]
  <"d:\oracle\ora92\Apache\Apache\apache.exe" --ntservice><N/A>
[OracleOraHome92PagingServer / OracleOraHome92PagingServer][Stopped/Manual Start]
  <d:\oracle\ora92/bin/pagntsrv.exe><N/A>
[OracleOraHome92SNMPPeerEncapsulator / OracleOraHome92SNMPPeerEncapsulator][Stopped/Manual Start]
  <d:\oracle\ora92\BIN\ENCSVC.EXE><N/A>
[OracleOraHome92SNMPPeerMasterAgent / OracleOraHome92SNMPPeerMasterAgent][Stopped/Manual Start]
  <d:\oracle\ora92\BIN\AGNTSVC.EXE><N/A>
[OracleOraHome92TNSListener / OracleOraHome92TNSListener][Running/Auto Start]
  <d:\oracle\ora92\BIN\TNSLSNR ><N/A>
[OracleServiceNCJY / OracleServiceNCJY][Running/Auto Start]
  <d:\oracle\ora92\bin\ORACLE.EXE NCJY><Oracle Corporation>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Stopped/Manual Start]
  <"C:\Program Files\Cyberlink\Shared files\RichVideo.exe"><>
[VMware Authorization Service / VMAuthdService][Running/Auto Start]
  <D:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Running/Auto Start]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2][Running/Auto Start]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Running/Auto Start]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
[Network Management Center Task / W32Tasks][Stopped/Auto Start]
  <><N/A>
[Windows Audio Server / Windows Audio Server][Stopped/Auto Start]
  <><N/A>

==================================
驱动程序
[Api Drivers / Api][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\Api.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Legacy Driver / NVENET][Running/Manual Start]
  <system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\C:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[usb token Device Driver / token][Stopped/Manual Start]
  <system32\DRIVERS\eps2kt1.sys><>
[USB to Serial Bridge Controller / usb2vcom][Stopped/Manual Start]
  <System32\Drivers\usb2vcom.sys><Ark Pioneer Microelectronics Ltd.>
[vaxscsi / vaxscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware USB Client Driver / vmusb][Stopped/Manual Start]
  <System32\Drivers\vmusb.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Vstor2 Virtual Storage Driver / vstor2][Running/Auto Start]
  <\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>
[Winbond GPIO Driver1 / WBHWDOCT][Stopped/Manual Start]
  <System32\drivers\WBHWDOCT.sys><Winbond Electronics Corp.>



附件: 8776302007520224124.jpg
qwe0023 - 2007-5-20 22:52:00
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[AddSHCARoot Control]
  {098A3F72-3110-4004-B954-2F9DC44934B4} <C:\WINDOWS\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\Downloaded Program Files\certInStall.dll, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\DOWNLO~1\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[cardctl Class]
  {B753331A-9543-41D2-83B2-492E5ADB7911} <C:\WINDOWS\system32\ICCARD~1.DLL, Infosec Technologies Co., Ltd.>
[CSetLET Class]
  {C35D7AE1-0865-4A30-BF07-29FA29324155} <C:\WINDOWS\DOWNLO~1\GDSetLET.dll, >
[AxUSBKey Class]
  {DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINDOWS\DOWNLO~1\USBKey.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 584][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 164][C:\WINDOWS\system32\SafeSignCertReg.exe]  [A.E.T. Europe B.V., 1.0.9.29]
[PID: 868][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508][d:\oracle\ora92\bin\ORACLE.EXE]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\oraclient9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\oracore9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oranls9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oraunls9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oravsn9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\oracommon9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\orageneric9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\oraxml9.dll]  [Oracle Corporation, ]
    [d:\oracle\ora92\bin\oraxsd9.dll]  [Oracle Corporation, ]
    [d:\oracle\ora92\bin\orannzsbb9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oran9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oranl9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oranldap9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oraldapclnt9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orancrypt9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\ORATRACE9.dll]  [N/A, ]
    [d:\oracle\ora92\bin\oranro9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oranhost9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oranoname9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orancds9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orantns9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oranms.dll]  [Oracle Corporation, 9.2.0.0.0]
    [d:\oracle\ora92\bin\oranmsp.dll]  [Oracle Corporation, 9.2.0.0.0]
    [d:\oracle\ora92\bin\orapls9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\oraslax9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orasnls9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orawtc9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\orasql9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\oraodm9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\oraplp9.dll]  [Oracle Corporation, 9.2.0.1.0 Production ]
    [d:\oracle\ora92\bin\orajox9.dll]  [N/A, ]
    [d:\oracle\ora92\bin\oransgr9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orawwg9.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora92\bin\ocijdbc9.dll]  [N/A, ]
    [d:\oracle\ora92\BIN\ORAIMR9.Dll]  [Oracle Corporation, 9.2.0.1.0]
    [d:\oracle\ora92\bin\oranbeq9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orannts9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
    [d:\oracle\ora92\bin\orantcp9.dll]  [Oracle Corporation, 9.2.0.1.0 Production]
[PID: 2552][G:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [G:\sreng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE86B25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE86D67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE86F0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE86C49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xBAE86E8F)
qwe0023 - 2007-5-21 10:30:00
风吹过的树叶 - 2007-5-21 11:26:00
那个CMD.EXE应该是正常的,LZ可能中了其他的毒,期待高手解答
qwe0023 - 2007-5-21 11:41:00
我是lz,用System Repair Engineer扫描的日志贴出来了,用卡巴、瑞星、金山等都没杀出什么来,启动项目中也没有,就是系统启动后要自己运行,但是内存和CPU占用都不高啊
qwe0023 - 2007-5-21 11:42:00
抓的图


loveperday - 2007-5-21 11:47:00
如果你手动结束掉,会有影响么?
agee - 2007-5-21 11:50:00
日志看不出什么问题
那个cmd进程也是系统进程,看不出异常
qwe0023 - 2007-5-21 11:54:00
手动结束后没影响,而且不会再出来,除非重新启动,我安装了VS2005、oracle,是不是这个有影响
loveperday - 2007-5-21 12:11:00
http://zhidao.baidu.com/question/25258899.html
看看这个文章对你有帮助么?
qwe0023 - 2007-5-22 16:43:00
楼上的,没用的,问题还没解决,郁闷
1
查看完整版本: 【求助】系统启动时有CMD.EXE,如何取消??
© 2000 - 2026 Rising Corp. Ltd.