Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 12:00:34, on 2006-10-30
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Running processes:
[smss.exe]
CommandLine =
[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[winlogon.exe]
CommandLine = winlogon.exe
[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe
[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService
[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE
[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe
[rundll32.exe]
CommandLine = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service
[nvsvc32.exe]
CommandLine = C:\WINDOWS\system32\nvsvc32.exe
[rfwsrv.exe]
CommandLine = "c:\program files\rising\rfw\rfwsrv.exe"
[CCenter.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
[RavMonD.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"
[rundll32.exe]
CommandLine = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s
[YLive.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe"
[agetltfes.exe]
CommandLine = "C:\WINDOWS\system32\agetltfes.exe"
[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"
[QQ.exe]
CommandLine = "C:\Program Files\Tencent\QQ\QQ.exe"
[TIMPlatfrom.exe]
CommandLine = "C:\Program Files\Tencent\QQ\TIMPlatfrom.exe"
[wuauclt.exe]
CommandLine = "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[324]SUSDS204a64a29f2d0a479d34092295705e2d
[TTraveler.exe]
CommandLine = "C:\Program Files\Tencent\TT\TTraveler.exe"
[rundll32.exe]
CommandLine = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sdmAgent22.dll,StartAgent
[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 61.188.38.64 www.gamezt.com.cn
O1 - Hosts: 61.188.38.64 meng.nicemm.cn
O1 - Hosts: 61.188.38.64 www.hyap98.com
O1 - Hosts: 61.188.38.64 upd.etsoft.com.cn
O1 - Hosts: 61.188.38.64 www.essonarts.com
O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com
O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com
O1 - Hosts: 61.188.38.64 woool.100888290cs.com
O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com
O1 - Hosts: 61.188.38.64 www.yowoool.com
O1 - Hosts: 61.188.38.64 13511.com
O1 - Hosts: 61.188.38.64 www.13511.com
O1 - Hosts: 61.188.38.64 ywg.cn
O2 - BHO: netup - {0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} - C:\WINDOWS\system32\netiup.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - (file missing)
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\system32\CdnIEHlp.dll
O2 - BHO: SYM - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} - C:\WINDOWS\system32\usersrd.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: ra
Object Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: QQBrowserHelper
Object Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IE
Object Class - {5F5422F7-7159-4CB6-BE7D-2C7EED492762} - C:\PROGRA~1\COMMON~1\yehoo\yehoo.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\游戏包\ComDlls\XunLeiBHO_002.dll
O2 - BHO: - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - C:\WINDOWS\system32\kakatool.dll
O2 - BHO: assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] C:\Program Files\Rising\Rav\RavMon.exe -system
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [RavUpes] C:\WINDOWS\system32\agetltfes.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - E:\游戏包\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\游戏包\Program\GetAllUrl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra Button: (no name) - AutorunsDisabled -
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\游戏包\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\游戏包\Thunder.exe
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A}? - E:\浩方对战平台\GameClient.exe
O9 - Extra Button: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\system32\CdnIEHlp.dll
O9 - Extra 'Tools' menuitem: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\system32\CdnIEHlp.dll
O9 - Extra Button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}? - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}? - http://www.tomatolei.com (file missing)
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\System32\nsp.dll
