![](source/plugin/floweregg/images/flower.gif) 鲜花( 1) ![](source/plugin/floweregg/images/egg.gif) 鸡蛋( 0)
|
![](static/image/common/ico_lz.png)
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1, J0 h# s! \% f% ^; N" u
Scan saved at 16:55:24, on 2006-5-6
: o) G* a% Z) n- z5 iPlatform: Windows XP SP2 (WinNT 5.01.2600)
$ ?" Z4 F5 E% A: i* r$ A+ DMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)0 V b4 n- |* }' p1 n- g! v9 J. b/ s
" ?8 K+ L3 Y+ X' K! ]7 MRunning processes: \( I( p' [4 _: n8 q3 s
C:\WINDOWS\System32\smss.exe
% n: H# ^2 Z4 fC:\WINDOWS\system32\winlogon.exe
$ q l$ ]9 ]: P/ j* GC:\WINDOWS\system32\services.exe
D* T8 ] @2 I1 n3 G/ o; UC:\WINDOWS\system32\lsass.exe
8 V+ u9 V9 g) i: NC:\Program Files\Common Files\Virtual Token\vtserver.exe! t5 b0 M% X& @8 d. n. }
C:\WINDOWS\system32\ibmpmsvc.exe
/ S" U& {0 g/ H+ n: z% l; kC:\WINDOWS\system32\svchost.exe
9 P1 ~+ J q8 BC:\WINDOWS\System32\svchost.exe L& q8 n# A% _% R2 T7 ]; J
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
& c3 H& `; B( E) X! pC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
9 d$ s" U- U4 b* cC:\WINDOWS\system32\spoolsv.exe
, H- F& ]. ~. S" U$ c* B8 c) qC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
9 k$ V1 u: L' l, Z7 t0 m. lC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe* T! g2 U9 n% m7 U% Y
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
2 {/ T9 S. i# L) I( SC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
! _! n$ s K' D6 e0 {/ Y, lC:\Program Files\F-Secure\Common\FSMA32.EXE
6 J" F, j/ }" ?$ DC:\Program Files\F-Secure\Common\FSMB32.EXE$ s, a1 Z2 Y- L: L
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
/ U. d, r& x9 NC:\Program Files\F-Secure\Anti-Virus\fssm32.exe, X" d h4 U% _6 L% t# T
C:\WINDOWS\System32\QCONSVC.EXE3 }9 k: e: g: P, ~ t6 {
C:\Program Files\F-Secure\Common\FCH32.EXE
' e, O* |- V6 Z9 fC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
9 G3 n1 ~& k5 M: M! U) HC:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
' R9 v, `; ^ k& KC:\WINDOWS\System32\TPHDEXLG.EXE
# R6 k0 u, e: j- V( \ iC:\Program Files\F-Secure\Common\FAMEH32.EXE
( Q) B& P9 j, FC:\WINDOWS\system32\TpKmpSVC.exe
- b( ~* }% Q7 \! W- G: y$ Y, ?C:\Program Files\F-Secure\Anti-Virus\fsqh.exe+ ?' A+ Y7 ~6 R
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe9 a; Y4 {+ l, X* Z% e! F+ }
C:\Program Files\F-Secure\Common\FNRB32.EXE6 M7 X4 v/ P: V- c" h C
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe' I9 m. }" b/ _' j3 _: p6 z* p
C:\Program Files\F-Secure\Common\FIH32.EXE
( D/ \% Z% J* \; f5 Q0 P" R8 jC:\Program Files\F-Secure\Anti-Virus\fsav32.exe
4 W# }- u3 z! N0 S6 W; mC:\WINDOWS\Explorer.EXE D Y$ R# @+ b& r4 m
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe9 ? b/ b7 s" C5 l
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe7 ~0 n H9 P! t; l" Z
C:\WINDOWS\system32\hkcmd.exe
! i# r" M5 C# V, x7 CC:\WINDOWS\system32\TpShocks.exe4 `0 c( `% `: A) R1 u; u/ N
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
7 s% o9 @& N( q1 {6 i1 DC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
0 X+ {' Z+ R3 SC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe6 n B2 }1 Q3 f/ w
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe7 R4 A- u2 x9 U9 ^) _' r
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
4 J7 Q n+ ?- J, h/ fC:\WINDOWS\system32\dla\tfswctrl.exe
( }. s% h" t2 i- [! a- JC:\Program Files\IBM\Messages By IBM\ibmmessages.exe
+ Q6 M$ d' F; M- n" D& U, ~5 DC:\IBMTOOLS\UTILS\ibmprc.exe
3 W4 q3 a% y2 I$ lC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE0 [2 F* g% D' M: [! B; m+ O- @
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
7 q' X5 b, Q5 j' x5 O! b1 V6 bC:\WINDOWS\System32\svchost.exe2 u$ U0 U5 F8 r1 \
C:\WINDOWS\system32\rundll32.exe# d' |& |; [. m0 H
C:\Program Files\F-Secure\Common\FSM32.EXE8 ?- Y9 b% q+ {$ o
C:\WINDOWS\system32\CTFMON.EXE
( R+ n* E, `' B9 L5 GC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe# N- f9 S" i3 k- B/ u. H
C:\Program Files\Digital Line Detect\DLG.exe
1 V. ^0 B) [, r" G/ PC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
$ a+ R7 u, I! A& LC:\Program Files\F-Secure\FSGUI\fsguidll.exe1 H5 v* W1 M/ k) B8 x- w8 P+ ` X
C:\Program Files\Messenger\msmsgs.exe
' \4 Z3 n% ]0 w# iC:\Program Files\Internet Explorer\iexplore.exe$ U# M; `3 n$ P+ ]' \
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe3 V* O+ Q, |+ i' J: b2 ~
6 K7 L1 P0 ?: L
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
$ l$ j8 X$ m! W5 L y, l0 t0 ^! CO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe( i$ L& S3 E( u O) V# N: K" R( F' \
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
6 ^8 p/ d! \9 S& Z* l) nO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
- P& R, O, |" {. I9 {) k/ v4 OO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe Q: c' B" |' y: s* F
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper2 m# g9 A" ^2 A6 e- O6 {
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe7 {3 ?: y9 Y0 x
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe+ ^; s" E# J% E" e
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
! P, c* @! O, o* k+ m5 J5 BO4 - HKLM\..\Run: [TP4EX] tp4ex.exe. p" h0 O4 v8 R
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe) l8 I D3 [8 _2 W) ]% |- y! p
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
! v0 I. G3 X' p* a( qO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray: M5 N( M f, N1 w1 U+ n
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r) [1 _- s0 `# Y' ?$ W* t2 T
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
; X* ?; \$ F& |2 r9 [O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe( u+ S- g. k9 Y4 K
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
' j( \7 I$ v$ q- R0 R. FO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
$ Q/ [: O+ c9 s5 }' J/ YO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
6 U7 v* v# n1 C# YO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor0 S# M: Z8 U- U+ x4 ^ D; f' o
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog( i- k$ A3 s1 x" u8 t
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
; B( s- @9 r k) ~2 v' V1 Q% f ]O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
! H/ t) r/ v! \! UO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC* t6 K& _0 g5 d3 m( b
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC1 P/ J2 l+ |' q0 }4 J4 ?, O* [
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
: `8 M& k1 W- C% P6 E/ mO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
1 c# A& P$ Z' f; L- y2 _O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW# c! K4 o! J* \1 y1 a/ l5 h" u! ?
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe; ?& U2 j9 c+ y$ `! G
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
R& c( F" `7 }( NO4 - Global Startup: Digital Line Detect.lnk = ?7 p5 P$ z4 j! T: E' w5 d
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
1 n- i% o: N5 E3 `8 a }/ l2 z RO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm% a7 G' S- Z: V/ E5 h7 Z: c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll4 x% S5 j& K. D N0 C
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll3 c" f# C) K( Q8 Q
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
8 J2 q1 I+ t5 Q1 I5 ]O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
" f! ]% @2 \! S3 Z$ H& gO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe1 r, F& B1 l- G9 x7 [0 r, c
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
8 \/ E" ]8 E. _" F6 j- y( t0 tO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
& x9 g2 g" b4 z- l: A6 ^3 _O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll9 P$ L7 n7 Q6 D: z2 V2 O2 `7 f
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
, t5 }, w+ a% ?; B: FO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
! l7 s$ D% g5 f. Z8 W* cO11 - Options group: [JAVA_IBM] Java (IBM)* n7 r1 n2 p; c. J5 V% N* ]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll- H- h: L) |' u1 l
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
7 l$ i7 {" n p# z7 t. uO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
% D. {: W0 H: B" x; jO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll9 [7 l1 \3 n1 s
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
; S+ g6 r q% D5 ~* S) ]O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1 D' e1 z* R* J: M' e. sO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
% ?1 z$ g. ~8 v: ?O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE& ]+ p k# E- `% ?6 s# S) i4 U S, R# e
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
2 E8 ^6 L% _! _( b1 e4 S$ zO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
~$ Y; S8 j& A+ K% _9 w1 c. l" QO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE0 ~& b9 [/ q" J& l" _0 |+ I+ O
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
1 F6 b% `7 f0 YO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
; o" Q8 f! f" h$ V' Q, C4 p, W: ZO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
1 A) a6 G: X; j/ z) U7 wO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
; G# a4 E9 P; ^# yO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
8 s( E' z) P2 \/ F- b1 G. IO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe% A. D, O& f) k
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe6 d3 N# @/ W o; b+ m
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
+ \7 Q6 j% m% Z0 uO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE8 ?4 R" e ^) o- _- Z0 J
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
$ m$ S/ P t1 n3 LO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|