Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 01:17:18, on 2006-08-19
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[ati2evxx.exe]
CommandLine = C:\WINDOWS\system32\Ati2evxx.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[ati2evxx.exe]
CommandLine = Ati2evxx.exe -Client

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[ccSetMgr.exe]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

[ccEvtMgr.exe]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[ccProxy.exe]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"

[DefWatch.exe]
CommandLine = "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"

[inetinfo.exe]
CommandLine = C:\WINDOWS\system32\inetsrv\inetinfo.exe

[mysqld-nt.exe]
CommandLine = "C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 4.1\my.ini" MySQL

[SNDSrvc.exe]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc

[Rtvscan.exe]
CommandLine = "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"

[SymSPort.exe]
CommandLine = "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"

[wdfmgr.exe]
CommandLine = C:\WINDOWS\system32\wdfmgr.exe

[ccApp.exe]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[VPTray.exe]
CommandLine = "C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe"

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[rundll32.exe]
CommandLine = "C:\WINDOWS\system32\Rundll32.exe"  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[svchost.exe]
CommandLine = "C:\WINDOWS\svchost.exe"

[conime.exe]
CommandLine = C:\WINDOWS\system32\conime.exe

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[rundll32.exe]
CommandLine = C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll

[wuauclt.exe]
CommandLine = "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[440]SUSDS1e15a50909968f44acb84f5088111cb2

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.powernum123.com
O1 - Hosts: 127.0.0.1 www.powernum123.com.cn
O1 - Hosts: 127.0.0.1 powernum123.com
O1 - Hosts: 127.0.0.1 powernum123.com.cn
O1 - Hosts: 127.0.0.1 www.chebl.com
O1 - Hosts: 127.0.0.1 www.chebl.cn
O1 - Hosts: 127.0.0.1 www.chebl.com.cn
O1 - Hosts: 127.0.0.1 chebl.com
O1 - Hosts: 127.0.0.1 chebl.com.cn
O1 - Hosts: 127.0.0.1 chebl.cn
O1 - Hosts: 127.0.0.1 www.chebuluo.com.cn
O1 - Hosts: 127.0.0.1 www.chebuluo.com
O1 - Hosts: 127.0.0.1 www.chebuluo.cn
O1 - Hosts: 127.0.0.1 chebuluo.com.cn
O1 - Hosts: 127.0.0.1 chebuluo.com
O1 - Hosts: 127.0.0.1 chebuluo.cn
O1 - Hosts: 127.0.0.1 www.17sp.com
O1 - Hosts: 127.0.0.1 www.17sp.com.cn
O1 - Hosts: 127.0.0.1 17sp.com
O1 - Hosts: 127.0.0.1 17sp.com.cn
O1 - Hosts: 127.0.0.1 www.feikong.com
O1 - Hosts: 127.0.0.1 www.feikong.com.cn
O1 - Hosts: 127.0.0.1 www.feikong.cn
O1 - Hosts: 127.0.0.1 feikong.com
O1 - Hosts: 127.0.0.1 feikong.com.cn
O1 - Hosts: 127.0.0.1 feikong.cn
O1 - Hosts: 127.0.0.1 www.hacong.com
O1 - Hosts: 127.0.0.1 hacong.com
O1 - Hosts: 127.0.0.1 www.xbxb*****com
O1 - Hosts: 127.0.0.1 www.sobt.com
O1 - Hosts: 127.0.0.1 www.sobt.com.cn
O1 - Hosts: 127.0.0.1 www.sobt.cn
O1 - Hosts: 127.0.0.1 www.sobt.net
O1 - Hosts: 127.0.0.1 sobt.com
O1 - Hosts: 127.0.0.1 sobt.com.cn
O1 - Hosts: 127.0.0.1 sobt.cn
O1 - Hosts: 127.0.0.1 sobt.net
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)

O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - C:\WINDOWS\system32\kakatool.dll
O2 - BHO:  (file missing)
O2 - BHO: isObject Class - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - Startup: desktop.ini =
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra Button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra Button: 易趣购物 - {DE607144-AC19-424e-866A-6D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607144-AC19-424e-866A-6D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra Button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra Button: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? - http://www.yok.com (file missing)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\quartz32.dll
O11 - Options group: [CDNCLIENT]  中文上网
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://szdl.cmbchina.com/download/PB/pb50.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{615523AD-A599-45AD-9335-915435528F08}: NameServer = 218.85.157.99 202.101.98.55
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: AtiExtEvent
O20 - Winlogon Notify: NavLogon
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) -  - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: MySQL (MySQL) -  - "C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 4.1\my.ini" MySQL
O23 - Service: SAVRoam (SavRoam) - symantec - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
O23 - Service: Symantec AntiVirus (Symantec AntiVirus) - Symantec Corporation - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"

建议你下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。

请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行LSPFix.exe
删除
quartz32.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\system32\quartz32.dll
修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
回到正常模式，请再扫日志粘上来。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。