 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
6 E% p6 t/ W( fScan saved at 16:55:24, on 2006-5-6" q1 D; K+ |( b/ R) _
Platform: Windows XP SP2 (WinNT 5.01.2600)
. `8 A+ M: v' @8 U$ @: LMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
5 H; \7 ]: j# I
7 o5 Q2 v! R! z: x1 \Running processes:$ l( h! Z. s& E( X, c' _" R& h. `
C:\WINDOWS\System32\smss.exe+ c5 Q! y$ Y/ V! c* M
C:\WINDOWS\system32\winlogon.exe
; S K% p1 J' |. `% ~) E% H& p/ ~C:\WINDOWS\system32\services.exe
, u8 C0 S Y( z4 ^6 r! w2 B% mC:\WINDOWS\system32\lsass.exe/ @; x3 G" A4 v8 ?5 l
C:\Program Files\Common Files\Virtual Token\vtserver.exe. J+ u6 g: [( e: p! b
C:\WINDOWS\system32\ibmpmsvc.exe
6 J8 N/ Z, a; G1 `7 j- z2 ^$ VC:\WINDOWS\system32\svchost.exe9 I# L7 W% o* _1 k! p# h
C:\WINDOWS\System32\svchost.exe! z3 c# O8 W' T7 q3 E- B! N& x* u
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe9 l9 s ~* b1 L9 F, f2 b& d/ ~0 ]4 o
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe# ~# |" U& g* X1 C) N/ p
C:\WINDOWS\system32\spoolsv.exe
8 b8 j: a) O1 j. h% r6 LC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
- W$ ?+ c2 W. b5 {C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe! X9 X4 U8 d# l6 d2 A& X/ I& v
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe8 ]% m% _9 ?, w. ^( ~8 S+ _
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
: T) O2 |# {2 e5 w& lC:\Program Files\F-Secure\Common\FSMA32.EXE
, l8 K# L# ?5 b" _C:\Program Files\F-Secure\Common\FSMB32.EXE) |6 k! E5 s j0 j6 v
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe" t. X0 C/ H6 C
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe2 q. l; H$ d, T S0 Z
C:\WINDOWS\System32\QCONSVC.EXE
# u# c, D0 l f. N- ^/ d7 rC:\Program Files\F-Secure\Common\FCH32.EXE
" r1 f) D. {) @' [ N! s" PC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe! w/ w% t6 a2 B/ S H
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
% Z" ]3 i H/ Z( M9 ]C:\WINDOWS\System32\TPHDEXLG.EXE, Q7 v, `9 A% z: Q
C:\Program Files\F-Secure\Common\FAMEH32.EXE
8 J" f2 s |4 V" `. m! V& Q- N& CC:\WINDOWS\system32\TpKmpSVC.exe
6 J5 B, E' `- u5 {C:\Program Files\F-Secure\Anti-Virus\fsqh.exe3 S& E' M, _8 f6 ~- N% Z
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
* x4 R1 Z7 r& ?9 OC:\Program Files\F-Secure\Common\FNRB32.EXE9 p' _* }2 a9 H d' u1 z v
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe% f- E, g5 d( l$ H% ]
C:\Program Files\F-Secure\Common\FIH32.EXE
# b% @, D& J' `C:\Program Files\F-Secure\Anti-Virus\fsav32.exe+ e) D. K D( V* f' {: d
C:\WINDOWS\Explorer.EXE1 \: ?9 d1 z2 t; C5 Y5 a1 N
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe# ^6 W3 ]! S3 J2 b( c4 d
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
, ]8 \1 L* l! I& K6 tC:\WINDOWS\system32\hkcmd.exe; X3 B! ]3 E f; x* w! d6 `8 p
C:\WINDOWS\system32\TpShocks.exe
& W+ |2 F1 M! O5 |+ N1 E2 V# iC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe0 B# r7 g( i7 p0 d4 [: [
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
6 ?5 G2 c9 ~, M! i7 R: ?2 j0 LC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
' ~7 C/ Z3 `* x4 Z% w& F7 b! fC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
4 Q8 w. b2 F# x' `2 r% B, h* RC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
2 D+ i: h/ z% c) c. n' O6 SC:\WINDOWS\system32\dla\tfswctrl.exe7 W( q- `. m; \) ?2 y" [) U
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
" k9 ?2 b+ m+ O$ `C:\IBMTOOLS\UTILS\ibmprc.exe9 {% {! a1 C; p2 j% n; r
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
2 w& I6 ~7 C, n( M" MC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
1 Z/ V! K) L+ {( TC:\WINDOWS\System32\svchost.exe
1 D) n9 J9 g# y* Q- LC:\WINDOWS\system32\rundll32.exe
- j" G3 w+ v- h; L, s( W; uC:\Program Files\F-Secure\Common\FSM32.EXE
* }" E% d! [3 fC:\WINDOWS\system32\CTFMON.EXE9 t, K8 p' z$ n$ l' Q
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe9 i7 ^2 ?/ f4 R8 a
C:\Program Files\Digital Line Detect\DLG.exe6 H. D b/ @9 g/ A7 k
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe1 o! V: J* u: c
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
7 B& T) D5 `3 ^" _* S' |, vC:\Program Files\Messenger\msmsgs.exe
|9 k6 Q5 o, k; ^0 Z6 P0 H: k' `C:\Program Files\Internet Explorer\iexplore.exe
( z; g4 ?7 E$ {* }1 Y. LC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe6 f3 S& i& ?' j" p% d9 U
/ p1 E0 }# @1 q- j
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll8 v' @! |8 q8 y( t/ T6 l
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
- G0 G% X7 z4 e- o0 ?" S, j" L9 iO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe( v# t1 _# Z; `7 R
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
1 W% {4 [# C/ F; q& K. UO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
( k {$ t+ Y: r: oO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper. R' B% \+ [: e6 i+ o6 h$ I! X
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
0 {1 c" x$ U0 c1 `+ ZO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
, l+ M0 H& D2 ~! S i7 jO4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
- z1 n* E3 W' j$ uO4 - HKLM\..\Run: [TP4EX] tp4ex.exe, Y% `) G3 Z; ?! W( ^' a
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
$ t6 ]) {: H+ T* Y& r! ~! v: v, K( wO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
* l% R, [1 M: o: g: ]$ aO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
5 H; ^# J8 z. T1 D3 ?O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
* O1 j X2 M, f8 nO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe7 _, o5 t1 T: e3 a+ u' w* j
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe8 p# p- r$ I" ]1 W/ y2 K
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe) @3 q0 O3 L9 b" V
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
% S9 d$ B) S9 SO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
9 g4 i; {" h1 b5 l( QO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
$ J, N! y+ B2 w* |& i/ eO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog; ]1 K% I8 @" W& ^ \
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 ]7 `; l; j9 y/ n+ n0 [; y- O, d
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE) A' x$ \' F& g4 ?2 A
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
7 z1 W0 U1 h* l* R* GO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
1 X3 ]' H1 y8 D# A" f+ l( qO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
+ S( b7 L, g3 [9 C, K) K. MO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
$ s: b* ~" V0 u1 @) zO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW, r/ T4 C% O; o
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
# u+ M" B0 x9 i. cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
x/ z3 F9 g" f9 S6 zO4 - Global Startup: Digital Line Detect.lnk = ?7 B9 _, F# ] l& ]* p4 l
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
% f& T+ J" a$ _& d" A$ ]" zO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
* s3 l5 N" t8 G# d/ ]- H# A% }& XO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
3 Q& G3 d% T$ ^7 W" o0 [9 AO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll) P1 K1 c1 }$ H! p
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll4 a, ^& y! b$ u6 }; P, R
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
0 z7 z# N8 [' e& _4 qO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
* b8 Q# ?7 s: m0 v( G; TO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe2 N$ T% e/ L# l% @2 ]3 j, R Z
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* i7 f2 @0 o! T$ AO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll+ R# f# _# _* q
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
k9 K* v4 U% X' j' A kO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll; F f" ]# a4 s/ w+ O& c
O11 - Options group: [JAVA_IBM] Java (IBM)- V7 g. ^! M9 v
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll' h: U6 ?+ R* u9 a" ^; z8 P% z! o8 x
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll, _% _9 p% |' D9 p' c
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
4 e1 t$ I8 v/ E. QO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll% {5 V$ x6 z! i8 y8 F
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
- a; Q! |, S4 U$ l; VO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
) U$ s2 R. F+ m( u' P% M; SO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
D! z0 j) _8 P+ T. BO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE/ I8 ]; Q4 b- {# ^8 ^8 n
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe+ m8 Y4 k+ J7 B( ?- W
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe) i! A( w6 x# o" L* F6 ]$ w$ H
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
% T! a. w7 F8 v b6 P5 [$ zO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe2 y. {/ J/ L* ^7 L$ J
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe q% h/ x9 s5 t1 r2 L
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe4 x( G5 H% o6 j) Q
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing). T9 v; p$ c: U3 ^
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
3 m4 f0 G( L) p/ Y. X# Y/ xO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
. B# v0 c% z* i4 M0 {' ~6 D5 AO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1 P/ g2 A5 K8 m; A& _+ j! r( S/ V9 |6 qO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe6 L6 f3 F3 K* E+ u5 k! x+ U5 H
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
" @: P3 Z2 ?) L9 Y4 U- i$ W7 {- {/ EO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
; z; p/ l, V! c dO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
