瑞星卡卡安全论坛

用 卡卡.扫到了. "恶意插件wadex"  重启后不能删除

  卡卡日志为:
  Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 3. 7
Scan saved at 21:05:39, on 2006-12-25
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://toolsbar.kuaiso.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ABOBEF~1\tbhelper.dll
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: Thunder Browser Helper - {11F09AFC-75AD-4E51-AB43-E09E9351CE16} - E:\讯雷\ComDlls\XunLeiBHO_006.dll
O2 - BHO:  (file missing)
O2 - BHO: Google Bar - {12365484-96a1-6974-3269-123555124655} - C:\WINDOWS\system32\GoogleBar.dll (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -  (file missing)
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\QQ最新\QQ 2006\QQIEHelper.dll
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: XBTBPos00 Class - {72A7F654-0DF2-4E24-8CC7-C32CABCBE3E7} - C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL
O2 - BHO: XBTBPos00 Class - {88C43374-ECEE-4DB9-A06E-F69C7871B0A9} - C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL
O2 - BHO:  (file missing)
O2 - BHO:  - {F770522B-198D-4134-9D74-D30F41B3BA44} - C:\WINDOWS\system32\tgzihzdzdiuufai.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon打印机\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: Abobe Flash Play 9 - {F85E8BAB-1A14-4090-9C50-6B9141450239} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll
O3 - Toolbar: Abobe Flash Play 9 - {DF9C07B2-C8C1-4FEA-B0FE-5E0709162B26} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\W550c\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [HF_GameClient] D:\HF对战平台\浩方对战平台\gameclient.exe
O4 - HKLM\..\Run: [SysExplr] C:\Program Files\herosoft\SuperPLAY3500\SysExplr.exe
O4 - HKLM\..\Run: [wreadsafds] D;]XJOEPXT]ufnq]te266/fyf
O4 - HKLM\..\Run: [tcflfc95] %systemroot%\system32\Rundll32.exe %systemroot%\system32\tcflfc95.dll,DllUnregisterServer
O4 - HKLM\..\Run: [syozxv21] %systemroot%\system32\Rundll32.exe %systemroot%\system32\syozxv21.dll,DllUnregisterServer
O4 - HKLM\..\Run: [nbruio75] %systemroot%\system32\Rundll32.exe %systemroot%\system32\nbruio75.dll,DllUnregisterServer
O4 - HKLM\..\Run: [hmyplh16] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hmyplh16.dll,DllUnregisterServer
O4 - HKLM\..\Run: [runeip] E:\瑞星卡卡\runiep.exe
O4 - HKLM\..\Run: [ditqlw55] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ditqlw55.dll,DllUnregisterServer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "E:\暴风影音\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [qiofki94] %systemroot%\system32\Rundll32.exe %systemroot%\system32\qiofki94.dll,DllUnregisterServer
O4 - HKLM\..\Run: [pbxfom19] %systemroot%\system32\Rundll32.exe %systemroot%\system32\pbxfom19.dll,DllUnregisterServer
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\反病毒软件\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [owhdkc80] %systemroot%\system32\Rundll32.exe %systemroot%\system32\owhdkc80.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [KKDelay] E:\瑞星卡卡\RunOnce.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels1118.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - E:\讯雷\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\讯雷\Program\getallurl.htm
O8 - Extra context menu item: Easy-WebPrint添加到打印列表 - res://D:\Canon打印机\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint高速打印 - res://D:\Canon打印机\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ最新\QQ 2006\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ最新\QQ 2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ最新\QQ 2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ最新\QQ 2006\SendMMS.htm
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\讯雷\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\讯雷\Thunder.exe
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\HF对战平台\浩方对战平台\gameclient.exe
O9 - Extra Button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ最新\QQ 2006\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ最新\QQ 2006\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ最新\QQ 2006\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ最新\QQ 2006\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (163Uploader Control) - http://upload.photo.163.com/163Uploader.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - E:\Kugoo\KuGoo3\InExtend\KuGoo3DownXControl.ocx
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: AtiExtEvent
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINDOWS\system32\themeadp.dll
O21 - SSODL: MediaCheck - {D1F73845-4BAB-4061-A46B-FCF7ECC19217} - C:\PROGRA~1\Kuree\MService.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O22 - SharedTaskScheduler: Windows Media Player 核心预加载程序 - {78BF3960-61F0-4F4E-825D-3554FA61E847} - C:\WINDOWS\system32\wmpkn.dll
O23 - Service: Adobe LM Service (Adobe LM Service) - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: B302EC43 (B302EC43) -  - C:\WINDOWS\system32\b302ec43.exe -service
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Multi-Function Station Device Monitor (KMDevmonSrv) -  - C:\WINDOWS\system32\kmdevmonsrv.exe
O23 - Service: LGKaiSiteS (LGKaiSite) -  - C:\WINDOWS\system32\quzeknrwae.exe
O23 - Service: Logical Disk Manager Administrator Service (Logical Disk Manager Administrator Service) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: MicroMsgServices (MicroMsgServices) -  - C:\WINDOWS\system32\svchost.exe -k micromsgservices
O23 - Service: RestoreService (RestoreService) -  - C:\WINDOWS\system32\svchost.exe -k restoreservice
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs