Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 14:31:04, on 2006-08-30
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe
[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe
[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe
[vtserver.exe]
CommandLine = "C:\Program Files\Common Files\Virtual Token\vtserver.exe"
[ibmpmsvc.exe]
CommandLine = C:\WINDOWS\system32\ibmpmsvc.exe
[ati2evxx.exe]
CommandLine = C:\WINDOWS\system32\Ati2evxx.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[CCenter.exe]
CommandLine = "d:\Program Files\Rising\Rav\CCenter.exe"
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[S24EvMon.exe]
CommandLine = C:\WINDOWS\system32\S24EvMon.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService
[RavMonD.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmond.exe"
[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe
[RavStub.exe]
CommandLine = "D:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND
[rrpcsb.exe]
CommandLine = "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
[rundll32.exe]
CommandLine = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service
[MDM.EXE]
CommandLine = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
[rundll32.exe]
CommandLine = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087
[QCONSVC.EXE]
CommandLine = System32\QCONSVC.EXE
[RegSrvc.exe]
CommandLine = C:\WINDOWS\system32\RegSrvc.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc
[TPHDEXLG.exe]
CommandLine = System32\TPHDEXLG.EXE
[TpKmpSvc.exe]
CommandLine = C:\WINDOWS\system32\TpKmpSVC.exe
[Network.exe]
CommandLine = "C:\Program Files\Common Files\SAND\Network.exe"
[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE
[rundll32.exe]
CommandLine = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087
[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe
[TpShocks.exe]
CommandLine = "C:\WINDOWS\system32\TpShocks.exe"
[TPHKMGR.exe]
CommandLine = "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
[TPONSCR.exe]
CommandLine = "C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe"
[SynTPLpr.exe]
CommandLine = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
[TpScrex.exe]
CommandLine = "C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe"
[SynTPEnh.exe]
CommandLine = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
[ibmmessages.exe]
CommandLine = "C:\Program Files\IBM\Messages By IBM\ibmmessages.exe"
[QCWLICON.EXE]
CommandLine = "C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE"
[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
[yassistse.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
[RavMon.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM
[msmsgs.exe]
CommandLine = "C:\Program Files\Messenger\msmsgs.exe" /background
[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"
[GoogleToolbarNotifier.exe]
CommandLine = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
[RsAgent.exe]
CommandLine = "D:\Program Files\Rising\Rav\RsAgent.exe"
[agentsvr.exe]
CommandLine = C:\WINDOWS\msagent\AgentSvr.exe -Embedding
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"
[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com/ie
R3 - Default URLSearchHook is missing
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} -  (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8383D2A-32FF-4196-A256-1C5917BAD7A4}: NameServer = 202.96.209.5 202.96.209.133
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: IBM Rapid Restore Ultra Service (IBM Rapid Restore Ultra Service) -  - "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
O23 - Service: IBM PM Service (IBMPMSVC) -  - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: JMediaService (JMediaService) -  - C:\WINDOWS\system32\rundll32.exe c:\progra~1\mmsass~1\mmssver.dll,service
O23 - Service: KDTAnywhere Server (kdtanywhere) - 北京瑞星科技股份有限公司 - "D:\Program Files\瑞星专家服务系统-标准版\KDTAnywhereS.exe" -service
O23 - Service: ClipManager (Mercha2) -  - C:\WINDOWS\system32\rundll32.exe c:\windows\system32\wbem\irjit.dll,export 1087
O23 - Service: MSCSPTISRV (MSCSPTISRV) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"
O23 - Service: PACSPTISVR (PACSPTISVR) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"
O23 - Service: IBM PSA Access Driver Control (PsaSrv) -  - C:\WINDOWS\system32\psasrv.exe
O23 - Service: QCONSVC (QCONSVC) - IBM Corp. - C:\WINDOWS\system32\qconsvc.exe
O23 - Service: RegSrvc (RegSrvc) - Intel Corporation - C:\WINDOWS\system32\regsrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: Smarytcer RSVPE (RSVPE) -  - C:\WINDOWS\erver.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\s24evmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\system32\tphdexlg.exe
O23 - Service: IBM KCU Service (TpKmpSVC) -  - C:\WINDOWS\system32\tpkmpsvc.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\SAND\Network.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - "C:\Program Files\Common Files\Virtual Token\vtserver.exe"
O23 - Service: DNS Cache (WalALET) -  - C:\WINDOWS\system32\rundll32.exe c:\windows\system32\wbem\irjit.dll,export 1087