12345   3  /  5  页   跳转

帮帮忙!!开机后自动运行。

收藏
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-29 14:20 | 短消息 资料
字号: 21楼

把认为有问题的desktop.ini删除试试
gototop
 
09090330
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2005-11-28
  • 来自:
发表于: 2005-11-29 14:41 | 只看楼主 短消息 资料
字号: 22楼

我把卡卡助手中查找到启动项里的desktop.ini项删了,还是不行,这个东东真难弄。。。
想问一下注删中能找到这个程序吗?
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-29 14:45 | 短消息 资料
字号: 23楼

再用Autoruns保存一个日志发上来

保存日志时注意选择Options->Hide Microsoft Entries菜单项和Options->Verify Code signatures(设置了这项后点工具栏的刷新按钮)
gototop
 
09090330
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2005-11-28
  • 来自:
发表于: 2005-11-29 14:55 | 只看楼主 短消息 资料
字号: 24楼

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KAVPersonal50Kaspersky Anti-Virus GUI PartKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kav.exe

HKLM\System\CurrentControlSet\Services
kavsvcKaspersky Anti-Virus ServiceKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
金山毒霸2005\
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\flashget\jccatch.dll
QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\qq\qqiehelper.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions&FlashGetFlashGetAmaze Softd:\program files\flashget\flashget\flashget.exe
访问卡卡社区File not found: http://www.ikaka.com
访问瑞星网站File not found: http://www.rising.com.cn
腾讯QQQQTENCENTd:\program files\qq\qq.exe
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-29 15:11 | 短消息 资料
字号: 25楼

奇怪了,没有可疑的启动项

把procexp的日志贴上一份上来看看

保存日志时注意不要关闭那个启动显示的窗口。
gototop
 
09090330
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2005-11-28
  • 来自:
发表于: 2005-11-29 15:24 | 只看楼主 短消息 资料
字号: 26楼

ProcessPIDCPUDescriptionCompany Name
System Idle Process088.99
Interruptsn/aHardware Interrupts
DPCsn/aDeferred Procedure Calls
System40.92
  smss.exe436Windows NT Session ManagerMicrosoft Corporation
  csrss.exe492Client Server Runtime ProcessMicrosoft Corporation
  winlogon.exe516Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE5603.67Services and Controller appMicrosoft Corporation
    SVCHOST.EXE768Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE820Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE888Generic Host Process for Win32 ServicesMicrosoft Corporation
      wscntfy.exe1224Windows Security Center Notification AppMicrosoft Corporation
    SVCHOST.EXE1004Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1120Generic Host Process for Win32 ServicesMicrosoft Corporation
    netdde.exe1576Network DDE - DDE CommunicationMicrosoft Corporation
    clipsrv.exe1692Windows NT DDE ServerMicrosoft Corporation
    kavsvc.exe1736
    SVCHOST.EXE1792Generic Host Process for Win32 ServicesMicrosoft Corporation
    alg.exe1216Application Layer Gateway ServiceMicrosoft Corporation
    LSASS.EXE572LSA Shell (Export Version)Microsoft Corporation
explorer.exe16002.75Windows ExplorerMicrosoft Corporation
kav.exe1996
iexplore.exe1132Internet ExplorerMicrosoft Corporation
WinRAR.exe3168
  procexp.exe35243.67Sysinternals Process ExplorerSysinternals

Process: System Idle Process Pid: 0

TypeName
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-29 15:28 | 短消息 资料
字号: 27楼

再发一个关掉那个窗口的日志上来
gototop
 
09090330
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2005-11-28
  • 来自:
发表于: 2005-11-29 15:31 | 只看楼主 短消息 资料
字号: 28楼

ProcessPIDCPUDescriptionCompany Name
System Idle Process050.45
Interruptsn/a0.90Hardware Interrupts
DPCsn/a1.80Deferred Procedure Calls
System40.90
  smss.exe436Windows NT Session ManagerMicrosoft Corporation
  csrss.exe4922.70Client Server Runtime ProcessMicrosoft Corporation
  winlogon.exe516Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE5604.50Services and Controller appMicrosoft Corporation
    SVCHOST.EXE768Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE820Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE8880.90Generic Host Process for Win32 ServicesMicrosoft Corporation
      wscntfy.exe1224Windows Security Center Notification AppMicrosoft Corporation
    SVCHOST.EXE1004Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1120Generic Host Process for Win32 ServicesMicrosoft Corporation
    netdde.exe1576Network DDE - DDE CommunicationMicrosoft Corporation
    clipsrv.exe1692Windows NT DDE ServerMicrosoft Corporation
    kavsvc.exe17361.80
    SVCHOST.EXE17920.90Generic Host Process for Win32 ServicesMicrosoft Corporation
    alg.exe1216Application Layer Gateway ServiceMicrosoft Corporation
    LSASS.EXE5721.80LSA Shell (Export Version)Microsoft Corporation
explorer.exe16001.80Windows ExplorerMicrosoft Corporation
kav.exe1996
iexplore.exe1132Internet ExplorerMicrosoft Corporation
WinRAR.exe3168
  procexp.exe342431.53Sysinternals Process ExplorerSysinternals
NOTEPAD.EXE1268记事本Microsoft Corporation

Process: Procexp Pid: -2

TypeName
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-29 15:59 | 短消息 资料
字号: 29楼

真是奇怪看不出来

再发个procexp日志上来
保存时选择Options->Verify Image Signatures菜单项,再刷新
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-29 16:09 | 短消息 资料
字号: 30楼

1)再桌面上右键单击选择属性
2)切换到桌面页签,单击自定义桌面按钮
3)切换到Web页看看图中两项是什么?

附件附件:

下载次数:0
文件类型:image/pjpeg
文件大小:
上传时间:2005-11-29 16:09:59
描述:
gototop
 
<<上一主题|下一主题>>
12345   3  /  5  页   跳转
页面顶部
Powered by Discuz!NT