ogfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 21:45:03, on 2006-08-09
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[ati2evxx.exe]
CommandLine = C:\WINDOWS\system32\Ati2evxx.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "d:\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[RavMonD.exe]
CommandLine = "d:\Rising\Rav\Ravmond.exe"

[ati2evxx.exe]
CommandLine = Ati2evxx.exe -Client

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[rfwsrv.exe]
CommandLine = d:\rising\rfw\rfwsrv.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[wmiprvse.exe]
CommandLine = C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[RavStub.exe]
CommandLine = d:\Rising\Rav\RavStub.exe /RAVMOND

[rfwmain.exe]
CommandLine =  -StartUp

[RavTask.exe]
CommandLine = "D:\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "D:\Rising\Rav\Ravmon.exe" -SYSTEM

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[HijackThis1991zww.exe]
CommandLine = "D:\HijackThis1[1].99.1\HijackThis1991zww.exe"

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[KkScan.exe]
CommandLine = "d:\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/
O1 - Hosts: 127.0.0.1      localhost
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [RavTask] "d:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [RavStub] "d:\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - d:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Thunder\Program\GetAllUrl.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{94832874-FE1C-435D-81BE-DA8674BD6F3B}: NameServer = 61.137.94.196 61.137.94.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A6E2BBD-33F9-43EB-B2D1-07F905EAF97E}: NameServer = 61.137.94.196,61.137.94.195
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O20 - Winlogon Notify: AtiExtEvent
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "d:\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "d:\Rising\Rav\Ravmond.exe"