 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1( p! p- E% O3 H" I& l9 v
Scan saved at 16:55:24, on 2006-5-6
4 I, F9 `( N7 w# n, l5 UPlatform: Windows XP SP2 (WinNT 5.01.2600)& K8 q* t' J2 J$ C+ M- b
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)4 B$ m9 j( ~0 o) g
) q! `9 [, A+ N# a6 @1 T( c
Running processes:
7 t0 ]% D1 q! z' m3 qC:\WINDOWS\System32\smss.exe
1 }# O9 W3 l$ Y; BC:\WINDOWS\system32\winlogon.exe
8 _/ R* r4 l( z gC:\WINDOWS\system32\services.exe
6 X( ] q& \7 O& d* TC:\WINDOWS\system32\lsass.exe
" l F% |) P- v. tC:\Program Files\Common Files\Virtual Token\vtserver.exe
. X3 X5 J6 F2 f+ ^' p8 |. ^* xC:\WINDOWS\system32\ibmpmsvc.exe
+ p7 m3 q/ a) ?' X& ~C:\WINDOWS\system32\svchost.exe$ y, @9 E) B( I' w9 ?) P5 l
C:\WINDOWS\System32\svchost.exe; D' f' E. ^, W! C+ a
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe! H. E2 ?8 ]0 b. D$ f2 y' e
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe2 N; j) U0 G! _: Z
C:\WINDOWS\system32\spoolsv.exe' Y" W& I0 `" ?' `# F
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE+ M) \) y( i: Y1 L7 ~. d
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
* x& x" c* b( G8 S" e2 D9 u! XC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
2 M/ K; |$ ]( h8 v/ ZC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
3 ?: z' k9 ~" q7 p& a LC:\Program Files\F-Secure\Common\FSMA32.EXE* G8 @( A$ g J8 ^! T
C:\Program Files\F-Secure\Common\FSMB32.EXE5 v$ ]" s! O j" W
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe) e/ H2 Y, a6 o; }- j
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
9 @! D* ?6 I; M) T- i* h q5 aC:\WINDOWS\System32\QCONSVC.EXE$ i. D6 i% B4 R; q, T* G- h
C:\Program Files\F-Secure\Common\FCH32.EXE
6 S# q) \9 X4 V2 \. c$ B5 kC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe* I' B# Z! R# M5 B
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
3 E- ^2 f. J8 b- h8 MC:\WINDOWS\System32\TPHDEXLG.EXE; V7 {7 Y3 r) _- o# q
C:\Program Files\F-Secure\Common\FAMEH32.EXE
) f z% B: B' r& v U! _C:\WINDOWS\system32\TpKmpSVC.exe
$ [% ?6 O7 ]( B, O- ~( P ]. aC:\Program Files\F-Secure\Anti-Virus\fsqh.exe- z* y# P) C p3 Z$ B; X7 f) \
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe! d5 ?5 Q2 R2 N- t& f
C:\Program Files\F-Secure\Common\FNRB32.EXE) e" n. f$ ~5 l. I: M$ ^. z
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe; |6 k* G# v6 _' y! H! b
C:\Program Files\F-Secure\Common\FIH32.EXE
7 M1 l* \+ F xC:\Program Files\F-Secure\Anti-Virus\fsav32.exe3 C: ]5 c/ r) v% G$ s
C:\WINDOWS\Explorer.EXE
) W* r4 ~1 A" k" m5 pC:\Program Files\Synaptics\SynTP\SynTPLpr.exe
% M0 T+ \" m# \( j, z0 h& |0 oC:\Program Files\Synaptics\SynTP\SynTPEnh.exe1 `# d* l5 N: ~
C:\WINDOWS\system32\hkcmd.exe
2 b9 \+ J% X: V( u, P7 DC:\WINDOWS\system32\TpShocks.exe
/ A8 A, [" K' k9 ~0 F2 P# U6 SC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
+ ?6 V. i: I( L8 W4 Q9 n" W7 bC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
# M$ J/ P, g/ Y9 eC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
2 q4 N( h8 Q7 CC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe B x/ _2 ?+ ^# [/ E. Y
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
t9 u) O. P3 } ~- LC:\WINDOWS\system32\dla\tfswctrl.exe* a) D$ Y7 ~! i1 E0 ]7 E
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
+ Q0 t) F4 ~! D- d0 wC:\IBMTOOLS\UTILS\ibmprc.exe
: C" {% P3 J9 H. X( H# D" VC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
1 s8 F1 F# t+ ~! JC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
8 t) m. T9 F, K4 {C:\WINDOWS\System32\svchost.exe4 ?5 G! O; j& M% ]
C:\WINDOWS\system32\rundll32.exe
* ]" m0 V8 v& t( l vC:\Program Files\F-Secure\Common\FSM32.EXE
, q# e" T2 x5 O% n/ xC:\WINDOWS\system32\CTFMON.EXE
S8 j8 \% e6 H6 z# D( \1 N8 v& @C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe8 `" n! p7 ] ^; [0 Z
C:\Program Files\Digital Line Detect\DLG.exe
; t: X5 U T! J7 c4 F4 i, rC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe9 E: h1 W- V% j0 w- `
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
$ `7 y4 q) Y2 F% Y: {0 Z# EC:\Program Files\Messenger\msmsgs.exe
& W& H F6 _. w! f1 K9 |C:\Program Files\Internet Explorer\iexplore.exe
# D2 }8 O4 P. JC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe3 t% |! M# ]6 P* U( K3 o
9 g/ l2 U( x1 \+ h% z' |; TO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll0 B: _9 N! \/ g8 W
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe5 Y) N3 k, a6 [* `; E9 Y
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
) r P6 o; L% Z- C' OO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
1 b6 Z. ?9 r0 j- i7 z) M3 ZO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
2 j& y1 ~6 [) h8 d9 L1 \O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper e- e. r7 ]7 W) d0 _
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe' V) \! E* R5 M) [
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
# _3 }( e- G7 x5 X1 T$ CO4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup) @4 D& [( q4 ] o9 g3 e
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
9 O) I% A% U7 V) vO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
1 ^) [! @9 }0 PO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe. a9 |4 b2 Y, t% O3 [
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
) X) f3 O! R' m4 `3 Y" MO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r+ q/ X. t1 e8 N& Y2 T8 R5 d9 G
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe$ Y# y# s5 Z# a( j* r) N7 ^
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
& T2 M' \" Z: KO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
; C' Q; M5 x6 ?! SO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
; u5 |6 H S8 x# l" ^# _O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE; S, E( E& K9 z. [
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
- L* a: A! X: f. P" R) KO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog$ K: d9 R t3 q" O0 t
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32* _0 k6 `% W9 Y) m
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE& @) J$ G2 X4 }+ U/ j
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC# ~$ q: n Y D4 x% ~6 W- o& f
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC5 s$ w. ^; \ e$ P' I
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
- f% ^# D+ h7 n7 v: EO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
" w w& [* N& a A7 nO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
% G% ^- w1 \2 [: \, v$ gO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
: `! l: f& K& @ j9 Q; H" u3 Q7 ^O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
3 q! |, l2 d8 I, E2 f0 b% YO4 - Global Startup: Digital Line Detect.lnk = ?% A$ x" Y2 L4 L" O% S
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
: [$ x# E5 `+ R! `- p' MO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm5 P9 D. e0 q& F; @; A2 I3 u
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
5 R; R4 A2 q8 ~3 c& X/ c) p! VO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
1 Z. i! K& I& m( P& dO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll# Q: t6 ]( }) O* P1 o
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
$ S# Q4 _ I2 {% SO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe) d) s6 w; y% B7 @ M1 b- d( _$ W
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe) L) O7 t8 B+ _, V0 z4 U" t2 A
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe8 w( B6 Y- D8 d( h
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll* x7 z' m j2 g# c& L0 ~
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
) |) p2 }) r* F5 i3 fO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
3 _9 q# N7 {3 mO11 - Options group: [JAVA_IBM] Java (IBM)
' M1 C; W# ^6 TO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
6 L. h5 K0 P% H# n0 u# U, pO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll) V8 ?% x& [; b7 t* u1 ~
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
" l6 N/ w- {' Q/ Q5 Z6 E2 UO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll, p1 M D4 z; j7 M6 T/ T
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
: S. i$ {5 v; P1 h# `' y# hO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe; d* O. f0 ^% V8 H, Z4 \4 Y! E
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
% T. a/ {& O1 l* W3 w& ~6 ]4 { W, r& CO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE& h" w# A$ n4 e2 b+ z
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe: a2 m! b- f. Z% J! D _
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe- _* Y) D* S% B; Q# [; l
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE3 B! w$ M+ N: S% T ~" h6 I3 ?
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
b1 p+ q' T# s7 U5 G4 B8 O ^6 SO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe1 J" o( ]& P- ]4 w1 ?: e
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe0 ?2 W) C$ W+ w$ {% |' ]! N; a- X% T
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)0 o1 ^- h7 s3 F: d# k; ]- E+ g
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
. j: q: H O* Q% C# X) L- dO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe+ ^8 [- r6 a2 F* O& T+ O4 g& Z
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
' r- K. T5 Z( \& m% P+ @O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe- c' l% Z7 ?: b$ h+ N( e# e
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE7 D. s3 _+ O4 @7 T) }3 j
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
$ E+ L) b9 Y$ W& H& x, PO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
