C:\WINNT\Logo1_.exe

楼主赶紧断开几台电脑的连接吧,这个好象就是那目前最厉害的威金,只有一个还好点,如果都感染..那后果...不好说了.把这个电脑独立起来吧,快点吧

赶紧全都扫描一下吧,楼主,恭喜,中大奖了,,,不知道楼主有多少电脑,,似乎要忙一下了

我可以肯定了,楼主就是中了威金了

去这里看看吧...先学习一下

http://forum.ikaka.com/topic.asp?board=28&artid=8126972

C:\WINNT\Logo1_.exe
威金。。。关闭共享，防止其他的机子感染，然后去下载威金专杀。杀完再扫日志上来。不能解决问题的话，得重装了

我公司的电脑已经中了很多  关共享已经不可能了。。
威金专杀试过了没用，    现在烦死了N多电脑。  真想骂那个造病毒的人，，，5555555555555555

全扫描吧,看看还有多少幸运没中..赶紧先断了所有的连接,一个一个来吧..就留一个先上网用,要不损失会越来越大啊...

实在不行就备份重要资料,然后叫修理商吧..

http://forum.ikaka.com/topic.asp?board=28&artid=6372316

这个帖子可以仔细看看啊

又是该死的威金!!可恶的威金

偶发现最新版的杀毒软件也无法将其清除,最终需要重装系统,可恶呀!!

C:\WINNT\Logo1_.exe
全格吧

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 11:35:30, on 2006-09-27
Platform: Microsoft Windows 98 SE
MSIE: Internet Explorer v5.51 SP2;Q306121;Q824145;Q828750;Q867801; (5.51.4807.2300)


Running processes:
[KERNEL32.DLL]
CommandLine =

[MSGSRV32.EXE]
CommandLine =

[MPREXE.EXE]
CommandLine = C:\WINDOWS\SYSTEM\MPREXE.EXE

[SCARDSVR.EXE]
CommandLine = C:\WINDOWS\SYSTEM\SCardSvr.exe

[CCENTER.EXE]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"

[RAVMOND.EXE]
CommandLine = "C:\Program Files\Rising\Rav\RavMond.exe"

[RAVMON.EXE]
CommandLine = "C:\Program Files\Rising\Rav\RavMon.exe" -system

[RFWSRV.EXE]
CommandLine = "C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service

[mmtask.tsk]
CommandLine =

[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.exe

[RPCSS.EXE]
CommandLine = RPCSS

[RFWMAIN.EXE]
CommandLine =  -StartUp

[INTERNAT.EXE]
CommandLine = "C:\WINDOWS\SYSTEM\internat.exe"

[SYSTRAY.EXE]
CommandLine = "C:\WINDOWS\SYSTEM\SysTray.Exe"

[FMCTRL.EXE]
CommandLine = "C:\WINDOWS\SYSTEM\Fmctrl.EXE"

[HKCMD.EXE]
CommandLine = "C:\WINDOWS\SYSTEM\hkcmd.exe"

[YLIVE.EXE]
CommandLine = "C:\PROGRA~1\YAHOO!\ASSIST~1\YLive.exe"

[YASSISTSE.EXE]
CommandLine = "C:\PROGRAM FILES\YAHOO!\ASSISTANT\YASSISTSE.EXE"

[DDHELP.EXE]
CommandLine = ddhelp.exe

[RAVTASK.EXE]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[WMIEXE.EXE]
CommandLine = WmiExe 52

[RAV.EXE]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\Rav.exe"

[SPOOL32.EXE]
CommandLine = C:\WINDOWS\SYSTEM\spool32.exe

[IEXPLORE.EXE]
CommandLine = "C:\PROGRA~1\INTERN~1\iexplore.exe"

[PSTORES.EXE]
CommandLine = C:\WINDOWS\SYSTEM\PSTORES.EXE

[KKSCAN.EXE]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/index5.htm
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YANGLING.DLL
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\SYSTEM\WMPDRM.DLL (file missing)
O2 - BHO:  - {00014B58-338A-45F2-81E2-6A86F27399B7} - C:\PROGRA~1\INTERN~1\PLUGINS\TROJAN~1.DLL (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\DESKIPN.DLL (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\WINDOWS\SYSTEM\IEHELPER_4895.DLL (file missing)
O2 - BHO: Hssdtobj Class - {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} - C:\WINDOWS\SYSTEM\HSSDTOBM.DLL
O2 - BHO: SDObmObj Class - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINDOWS\SYSTEM\OBWBKYA.DLL
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\SYSTEM\KAKATOOL.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\YAHOO!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRAM FILES\YAHOO!\ASSISTANT\YASSISTSE.EXE"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [DbooInfo] C:\WINDOWS\DBMSINFO.EXE
O4 - HKLM\..\Run: [SDAgentService] C:\Program Files\Common Files\smartde\sde.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunServices: [SCardSvr] C:\WINDOWS\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [RsCcenter] "C:\Program Files\Rising\Rav\CCenter.exe"
O4 - HKLM\..\RunServices: [RavMond] "C:\Program Files\Rising\Rav\RavMond.exe"
O4 - HKLM\..\RunServices: [RavMon] "C:\Program Files\Rising\Rav\RavMon.exe" -system
O4 - HKLM\..\RunServices: [RfwService] "C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL/246
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YRSS.DLL/YRSSMENUEXT
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm
O9 - Extra Button: @shdoclc.dll,-866@2052,相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864@2052,显示相关站点(&R) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
O16 - DPF: Internet Explorer Classes for Java - file://C:\WINDOWS\SYSTEM\iejava.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://zs.kingsoft.com/KOSInit.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP:  NameServer = 61.134.1.4
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX