XP专业版系统
症状:1瑞星升级提示网络设置有问题
2 自动弹出IE
3 HOST文件不能修改(安全模式下修改后还是有)
4 HijackThis修复不了绑定的内容
5 登陆KAKA自动转到音乐网站:((
6 不能卸载软件 安全模式下也不可以
下面是扫描报告
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 11:46:02, 日期 2006-10-20
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\UPHClean\uphclean.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\explorer.exe
D:\hijackthis\HijackThis1991zww.exe
R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\yok\toolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 61.129.115.56 www.hao123.com
O1 - Hosts: 219.139.58.97 www.7b.com.cn
O1 - Hosts: 219.139.58.97 www.7939.com
O1 - Hosts: 61.129.115.56 www.360safe.com
O1 - Hosts: 61.129.115.56 360safe.com
O1 - Hosts: 61.129.115.56 update.360safe.com
O1 - Hosts: 61.129.115.56 dl.360safe.com
O1 - Hosts: 61.129.115.56 bbs.360safe.com
O1 - Hosts: 219.139.58.97 count16.51yes.com
O1 - Hosts: 219.139.58.97 count18.51yes.com
O1 - Hosts: 219.139.58.97 count20.51yes.com
O1 - Hosts: 61.129.115.56 www.btbaicai.com
O1 - Hosts: 61.129.115.56 btbaicai.com
O1 - Hosts: 61.129.115.56 www.pctutu.com
O1 - Hosts: 219.139.58.97 www.7322.com
O1 - Hosts: 219.139.58.97 www.5566.net
O1 - Hosts: 219.139.58.97 www.9991.com
O1 - Hosts: 61.129.115.56 forum.ikaka.com
O1 - Hosts: 61.129.115.56 www.ikaka.com
O1 - Hosts: 219.139.58.97 www.piaoxue.com
O1 - Hosts: 61.129.115.56 forum.jiangmin.com
O1 - Hosts: 61.129.115.56 update.jiangmin.com
O1 - Hosts: 61.129.115.56 post.baidu.com
O1 - Hosts: 61.129.115.56 zhidao.baidu.com
O1 - Hosts: 61.129.115.56 update.rising.com.cn
O1 - Hosts: 61.129.115.56 online.rising.com.cn
O1 - Hosts: 61.129.115.56 dl.pconline.com.cn
O1 - Hosts: 219.139.58.97 space.uwants.com
O1 - Hosts: 219.139.58.97 www.pcav.cn
O1 - Hosts: 219.139.58.97 mopery.hits.io
O1 - Hosts: 219.139.58.97 www.goodmv.cn
O1 - Hosts: 219.139.58.97 www.5566.net
O1 - Hosts: 219.139.58.97 www.piaoxue.com
O1 - Hosts: 219.139.58.97 www.luosoft.com
O1 - Hosts: 219.139.58.97 luosoft.com
O1 - Hosts: 219.139.58.97 www.7255.com
O1 - Hosts: 61.129.115.56 dl.pconline.com.cn
O1 - Hosts: 61.129.115.56 www.spjoy.com
O1 - Hosts: 61.129.115.56 c01.caishow.com
O1 - Hosts: 61.129.115.56 c02.caishow.com
O1 - Hosts: 61.129.115.56 c03.caishow.com
O1 - Hosts: 61.129.115.56 c04.caishow.com
O1 - Hosts: 61.129.115.56 www.caishow.com
O1 - Hosts: 61.129.115.56 union.caishow.com
O1 - Hosts: 61.129.115.56 ad01.a8.com
O1 - Hosts: 61.129.115.56 ad02.a8.com
O1 - Hosts: 61.129.115.56 sg.a8.com
O1 - Hosts: 61.129.115.56 www.adanywhere.cn
O1 - Hosts: 61.129.115.56 ip.adanywhere.cn
O1 - Hosts: 61.129.115.56 ip1.adanywhere.cn
O1 - Hosts: 61.129.115.56 ip2.adanywhere.cn
O1 - Hosts: 61.129.115.56 www.bannerbox.cn
O1 - Hosts: 61.129.115.56 www.caiqiyue.com
O1 - Hosts: 61.129.115.56 toolsbar.kuaiso.com
O1 - Hosts: 61.129.115.56 www.kuaiso.com
O1 - Hosts: 61.129.115.56 www.2t2t.cn
O1 - Hosts: 61.129.115.56 3.a.kal.cn
O1 - Hosts: 61.129.115.56 ip.alexaanywhere.com
O1 - Hosts: 61.129.115.56 go.ipcenter.cn
O1 - Hosts: 61.129.115.56 www.2yin.cn
O1 - Hosts: 61.129.115.56 wwww.systeel.com.cn
O1 - Hosts: 61.129.115.56 go.baibaoxiang.cn
O1 - Hosts: 61.129.115.56 www.gao58.com
O1 - Hosts: 61.129.115.56 www.2tu.cn
O1 - Hosts: 61.129.115.56 www.91tu.cn
O1 - Hosts: 61.129.115.56 www.haotop.com
O1 - Hosts: 61.129.115.56 news01.virussky.com
O1 - Hosts: 61.129.115.56 news02.virussky.com
O1 - Hosts: 61.129.115.56 news03.virussky.com
O1 - Hosts: 61.129.115.56 news04.virussky.com
O1 - Hosts: 61.129.115.56 news40.virussky.com
O1 - Hosts: 61.129.115.56 news41.virussky.com
O1 - Hosts: 61.129.115.56 news42.virussky.com
O1 - Hosts: 61.129.115.56 www.an85.com
O1 - Hosts: 61.129.115.56 an85.com
O1 - Hosts: 61.129.115.56 www.ycdy.com
O1 - Hosts: 61.129.115.56 ycdy.com
O1 - Hosts: 61.129.115.56 down.virussky.com
O1 - Hosts: 61.129.115.56 update.virussky.com
O1 - Hosts: 61.129.115.56 www.maipao.com
O1 - Hosts: 61.129.115.56 www.sina-baidu.com
O1 - Hosts: 61.129.115.56 www.maohehe.com
O1 - Hosts: 61.129.115.56 www.1717kan.cn
O1 - Hosts: 61.129.115.56 www.feixue.net
O1 - Hosts: 61.129.115.56 www.xingkongitv.com
O1 - Hosts: 61.129.115.56 about-blank.cc
O1 - Hosts: 61.129.115.56 www.xfkz.com
O1 - Hosts: 61.129.115.56 xfkz.com
O1 - Hosts: 61.129.115.56 www.365tan.com
O1 - Hosts: 61.129.115.56 cg.9e3.com
O1 - Hosts: 61.129.115.56 www.qqplayer.net
O1 - Hosts: 61.129.115.56 www.sosok.com
O1 - Hosts: 61.129.115.56 img.zhangxiu.com
O1 - Hosts: 61.129.115.56 www.okeaa.com
O1 - Hosts: 61.129.115.56 www.winopen.cn
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [yok.exe] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yok\yok.dll,Rundll32
O4 - 启动项HKLM\\Run: [R] C:\WINDOWS\system32\rundll32.exe ctfmon.dll s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: &使用迷你迅雷下载 - C:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 查看 Exif 信息(&V) - res://C:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O23 - NT 服务: TP-LINK 配置服务 (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
