瑞星卡卡安全论坛

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 11:16:36, on 2006-11-13
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))

到http://free5.ys168.com/?jxsbb
下载HijackThis1[1].99.1.rar 0.2MB 系统扫描工具或者sreng2.zip 0.4MB 系统扫描工具，解压，打开，运行，执行扫描，保存日志，将日志内容贴上来，注意不要改动，一次贴不完，分多次贴！

【回复“传说中的明明”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <nTrayFw><C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe>  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <HF_GameClient><F:\浩方解压文件\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsetup.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsetup.exe>  [(Verified)]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lmdm_setup_2.1_110.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lmdm_setup_2.1_110.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook029.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook029.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\121.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\121.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_40254.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_40254.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup133.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup133.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Update.exe>  [N/A]
    <KAVPersonal50><"D:\卡巴斯基\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

【回复“传说中的明明”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <nTrayFw><C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe>  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <HF_GameClient><F:\浩方解压文件\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsetup.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsetup.exe>  [(Verified)]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lmdm_setup_2.1_110.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lmdm_setup_2.1_110.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook029.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook029.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\121.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\121.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_40254.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_40254.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup133.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup133.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Update.exe>  [N/A]
    <KAVPersonal50><"D:\卡巴斯基\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

【回复“传说中的明明”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <nTrayFw><C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe>  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <HF_GameClient><F:\浩方解压文件\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsetup.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsetup.exe>  [(Verified)]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lmdm_setup_2.1_110.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lmdm_setup_2.1_110.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook029.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook029.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\121.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\121.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_40254.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_40254.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup133.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup133.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Update.exe>  [N/A]
    <KAVPersonal50><"D:\卡巴斯基\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

【回复“传说中的明明”的帖子】
我不知道要帖那些东西上去给你看好啊