瑞星卡卡安全论坛

Logfile of Kaka v2. 0. 0. 1 Scan Module v1. 0. 6. 1
Scan saved at 17:16:57, on 2007-04-26
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)


Running processes:
[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[RFWMAIN.EXE]
CommandLine =  -StartUp

[RUNIEP.EXE]
CommandLine = "C:\Program Files\Rising\AntiSpyware\runiep.exe"

[AVGAS.EXE]
CommandLine = "I:\avgewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[360Tray.exe]
CommandLine = "C:\Program Files\360safe\safemon\360Tray.exe" /start

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[MedDic.exe]
CommandLine = "I:\meddic\MedDic.exe" -c

[PubMedupd.exe]
CommandLine = "I:\文献王\PubMedupd.exe"

[rundll32.exe]
CommandLine = "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\shell32.dll,Control_RunDLL C:\WINDOWS\system32\appwiz.cpl

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[Rsaupd.exe]
CommandLine = "I:\Rising\Update\Rsaupd.exe" http://download.rising.com.cn/ikaka/

[Ras.exe]
CommandLine = "I:\Rising\Ras.exe"

[360Safe.exe]
CommandLine = "C:\Program Files\360safe\360safe.exe"

R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1      localhost
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RfwMain] "I:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "I:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] ; "I:\adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\avgewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\RunOnce: [RavStub] "I:\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: desktop.ini =
O4 - Startup: 新编全医药学大词典.lnk = I:\meddic\MedDic.exe
O4 - Startup: PubMed自动更新.lnk = I:\文献王\PubMedupd.exe
O4 - Global Startup: desktop.ini =
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {1DE88635-1C72-401E-B23B-93FA86D30F3B} (SSReaderPlug) - http://www.sslibrary.com/download/SSReaderPlug.cab