 鲜花( 1)  鸡蛋( 0)
|

楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1! @. r- i, C. @0 ^7 `9 `3 i
Scan saved at 16:55:24, on 2006-5-6
7 Y( G" z' V# O) DPlatform: Windows XP SP2 (WinNT 5.01.2600)6 S( Z* p7 B, M3 {4 h3 u2 P, E
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)1 W) L# c. x0 D( K+ L7 J
+ T# s ?, |1 x
Running processes:
+ M" {' r; B( h& {9 g& IC:\WINDOWS\System32\smss.exe
3 L+ b, t6 }8 s/ [C:\WINDOWS\system32\winlogon.exe
$ U% N# `+ I% w; g9 KC:\WINDOWS\system32\services.exe" S- k1 v2 d/ K* z4 Z) @" \) F
C:\WINDOWS\system32\lsass.exe
0 {. t) w% G( kC:\Program Files\Common Files\Virtual Token\vtserver.exe
9 {( L- i f6 L: L( E/ UC:\WINDOWS\system32\ibmpmsvc.exe$ t' Q+ J/ E" [
C:\WINDOWS\system32\svchost.exe
3 K4 L W- E+ T" F0 R6 y% r: FC:\WINDOWS\System32\svchost.exe
m5 u, }5 \4 G9 u" eC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
; ]; M% S0 O, \3 D* N$ _( KC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe( { q% U* X6 u, s8 _3 ?6 N
C:\WINDOWS\system32\spoolsv.exe8 I# i5 z1 { m- I7 w0 s: K4 Z
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
: h# P. A4 W$ ^8 @# @C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
* e1 r0 E4 r/ EC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
X3 l9 g: O5 gC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" D2 k$ i2 B: ]- T6 j
C:\Program Files\F-Secure\Common\FSMA32.EXE6 K( k# S! A2 q. r+ S- o; u1 ^
C:\Program Files\F-Secure\Common\FSMB32.EXE
$ h g1 Q) _) c% C1 cC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
$ \% M8 ~+ ]8 ^* e7 \6 KC:\Program Files\F-Secure\Anti-Virus\fssm32.exe
g2 K) C" j" z, x& wC:\WINDOWS\System32\QCONSVC.EXE
7 ]' R( x/ a9 P) ?" {' j( NC:\Program Files\F-Secure\Common\FCH32.EXE: B2 V2 ], V4 H
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
7 ^( X( K$ Q' w! Z' mC:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
! s W: H- [' ]! n. R! nC:\WINDOWS\System32\TPHDEXLG.EXE
# q/ N3 s" N' B/ YC:\Program Files\F-Secure\Common\FAMEH32.EXE& |! E& A" |) r" q
C:\WINDOWS\system32\TpKmpSVC.exe- U- W$ l; ]$ ~8 J1 H
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe6 ?2 I8 h5 C0 e+ d' _
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe4 s% Z5 K& o |
C:\Program Files\F-Secure\Common\FNRB32.EXE
0 K9 M4 H! W( t' GC:\Program Files\F-Secure\FWES\Program\fsdfwd.exe/ V* @0 {4 ^ `' A
C:\Program Files\F-Secure\Common\FIH32.EXE
( _; Z6 z8 t5 H& }% N iC:\Program Files\F-Secure\Anti-Virus\fsav32.exe0 _* J3 X1 D/ q& }0 r2 M' k A
C:\WINDOWS\Explorer.EXE
5 L: m5 N& \1 o, l8 P* pC:\Program Files\Synaptics\SynTP\SynTPLpr.exe. X* A1 L" p: S4 b; J, L- G( s3 }2 E
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
8 [, `$ A2 o5 h, ^) `# `1 QC:\WINDOWS\system32\hkcmd.exe
4 M% d5 F1 o$ y, qC:\WINDOWS\system32\TpShocks.exe
: K$ b3 D' W+ V* g+ B( j5 ~C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe) v2 R' V2 O5 V; W, }& l% W! I
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe% L' l% k' r' C9 \5 s
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
9 |, }- W$ v; |- bC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe$ h2 u& a1 |4 ]. O
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe* D. K. J7 \' C& M' s9 A: v& H
C:\WINDOWS\system32\dla\tfswctrl.exe: h5 p7 c: X1 \; f9 a* |# y- w+ f
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
3 I' O# O ~. C# iC:\IBMTOOLS\UTILS\ibmprc.exe% W' T3 N, l" ~( a4 U* Z
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE7 f9 z8 w( b. C: z$ X& c
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
. I6 _' V* W; D- t4 k! @C:\WINDOWS\System32\svchost.exe
& w- M( m1 t. w5 HC:\WINDOWS\system32\rundll32.exe
& V d, _' X uC:\Program Files\F-Secure\Common\FSM32.EXE
3 E4 C: A( V7 w1 D* I, X9 VC:\WINDOWS\system32\CTFMON.EXE
+ T: Z3 q- _1 v3 dC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe: E* I, T- U1 [
C:\Program Files\Digital Line Detect\DLG.exe6 K0 D- _! _* k5 c
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
3 ^! l0 t) F% b# t2 y2 wC:\Program Files\F-Secure\FSGUI\fsguidll.exe
3 C9 N( z6 t4 a$ V; J, DC:\Program Files\Messenger\msmsgs.exe. i. {. |/ X* E
C:\Program Files\Internet Explorer\iexplore.exe
1 `$ }3 U. M1 S( [; M; gC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe# n- H8 a) h# T( E% a+ n2 {
j f B: s$ a) _: v' eO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
/ }8 Z; E! N( A5 pO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
; k* h# e0 e f* g/ J0 u& fO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe( e j6 h; H, A5 R
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
$ W; Y6 x8 I: l+ ]0 G5 H/ t) |O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
9 V, G* ?& H& I; e7 _O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper% Y, J& l, x2 n: O$ J3 B
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
/ {9 w) E/ X9 t+ L }3 f3 wO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe4 Q2 r- W0 K6 Q7 T0 D5 J9 \
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
. W3 n1 ]% ` \: y$ n; D/ wO4 - HKLM\..\Run: [TP4EX] tp4ex.exe
7 d: A. g0 r& t! u8 k! |O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
# ?: r7 @+ ~& e1 `! [. `6 P( wO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
, q4 @! A. \+ x- Y6 L# ^7 NO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray7 k i0 p* Q( f' Q; l1 V" q
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r8 C0 [' N2 P2 H! d% ?% Y V
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
: Q0 s! P" w7 j! M8 iO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
- H: ^& Y* b ], \O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
; Y4 H+ P4 V0 O1 p1 AO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE/ A8 G d) w4 n% }3 _0 d, D8 ^
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
- W4 l3 b5 X9 G; fO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
9 O3 t! r, D5 E* T3 ~% C% AO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
0 \: b. m4 x2 ^6 x5 Z% AO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" W$ G" \( y' Y; I( ]4 T
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
: }8 {" c5 w3 y! GO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC& P; W+ I! K1 o [% y3 x
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
6 V8 a8 X+ O& K' A" S- vO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName1 }, w) Q$ @/ j ?1 E. N
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
: b; U2 b A: P( Y, IO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW- q' ]5 @) O" T$ d3 P- a2 @
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
; Z# [! I: m+ y8 i$ |& w" j& JO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
7 c, c5 r0 n+ aO4 - Global Startup: Digital Line Detect.lnk = ?# I3 {7 G# B H: _
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe- `% n1 h9 i, t& b
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
8 s1 d& Z, K0 R* dO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
" X# W/ ]0 M% f, r8 dO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll/ k$ q% K% ?% U' {0 A" M
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll$ R$ ^6 S5 {0 v- z1 ^- Q4 e
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll) J, P+ H3 V6 f+ P4 O* p3 R
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe/ E3 H* r9 r& J% K( B. @: C8 I3 a
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe' d5 q5 F' m, i, w8 w: @) W
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe2 C. \0 S8 x& Y! [4 C9 E: k
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
* c7 D7 V# {" \( j' S: MO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll) v- T ~$ l+ w8 z' I4 `
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll1 b7 W7 e0 A( a
O11 - Options group: [JAVA_IBM] Java (IBM)
- w k- ~9 z4 n1 x$ G9 Z% tO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
5 G( S" u3 ]3 ~$ F2 u! CO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
7 T( ?5 V* W. k2 XO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
! l6 Y! L: Z" b# ?+ M: q; DO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
" T- }! Q R) v/ o2 e0 bO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
! k' a( S$ z3 | ]; d* WO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
" L# D- H$ L2 U0 Z' mO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe+ h G/ e( |) o5 J
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE N$ K- D" i& V: ?
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe& q3 z2 a5 z3 ~' w% [1 t1 w2 K& P. Q
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
- _7 \5 _4 Q2 U, @: nO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
1 q D# C' N3 o# G, w6 E1 pO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe; ~" i8 m& W5 H5 E
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
$ s4 y- Z5 w7 E' b6 WO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe0 d; k% O( I- A Q
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
( Y' _% d* p6 d# ZO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
* p9 ]* w4 N. S* n! yO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe2 V; ? g! B! Z! r. ^
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe* M( \5 o( s( g% p/ y$ f- @2 W: x
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
. n( S0 w& k' wO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE. O E- I3 G1 V0 k: A" C, r
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe3 K0 _) E# D5 t$ L' e
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|