日志文件 Trend Micro HijackThis v 2.0.2 日志保存时间: 12:52:05,2008-12-17 操作系统: Windows XP SP2 (WinNT 5.01.2600) IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180) 启动模式: 正常 正在运行的进程: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\PROGRAM FILES\RISING\RAV\ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Antiy Labs\ASoft\AGBKrnl.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe E:\storm\stormliv.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Antiy Labs\ASoft\AScheduleService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Antiy Labs\ACenter\ACenter.exe C:\PROGRAM FILES\RISING\RAV\RavMon.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\TpShocks.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Acrobat\Distillr\Acrotray.exe E:\Backup\tools\FXCalendar\FXCalendar\FXCalendar.EXE E:\Backup\UUCall3.exe C:\Program Files\Rising\Rav\RavTask.exe E:\Backup\tools\木马专家\T Expert 2009\mmzj.exe C:\WINDOWS\system32\ctfmon.exe E:\deamon tools\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Tencent\TT\bin\TTraveler.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Documents and Settings\Strong & Brave\桌面\hijackthis_v2.02h\HijackThis.exe O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\PushWare\cpush.dll(文件不存在) O2 - BHO: ABHO - {53BEAA3C-A509-49AD-ACC3-553AD20DA38B} - C:\Program Files\Antiy Labs\AModule\ABHODll.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: JavaSunSurf Class - {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2234.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Acrobat\Acrobat\AcroIEFavClient.dll O3 - IE 工具栏: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Acrobat\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [FXCalendar] E:\Backup\tools\FXCalendar\FXCalendar\FXCalendar.EXE O4 - HKLM\..\Run: [UUCallMini] "E:\Backup\UUCall3.exe" -autorun O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [木马专家] E:\Backup\tools\木马专家\T Expert 2009\mmzj.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\deamon tools\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - 扩展右键菜单项: 使用迅雷下载 - E:\thunder\Program\GetUrl.htm O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - E:\thunder\Program\GetAllUrl.htm O8 - 扩展右键菜单项: 发送到 Bluetooth(&B) - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - 扩展右键菜单项: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - 扩展右键菜单项: 添加到QQ表情 - E:\QQ\AddEmotion.htm O8 - 扩展右键菜单项: 转换为 Adobe PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - 扩展右键菜单项: 转换为现有 PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - 扩展右键菜单项: 转换选定的链接为 Adobe PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - 扩展右键菜单项: 转换选定的链接为现有 PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - 扩展右键菜单项: 转换选项为 Adobe PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - 扩展右键菜单项: 转换选项为现有 PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - 扩展右键菜单项: 转换链接目标为 Adobe PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - 扩展右键菜单项: 转换链接目标为现有 PDF - res://E:\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\thunder\Thunder.exe O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\thunder\Thunder.exe O9 - 额外的按钮: 浩方电竞平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方竞技平台\platform 5.0\gameclient.exe O9 - 额外的按钮: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - 额外的“工具”菜单项目: 发送至 OneNote(amp;E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - 额外的按钮: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - 额外的按钮: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - 额外的“工具”菜单项目: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - 额外的按钮: 更新 ThinkPad 软件 - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - 额外的按钮: YlmF - {0C4102BA-23CA-40C4-9E80-EA44B08E2E1F} - http://www.ylmf.com(文件不存在) (HKCU) O15 - Trusted Zone: http://*.rising.com.cn O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156954709578 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: ACNotify - ACNotify.dll(文件不存在) O23 - NT 服务: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - NT 服务: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - NT 服务: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - NT 服务: Antiy Kernel Service - 安天实验室 - C:\Program Files\Antiy Labs\ASoft\AGBKrnl.exe O23 - NT 服务: AScheduleService - 安天实验室 - C:\Program Files\Antiy Labs\ASoft\AScheduleService.exe O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - NT 服务: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - NT 服务: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE(文件不存在) O23 - NT 服务: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - E:\storm\stormliv.exe O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - NT 服务: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe(文件不存在) O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - NT 服务: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- 文件结束 - 10366 字节