瑞星卡卡安全论坛

Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 4. 5
Scan saved at 16:04:49, on 2007-02-03
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1; (6.00.2800.1106)


O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [08cgu2dmz6] C:\WINNT\winlog0n.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "D:\PROGRA~1\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [runeip] D:\PROGRA~1\卡卡\runiep.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder\Program\GetAllUrl.htm
O9 - Extra Button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559}? -
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Program Files\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Program Files\Thunder\Thunder.exe
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F8D798-05C2-4BC7-8A1F-0D4911904FFA}: NameServer = 61.153.177.201 61.153.177.197
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: wzcnotif
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\progra~1\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\progra~1\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "D:\PROGRA~1\Rising\Rav\CCenter.exe"
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\PROGRA~1\Rising\Rav\Ravmond.exe"

[smss.exe]
PID = 0x8c
CommandLine =
smss.exe
0x48580000
C:\WINNT\system32\smss.exe
5.00.2195.6601
Microsoft Corporation
Windows NT Session Manager
2003-06-19 04:05:04

ntdll.dll
0x77f80000
C:\WINNT\system32\NTDLL.DLL
5.00.2195.6899
Microsoft Corporation
NT Layer DLL
2004-03-24 10:15:22

sfcfiles.dll
0x67720000
C:\WINNT\system32\sfcfiles.dll
5.00.2195.6894
Microsoft Corporation
Windows 2000 System File Checker
2004-03-24 10:15:20




[csrss.exe]
PID = 0xa4
CommandLine = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe
0x5fff0000
c:\winnt\system32\csrss.exe
5.00.2195.6601
Microsoft Corporation
Client Server Runtime Process
2003-06-19 04:05:04

ntdll.dll
0x77f80000
C:\WINNT\system32\NTDLL.DLL
5.00.2195.6899
Microsoft Corporation
NT Layer DLL
2004-03-24 10:15:22

CSRSRV.dll
0x5ff80000
C:\WINNT\system32\csrsrv.dll
5.00.2195.6601
Microsoft Corporation
Client Server Runtime Process
2003-06-19 04:05:04

basesrv.dll
0x5ff90000
C:\WINNT\system32\BASESRV.DLL
5.00.2195.6824
Microsoft Corporation
Windows NT BASE API Server DLL
2004-03-24 10:15:20

winsrv.dll
0x5ffa0000
C:\WINNT\system32\WINSRV.DLL
5.00.2195.6826
Microsoft Corporation
Windows Server DLL
2004-03-24 10:15:20

USER32.dll
0x77df0000
C:\WINNT\system32\USER32.DLL
5.00.2195.6897
Microsoft Corporation
Windows 2000 USER API Client DLL
2004-03-24 10:15:16

KERNEL32.DLL
0x77e60000
C:\WINNT\system32\KERNEL32.DLL
5.00.2195.6897
Microsoft Corporation
Windows NT BASE API Client DLL
2004-03-24 10:15:22

GDI32.DLL
0x77f40000
C:\WINNT\system32\GDI32.DLL
5.00.2195.6898
Microsoft Corporation
GDI Client DLL
2004-03-23 18:15:16




[winlogon.exe]
PID = 0xb8
CommandLine = winlogon.exe
winlogon.exe
0x1000000
c:\winnt\system32\winlogon.exe
5.00.2195.6898
Microsoft Corporation
Windows NT Logon Application
2004-03-24 09:23:34

ntdll.dll
0x77f80000
C:\WINNT\system32\NTDLL.DLL
5.00.2195.6899
Microsoft Corporation
NT Layer DLL
2004-03-24 10:15:22

MSVCRT.DLL
0x78000000
C:\WINNT\system32\msvcrt.dll
6.10.9844.0
Microsoft Corporation
Microsoft (R) C Runtime Library
2003-06-19 04:05:04

KERNEL32.dll
0x77e60000
C:\WINNT\system32\KERNEL32.DLL
5.00.2195.6897
Microsoft Corporation
Windows NT BASE API Client DLL
2004-03-24 10:15:22

ADVAPI32.DLL
0x796d0000
C:\WINNT\system32\ADVAPI32.DLL
5.00.2195.6876
Microsoft Corporation
Advanced Windows 32 Base API
2004-03-24 10:15:16

RPCRT4.DLL
0x786f0000
C:\WINNT\system32\rpcrt4.dll
5.00.2195.6753
Microsoft Corporation
Remote Procedure Call Runtime
2003-07-05 10:17:18

GDI32.DLL
0x77f40000
C:\WINNT\system32\GDI32.DLL
5.00.2195.6898
Microsoft Corporation
GDI Client DLL
2004-03-23 18:15:16

USER32.DLL
0x77df0000
C:\WINNT\system32\USER32.DLL
5.00.2195.6897
Microsoft Corporation
Windows 2000 USER API Client DLL
2004-03-24 10:15:16

USERENV.DLL
0x794d0000
C:\WINNT\system32\USERENV.DLL
5.00.2195.6794
Microsoft Corporation
Userenv
2004-03-24 10:15:16

NDDEAPI.DLL
0x76940000
C:\WINNT\system32\nddeapi.dll
5.00.2195.6661
Microsoft Corporation
Network DDE Share Management APIs
2003-06-19 04:05:04

SFC.DLL
0x76920000
C:\WINNT\system32\sfc.dll
5.00.2195.6673
Microsoft Corporation
Windows File Protection
2003-06-19 04:05:04

sfcfiles.dll
0x67720000
C:\WINNT\system32\sfcfiles.dll
5.00.2195.6894
Microsoft Corporation
Windows 2000 System File Checker
2004-03-24 10:15:20

SECUR32.DLL
0x797b0000
C:\WINNT\system32\secur32.dll
5.00.2195.6695
Microsoft Corporation
Security Support Provider Interface
2003-06-19 04:05:04

PROFMAP.DLL
0x68830000
C:\WINNT\system32\profmap.dll
5.00.2195.6610
Microsoft Corporation
Userenv
2003-06-19 04:05:04

NETAPI32.dll
0x7cea0000
C:\WINNT\system32\NETAPI32.DLL
5.00.2195.7105
Microsoft Corporation
Net Win32 API DLL
2006-07-14 19:24:32

NTDSAPI.dll
0x77bd0000
C:\WINNT\system32\ntdsapi.dll
5.00.2195.6666
Microsoft Corporation
NT5DS
2003-06-19 04:05:04

DNSAPI.DLL
0x77960000
C:\WINNT\system32\dnsapi.dll
5.00.2195.6824
Microsoft Corporation
DNS Client API DLL
2004-03-24 10:15:16

WSOCK32.DLL
0x74fd0000
C:\WINNT\system32\wsock32.dll
5.00.2195.6603
Microsoft Corporation
Windows Socket 32-Bit DLL
2003-06-19 04:05:04

WS2_32.DLL
0x74fb0000
C:\WINNT\system32\ws2_32.dll
5.00.2195.6601
Microsoft Corporation
Windows Socket 2.0 32-Bit DLL
2003-06-19 04:05:04

WS2HELP.DLL
0x74fa0000
C:\WINNT\system32\ws2help.dll
5.00.2134.1
Microsoft Corporation
Windows Socket 2.0 Helper for Windows NT
2003-07-10 05:58:04

WLDAP32.DLL
0x77930000
C:\WINNT\system32\wldap32.dll
5.00.2195.6666
Microsoft Corporation
Win32 LDAP API DLL
2003-06-19 04:05:04

NETRAP.dll
0x75150000
C:\WINNT\system32\netrap.dll
5.00.2134.1
Microsoft Corporation
Net Remote Admin Protocol DLL
2003-07-10 05:57:42

SAMLIB.dll
0x750e0000
C:\WINNT\system32\samlib.dll
5.00.2195.6897
Microsoft Corporation
SAM Library DLL
2004-03-24 10:15:20

IMM32.DLL
0x75e00000
C:\WINNT\system32\imm32.dll
5.00.2195.6655
Microsoft Corporation
Windows 2000 IMM32 API Client DLL
2003-06-19 04:05:04

msgina.dll
0x77ca0000
C:\WINNT\system32\MSGINA.DLL
5.00.2195.6895
Microsoft Corporation
Windows NT Logon Application
2004-03-24 10:15:18

SHELL32.DLL
0x78f90000
C:\WINNT\system32\shell32.dll
5.00.3700.6705
Microsoft Corporation
Windows Shell Common Dll
2003-06-19 04:05:04

SHLWAPI.DLL
0x70bd0000
C:\WINNT\system32\shlwapi.dll
6.00.2800.1106
Microsoft Corporation
Shell Light-weight Utility Library
2002-08-29 09:32:08

COMCTL32.DLL
0x71710000
C:\WINNT\system32\comctl32.dll
5.81
Microsoft Corporation
Common Controls Library
2002-08-29 09:32:08

WINSTA.DLL
0x64e20000
C:\WINNT\system32\winsta.dll
5.00.2195.6701
Microsoft Corporation
Winstation Library
2003-06-19 04:05:04

WINMM.dll
0x77530000
C:\WINNT\system32\winmm.dll
5.00.2161.1
Microsoft Corporation
MCI API DLL
2003-07-10 05:58:04

setupapi.dll
0x6d990000
C:\WINNT\system32\setupapi.dll
5.00.2195.6622
Microsoft Corporation
Windows Setup API
2003-06-19 04:05:04

2693C6A7.DLL
0x10000000
C:\WINNT\system32\2693C6A7.DLL
5.2.3790.1830
Microsoft Corporation
ASN.2 Runtime APIs
2007-02-03 15:56:34

URLMON.DLL
0x702b0000
C:\WINNT\system32\urlmon.dll
6.00.2800.1106
Microsoft Corporation
OLE32 Extensions for Win32
2002-08-29 09:32:08

ole32.dll
0x77a30000
C:\WINNT\system32\OLE32.DLL
5.00.2195.6769
Microsoft Corporation
Microsoft OLE for Windows
2003-07-05 10:17:18

VERSION.dll
0x777e0000
C:\WINNT\system32\version.dll
5.00.2195.6623
Microsoft Corporation
Version Checking and File Installation Libraries
2003-06-19 04:05:04

LZ32.DLL
0x75950000
C:\WINNT\system32\lz32.dll
5.00.2195.6611
Microsoft Corporation
LZ Expand/Compress API DLL
2003-06-19 04:05:04

WININET.DLL
0x70200000
C:\WINNT\system32\wininet.dll
6.00.2800.1106
Microsoft Corporation
Internet Extensions for Win32
2002-08-29 09:32:08

CRYPT32.dll
0x79c40000
C:\WINNT\system32\CRYPT32.DLL
5.131.2195.6824
Microsoft Corporation
Crypto API32
2004-03-24 10:15:18

MSASN1.DLL
0x773f0000
C:\WINNT\system32\msasn1.dll
5.00.2195.6905
Microsoft Corporation
ASN.1 Runtime APIs
2004-03-24 10:15:18

OLEAUT32.dll
0x77990000
C:\WINNT\system32\oleaut32.dll
2.40.4522
Microsoft Corporation

2003-06-19 04:05:04

cscdll.dll
0x77080000
C:\WINNT\system32\cscdll.dll
5.00.2195.6713
Microsoft Corporation
Offline Network Agent
2003-06-19 04:05:04

WlNotify.dll
0x768c0000
C:\WINNT\system32\wlnotify.dll
5.00.2195.6706
Microsoft Corporation
Common DLL to receive Winlogon notifications
2003-06-19 04:05:04

CERTCLI.DLL
0x75510000
C:\WINNT\system32\certcli.dll
5.00.2195.6619
Microsoft Corporation
Microsoft(R) Certificate Services Client
2003-06-19 04:05:04

ATL.DLL
0x773a0000
C:\WINNT\system32\atl.dll
3.00.9435
Microsoft Corporation
ATL Module for Windows NT (Unicode)
2003-06-19 04:05:04

WINSCARD.DLL
0x76900000
C:\WINNT\system32\winscard.dll
5.00.2195.6609
Microsoft Corporation
Microsoft Smart Card API
2003-06-19 04:05:04

WINSPOOL.DRV
0x777c0000
C:\WINNT\system32\winspool.drv
5.00.2195.6659
Microsoft Corporation
Windows Spooler Driver
2003-06-19 04:05:04

MPR.DLL
0x79b20000
C:\WINNT\system32\mpr.dll
5.00.2195.6824
Microsoft Corporation
Multiple Provider Router DLL
2004-03-24 10:15:20

wdmaud.drv
0x77520000
C:\WINNT\system32\wdmaud.drv
5.00.2195.6673
Microsoft Corporation
WDM Audio driver mapper
2003-06-19 12:05:04

wintrust.dll
0x768d0000
C:\WINNT\system32\WINTRUST.DLL
5.131.2195.6824
Microsoft Corporation
Microsoft Trust Verification APIs
2004-03-24 10:15:18

IMAGEHLP.dll
0x77900000
C:\WINNT\system32\imagehlp.dll
5.00.2195.6613
Microsoft Corporation
Windows NT Image Helper
2003-06-19 04:05:04

mscat32.dll
0x769a0000
C:\WINNT\system32\mscat32.dll
5.131.2134.1
Microsoft Corporation
MSCAT32 Forwarder DLL
2003-07-10 05:57:38

rsaenh.dll
0x7ca00000
C:\WINNT\system32\rsaenh.dll
5.00.2195.6611
Microsoft Corporation
Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
2003-06-19 04:05:04

wzcdlg.dll
0x1750000
C:\WINNT\system32\wzcdlg.dll
5.00.2195.6604
Microsoft Corporation
Wireless Zero Configuration Service UI
2003-06-19 04:05:04

WZCSAPI.DLL
0x1770000
C:\WINNT\system32\wzcsapi.dll
5.00.2195.6604
Microsoft Corporation
Wireless Zero Configuration service API
2003-06-19 04:05:04

cscui.dll
0x77810000
C:\WINNT\system32\cscui.dll
5.00.2195.6705

Microsoft Corporation
Client Side Caching UI
2003-06-19 04:05:04

CLBCATQ.DLL
0x72c50000
C:\WINNT\system32\clbcatq.dll
2000.2.3504.0
Microsoft Corporation

2003-06-19 12:05:04

msacm32.drv
0x773c0000
C:\WINNT\system32\msacm32.drv
5.00.2134.1
Microsoft Corporation
Microsoft Sound Mapper
2003-07-10 05:57:36

MSACM32.dll
0x773d0000
C:\WINNT\system32\msacm32.dll
5.00.2134.1
Microsoft Corporation
Microsoft ACM Audio Filter
2003-07-10 05:57:36

msv1_0.dll
0x782d0000
C:\WINNT\system32\MSV1_0.DLL
5.00.2195.6897
Microsoft Corporation
Microsoft Authentication Package v1.0
2004-03-11 10:37:18

IPHLPAPI.DLL
0x77300000
C:\WINNT\system32\iphlpapi.dll
5.00.2195.6602
Microsoft Corporation
IP Helper API
2003-06-19 04:05:04

ICMP.DLL
0x774e0000
C:\WINNT\system32\icmp.dll
5.00.2134.1
Microsoft Corporation
ICMP DLL
2003-07-10 05:57:28

MPRAPI.DLL
0x772e0000
C:\WINNT\system32\mprapi.dll
5.00.2181.1
Microsoft Corporation
Windows NT MP Router Administration DLL
2003-07-10 05:57:36

ACTIVEDS.DLL
0x77370000
C:\WINNT\system32\activeds.dll
5.00.2195.6601
Microsoft Corporation
ADs Router Layer DLL
2003-06-19 04:05:04

ADSLDPC.DLL
0x77340000
C:\WINNT\system32\adsldpc.dll
5.00.2195.6701
Microsoft Corporation
ADs LDAP Provider C DLL
2003-06-19 04:05:04

RTUTILS.DLL
0x777f0000
C:\WINNT\system32\rtutils.dll
5.00.2168.1
Microsoft Corporation
Routing Utilities
2003-07-10 05:57:50

RASAPI32.DLL
0x774a0000
C:\WINNT\system32\rasapi32.dll
5.00.2195.6625
Microsoft Corporation
Remote Access API
2003-06-19 04:05:04

RASMAN.DLL
0x77480000
C:\WINNT\system32\rasman.dll
5.00.2195.6604
Microsoft Corporation
Remote Access Connection Manager
2003-06-19 04:05:04

TAPI32.DLL
0x774f0000
C:\WINNT\system32\tapi32.dll
5.00.2195.6664
Microsoft Corporation
Microsoft? Windows(TM) Telephony API Client DLL
2003-06-19 04:05:04

DHCPCSVC.DLL
0x77320000
C:\WINNT\system32\dhcpcsvc.dll
5.00.2195.6685
Microsoft Corporation
DHCP Client Service
2003-06-19 04:05:04




[services.exe]
PID = 0xd4
CommandLine = C:\WINNT\system32\services.exe
services.exe
0x1000000
C:\WINNT\system32\services.exe
5.00.2195.6700
Microsoft Corporation
Services and Controller app
2003-06-19 04:05:04

ntdll.dll
0x77f80000
C:\WINNT\system32\NTDLL.DLL
5.00.2195.6899
Microsoft Corporation
NT Layer DLL
2004-03-24 10:15:22

RPCRT4.DLL
0x786f0000
C:\WINNT\system32\rpcrt4.dll
5.00.2195.6753
Microsoft Corporation
Remote Procedure Call Runtime
2003-07-05 10:17:18

KERNEL32.dll
0x77e60000
C:\WINNT\system32\KERNEL32.DLL
5.00.2195.6897
Microsoft Corporation
Windows NT BASE API Client DLL
2004-03-24 10:15:22

ADVAPI32.dll
0x796d0000
C:\WINNT\system32\ADVAPI32.DLL
5.00.2195.6876
Microsoft Corporation
Advanced Windows 32 Base API
2004-03-24 10:15:16

NETAPI32.DLL
0x7cea0000
C:\WINNT\system32\NETAPI32.DLL
5.00.2195.7105
Microsoft Corporation
Net Win32 API DLL
2006-07-14 19:24:32

MSVCRT.dll
0x78000000
C:\WINNT\system32\msvcrt.dll
6.10.9844.0
Microsoft Corporation
Microsoft (R) C Runtime Library
2003-06-19 04:05:04

Secur32.dll
0x797b0000
C:\WINNT\system32\secur32.dll
5.00.2195.6695
Microsoft Corporation
Security Support Provider Interface
2003-06-19 04:05:04

NTDSAPI.dll
0x77bd0000
C:\WINNT\system32\ntdsapi.dll
5.00.2195.6666
Microsoft Corporation
NT5DS
2003-06-19 04:05:04

DNSAPI.DLL
0x77960000
C:\WINNT\system32\dnsapi.dll
5.00.2195.6824
Microsoft Corporation
DNS Client API DLL
2004-03-24 10:15:16

WSOCK32.DLL
0x74fd0000
C:\WINNT\system32\wsock32.dll
5.00.2195.6603
Microsoft Corporation
Windows Socket 32-Bit DLL
2003-06-19 04:05:04

WS2_32.DLL
0x74fb0000
C:\WINNT\system32\ws2_32.dll
5.00.2195.6601
Microsoft Corporation
Windows Socket 2.0 32-Bit DLL
2003-06-19 04:05:04

WS2HELP.DLL
0x74fa0000
C:\WINNT\system32\ws2help.dll
5.00.2134.1
Microsoft Corporation
Windows Socket 2.0 Helper for Windows NT
2003-07-10 05:58:04

WLDAP32.DLL
0x77930000
C:\WINNT\system32\wldap32.dll
5.00.2195.6666
Microsoft Corporation
Win32 LDAP API DLL
2003-06-19 04:05:04

NETRAP.dll
0x75150000
C:\WINNT\system32\netrap.dll
5.00.2134.1
Microsoft Corporation
Net Remote Admin Protocol DLL
2003-07-10 05:57:42

SAMLIB.dll
0x750e0000
C:\WINNT\system32\samlib.dll
5.00.2195.6897
Microsoft Corporation
SAM Library DLL
2004-03-24 10:15:20

USER32.DLL
0x77df0000
C:\WINNT\system32\USER32.DLL
5.00.2195.6897
Microsoft Corporation
Windows 2000 USER API Client DLL
2004-03-24 10:15:16

GDI32.DLL
0x77f40000
C:\WINNT\system32\GDI32.DLL
5.00.2195.6898
Microsoft Corporation
GDI Client DLL
2004-03-23 18:15:16

UMPNPMGR.DLL
0x76740000
C:\WINNT\system32\umpnpmgr.dll
5.00.2182.1
Microsoft Corporation
User-mode Plug-and-Play Service
2003-07-10 05:58:00

USERENV.DLL
0x794d0000
C:\WINNT\system32\USERENV.DLL
5.00.2195.6794
Microsoft Corporation
Userenv
2004-03-24 10:15:16

SCESRV.DLL
0x767b0000
C:\WINNT\system32\scesrv.dll
5.00.2195.6903
Microsoft Corporation
Windows Security Configuration Editor Engine
2004-03-24 10:15:18

IMM32.DLL
0x75e00000
C:\WINNT\system32\imm32.dll
5.00.2195.6655
Microsoft Corporation
Windows 2000 IMM32 API Client DLL
2003-06-19 04:05:04

eventlog.dll
0x76830000
C:\WINNT\system32\EVENTLOG.DLL
5.00.2195.6883
Microsoft Corporation
Event Logging Service
2004-03-24 10:15:18

dhcpcsvc.dll
0x77320000
C:\WINNT\system32\dhcpcsvc.dll
5.00.2195.6685
Microsoft Corporation
DHCP Client Service
2003-06-19 04:05:04

ICMP.DLL
0x774e0000
C:\WINNT\system32\icmp.dll
5.00.2134.1
Microsoft Corporation
ICMP DLL
2003-07-10 05:57:28

IPHLPAPI.DLL
0x77300000
C:\WINNT\system32\iphlpapi.dll
5.00.2195.6602
Microsoft Corporation
IP Helper API
2003-06-19 04:05:04

MPRAPI.DLL
0x772e0000
C:\WINNT\system32\mprapi.dll
5.00.2181.1
Microsoft Corporation
Windows NT MP Router Administration DLL
2003-07-10 05:57:36

OLE32.DLL
0x77a30000
C:\WINNT\system32\OLE32.DLL
5.00.2195.6769
Microsoft Corporation
Microsoft OLE for Windows
2003-07-05 10:17:18

OLEAUT32.DLL
0x77990000
C:\WINNT\system32\oleaut32.dll
2.40.4522
Microsoft Corporation

2003-06-19 04:05:04

ACTIVEDS.DLL
0x77370000
C:\WINNT\system32\activeds.dll
5.00.2195.6601
Microsoft Corporation
ADs Router Layer DLL
2003-06-19 04:05:04

ADSLDPC.DLL
0x77340000
C:\WINNT\system32\adsldpc.dll
5.00.2195.6701
Microsoft Corporation
ADs LDAP Provider C DLL
2003-06-19 04:05:04

RTUTILS.DLL
0x777f0000
C:\WINNT\system32\rtutils.dll
5.00.2168.1
Microsoft Corporation
Routing Utilities
2003-07-10 05:57:50

SETUPAPI.DLL
0x6d990000
C:\WINNT\system32\setupapi.dll
5.00.2195.6622
Microsoft Corporation
Windows Setup API
2003-06-19 04:05:04

RASAPI32.DLL
0x774a0000
C:\WINNT\system32\rasapi32.dll
5.00.2195.6625
Microsoft Corporation
Remote Access API
2003-06-19 04:05:04

RASMAN.DLL
0x77480000
C:\WINNT\system32\rasman.dll
5.00.2195.6604
Microsoft Corporation
Remote Access Connection Manager
2003-06-19 04:05:04

TAPI32.DLL
0x774f0000
C:\WINNT\system32\tapi32.dll
5.00.2195.6664
Microsoft Corporation
Microsoft? Windows(TM) Telephony API Client DLL
2003-06-19 04:05:04

COMCTL32.DLL
0x71710000
C:\WINNT\system32\comctl32.dll
5.81
Microsoft Corporation
Common Controls Library
2002-08-29 09:32:08

SHLWAPI.DLL
0x70bd0000
C:\WINNT\system32\shlwapi.dll
6.00.2800.1106
Microsoft Corporation
Shell Light-weight Utility Library
2002-08-29 09:32:08

dnsrslvr.dll
0x76840000
C:\WINNT\system32\dnsrslvr.dll
5.00.2195.6876
Microsoft Corporation
DNS Caching Resolver Service
2004-03-24 10:15:18

msafd.dll
0x74f50000
C:\WINNT\system32\msafd.dll
5.00.2195.6602
Microsoft Corporation
Microsoft Windows Sockets 2.0 Service Provider
2003-06-19 04:05:04

wshtcpip.dll
0x74f90000
C:\WINNT\system32\wshtcpip.dll
5.00.2195.6601
Microsoft Corporation
Windows Sockets Helper DLL
2003-06-19 04:05:04

lmhsvc.dll
0x76820000
C:\WINNT\system32\lmhsvc.dll
5.00.2195.6601
Microsoft Corporation
TCPIP NetBios Transport Services DLL
2003-06-19 04:05:04

WINSTA.DLL
0x64e20000
C:\WINNT\system32\winsta.dll
5.00.2195.6701
Microsoft Corporation
Winstation Library
2003-06-19 04:05:04

dmserver.dll
0x76860000
C:\WINNT\system32\dmserver.dll
2195.6605.297.3
VERITAS Software Corp.
Logical Disk Manager service dll
2003-06-19 04:05:04

CFGMGR32.DLL
0x77070000
C:\WINNT\system32\cfgmgr32.dll
5.00.2134.1
Microsoft Corporation
Configuration Manager Forwarder DLL
2003-07-10 05:57:00

Srvsvc.dll
0x76780000
C:\WINNT\system32\srvsvc.dll
5.00.2195.6697
Microsoft Corporation

进程太长，发不完了，帮忙啊，各位大侠

有人恢复吗

O4 - HKCU\..\Run: [08cgu2dmz6] C:\WINNT\winlog0n.exe是病毒，楼主用的是intel集成主板吧

谢谢啊，我已经删除这个东东了

【回复“hzgsldm”的帖子】
是的，我用的就是那个主板

O9 - Extra Button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559}? -    有问题````

O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab  恶意启动项（不确定）

【回复“帮帮我ya”的帖子】
能说清楚点吗，我用反间谍专家查过了，没问题啊

你把帖子发到反浏览器劫持  那更详细些吧  我菜鸟````有的看得出来不会怎么做````

清楚点哦

因为你说的那个，我不知道该在哪里找到然后删除，而刚才回复我的那位是有系统位置的

求助，还是有O4 - HKCU\..\Run: [08cgu2dmz6] C:\WINNT\winlog0n.exe，
我该怎么办啊

我把winlog0n.exe的文件删除了，可我怎么在注册表里删除啊

路过~~杀不完就重做~~

说废话的滚开

有人吗

你有被份吗？~

就是重新安装的备份我是有的，不过那样太麻烦了，又要重新安装瑞星

在安全模式下，结束winlog0n.exe进程，删除病毒文件，在注册表中以winlog0n.exe为关键字搜寻，删除所有找到的项。重新启动，用瑞星开机扫描，扫描所有驱动和服务。

试试360

http://www.360safe.com/   

【回复“hzgsldm”的帖子】
我无法删除啊

我是菜鳥.初來乍道.期待高手的指點.從中學習...

【回复“hzgsldm”的帖子】
Internat.exe是不是病毒啊？
因为我也是找winlog0n.exe发现它的，而且它的数据是internat.exe
是病毒吗？

Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 4. 5
Scan saved at 13:13:18, on 2007-02-05
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1; (6.00.2800.1106)


O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "D:\PROGRA~1\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [runeip] D:\PROGRA~1\卡卡\runiep.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder\Program\GetAllUrl.htm
O9 - Extra Button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559}? -
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Program Files\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Program Files\Thunder\Thunder.exe
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F8D798-05C2-4BC7-8A1F-0D4911904FFA}: NameServer = 61.153.177.201 61.153.177.197
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: wzcnotif
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\progra~1\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\progra~1\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "D:\PROGRA~1\Rising\Rav\CCenter.exe"
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\PROGRA~1\Rising\Rav\Ravmond.exe"

就是O4 - HKCU\..\Run: [Internat.exe] internat.exe
这条

在注册表里[搜索] 关于winlog0n.exe的项  删掉就可以了

路过！学习了！


上网习惯最重要！！