lqhu - 2006-3-14 17:25:00
大哥及其他兄弟帮帮我
每次开机都会修改注册表,中文输入无法选择,无法输入中文,(WORD能输入,但不知道是什么输入法)
附件:
6020262006314172544.bmp
baohe - 2006-3-14 17:29:00
【回复“lqhu”的帖子】
检查ctfmon.exe或CTFMON.EXE的MD5值。
lqhu - 2006-3-14 17:33:00
how to check
Tks
lqhu - 2006-3-14 17:37:00
怎样检查,能说得详细点吗
baohe - 2006-3-14 17:38:00
| 引用: |
【lqhu的贴子】how to check
Tks
........................... |
附件:
1558472006314173836.jpg
lqhu - 2006-3-14 17:42:00
一样的
baohe - 2006-3-14 17:43:00
| 引用: |
【lqhu的贴子】一样的
........................... |
看图。设置好后,重启,再观察。
附件:
1558472006314174339.jpg
lqhu - 2006-3-14 17:53:00
设置好后,重启,一样的
baohe - 2006-3-14 17:55:00
| 引用: |
【lqhu的贴子】设置好后,重启,一样的
........................... |
汗!
SSM又有BUG了?
lqhu - 2006-3-14 17:58:00
据您认为我中毒了吗
baohe - 2006-3-14 18:01:00
| 引用: |
【lqhu的贴子】据您认为我中毒了吗
........................... |
扫个HijackThis日志看看
lqhu - 2006-3-14 18:02:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 18:01:26, 日期 2006-03-14
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
d:\Program Files\ProcessGuard\dcsuserprot.exe
c:\program files\ninetowns corp\icsp_sm\icsp.remoteservice.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\rising\Rav\RavTask.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
F:\TEMP\HijackThis1991zww汉化版\HijackThis1991zww.exe
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] ; C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [IMSCMIG40W] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - “启动”文件夹: 启动 Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\system32\fmrsslink.dll/201
O8 - IE右键菜单中的新增项目: 导入当前页到超星阅览器(&A) - C:\Program Files\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导入选中部分到超星阅览器(&S) - C:\Program Files\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 浏览器额外的按钮: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120092918718
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31324CE7-2E24-45EA-9597-957B2A50D383}: NameServer = 202.96.104.16,202.96.104.17
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - NT 服务: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - Unknown owner - d:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - NT 服务: ninetowns_iCSP_sm - 九城口岸软件科技有限公司 - c:\program files\ninetowns corp\icsp_sm\icsp.remoteservice.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
baohe - 2006-3-14 18:06:00
【回复“lqhu”的帖子】
你装的还真全!
有了PG,设置好了,想中毒——都难!
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe以及SSM——可以卸掉了。
请修复下面两项:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
lqhu - 2006-3-14 18:11:00
谢谢,到了这个论坛以后从您的贴子里学的
lqhu - 2006-3-14 18:18:00
我要下线了,非常谢谢,以后有机会的话,再向您请教
© 2000 - 2026 Rising Corp. Ltd.