 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
1 @& J. K F$ P& b+ \2 DScan saved at 16:55:24, on 2006-5-6
, D, B c1 @' A" j4 gPlatform: Windows XP SP2 (WinNT 5.01.2600)
0 I3 }) Q6 H* d# e+ r/ Y; jMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
5 X( f' L2 u; t |. C2 t9 Y2 Q
( i9 n! D9 h9 mRunning processes:. q& g2 l) U' l' a o' E
C:\WINDOWS\System32\smss.exe
1 |8 N ~4 [4 g w, r6 t3 }1 J% uC:\WINDOWS\system32\winlogon.exe" e1 l2 p2 q* H
C:\WINDOWS\system32\services.exe! N' ]2 Q/ X9 J) h; s
C:\WINDOWS\system32\lsass.exe
' G/ B( _- ^! [5 dC:\Program Files\Common Files\Virtual Token\vtserver.exe$ T5 j3 G/ a7 i
C:\WINDOWS\system32\ibmpmsvc.exe: ~* d4 u6 X1 d
C:\WINDOWS\system32\svchost.exe
" n$ S! ~) D' C# c0 s9 } NC:\WINDOWS\System32\svchost.exe
9 W: V: P: g! s. m! s; n9 B5 o$ bC:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ?: G" t6 M# k1 ^/ j
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe% y% }5 N8 `. R4 \% i
C:\WINDOWS\system32\spoolsv.exe
u. d- c0 L6 `. C# h$ A9 D' K$ tC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
# j1 s0 Q# Y9 X/ n5 d* i* LC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe1 C, V) |1 m- Z( y% A1 u1 F% w. ^
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe% D, Q$ s, A3 F. s5 \8 p
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
# E7 Y& ?8 _8 |C:\Program Files\F-Secure\Common\FSMA32.EXE
+ ^$ a, Q* ~( e5 ?$ ]C:\Program Files\F-Secure\Common\FSMB32.EXE# X: O. v* z# b8 ~: e v& Y" U
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
' X; o1 ^$ v- ~0 {3 A, mC:\Program Files\F-Secure\Anti-Virus\fssm32.exe
, [% g8 b0 H" M+ [C:\WINDOWS\System32\QCONSVC.EXE
6 I/ n+ f0 U$ i: d, t5 hC:\Program Files\F-Secure\Common\FCH32.EXE
+ y0 l) Q( v* {" iC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe4 }. j/ p7 o. P* V4 {* ^
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe& o3 C( s6 A7 ^) c0 d4 I
C:\WINDOWS\System32\TPHDEXLG.EXE
8 \5 G$ M2 J h9 UC:\Program Files\F-Secure\Common\FAMEH32.EXE+ w3 y7 @ o$ g/ Q w: _" Z# b
C:\WINDOWS\system32\TpKmpSVC.exe
8 e' o5 h+ f/ S% C, I7 iC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
9 b7 m( l1 V7 mC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
9 k1 b0 T" Q# u, x- fC:\Program Files\F-Secure\Common\FNRB32.EXE0 o9 c8 {; ^) m
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe% |; N& f, L+ ?4 i6 G1 F
C:\Program Files\F-Secure\Common\FIH32.EXE/ Q* }9 k# O# l0 O4 G5 h
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
2 Z+ Q! [' ]3 g$ Y r0 _% ^$ sC:\WINDOWS\Explorer.EXE
5 D. l3 @1 s5 j. T5 }C:\Program Files\Synaptics\SynTP\SynTPLpr.exe. r8 x, u! u& x9 b$ C
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( I3 ^7 m' Q7 B5 R& I" }7 |9 C0 k/ |C:\WINDOWS\system32\hkcmd.exe
% P# g7 |# Q" @ j7 d* r1 w6 GC:\WINDOWS\system32\TpShocks.exe7 {6 t# T/ a* J' Y: c' _
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe% v4 t2 w" j* a8 `4 l: @
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe; V+ d. m, ?- v" c
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe) x4 D* H" @' W. T5 ?
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe8 Q4 S9 X, W% i; j0 L- [
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
" e( M( U5 S' Y1 M, k* pC:\WINDOWS\system32\dla\tfswctrl.exe
( M$ R6 b; R& S# X1 nC:\Program Files\IBM\Messages By IBM\ibmmessages.exe9 K& w' C$ i' M$ {5 R
C:\IBMTOOLS\UTILS\ibmprc.exe
- O. B$ ~- U( @! O9 uC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" a2 O0 `" H9 I: ]7 w4 `2 o4 e
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE6 j1 f7 @: o( J& \ m- s! J6 X0 h6 O+ g
C:\WINDOWS\System32\svchost.exe6 ?+ V/ }4 y0 I z. c' O
C:\WINDOWS\system32\rundll32.exe
9 A9 Z }# B2 ~0 _6 Y b" `C:\Program Files\F-Secure\Common\FSM32.EXE
$ ]0 g3 n$ J4 n( ^0 c' _C:\WINDOWS\system32\CTFMON.EXE
. `1 T( O/ B" [ j7 W6 H, u0 aC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe$ [6 k6 G1 g/ S+ r7 J6 \" u, \
C:\Program Files\Digital Line Detect\DLG.exe2 v6 G `& w; ]6 ]2 w4 b
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe( o2 R0 s# ]$ r$ y
C:\Program Files\F-Secure\FSGUI\fsguidll.exe- P |1 _$ M0 ]3 r
C:\Program Files\Messenger\msmsgs.exe
# r+ O5 o. W3 |4 G! _C:\Program Files\Internet Explorer\iexplore.exe/ X. ~2 R" G S) B
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
! X9 X0 T/ K/ Q: ~( _2 Z/ I# p: |" E
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
/ [: b# t' K" w- v! _( mO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe, e+ \" x0 X8 Y
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
) E0 j* d. p3 ?/ S/ HO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe7 a2 h0 z9 Q) v- T- w
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
# M2 R9 v8 [8 B: N- [. CO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
7 g0 w! _5 I2 U, i0 A6 iO4 - HKLM\..\Run: [TpShocks] TpShocks.exe' D' |5 V) u& I. h
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe& d# o X. x6 a2 m# |7 \) z( u
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup2 w" z9 |% m! E% Q
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe4 O6 o6 d3 I* D3 y# a' N
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe6 R: ^7 ?" x$ T: X+ H
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3 i. j' _* u( T9 z' XO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
8 f( Z# k" S* L+ ?3 I5 Q. d# J& [O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r* }' [" `: w: w& G
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
) A! N5 q+ u+ AO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
- A8 G$ Q* q2 rO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe5 n9 Q. E' v/ y5 d
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
6 N0 E$ C: T- C) _O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE% w1 I1 G' H5 O* v) }* N+ e
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
9 ~& i [# T/ w5 G7 UO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog* u4 g3 g8 F; y( o4 Q! d9 T
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration320 g3 O% v5 {: I0 F5 l& I- B
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
- j, t) T0 F. b, m( I0 OO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
0 X2 R! j" A* f$ k0 v3 wO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
T0 w; H2 \; b8 ?! d# qO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" C) P* U( L7 D4 J- C2 r
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
. h3 y* I; t5 g3 d7 W( Z' o3 ]O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
9 D) _* u$ n* E, \7 W) t+ y* X$ G# ^O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
# j2 t/ e( g( k4 L( w& }O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe( X4 H0 w! \% _$ t+ D
O4 - Global Startup: Digital Line Detect.lnk = ?9 m5 K1 ?8 Z7 Z- g
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe3 D) P* [) O. S. @* ?2 l
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm# a4 W) O4 q" O2 J8 y; h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
% X6 b, P y! ~: sO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
- H3 g. E# B( }( x7 ^O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll8 q' ^* d% l: V' w' H
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
+ X( C( D" U, u; H( F/ }O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
& a1 e/ X( Q. }5 d; {* XO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe7 F$ q5 p& }1 S! _! H- ^0 S
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe2 b% G0 D: Y, c" r- q) ^* f7 i" m
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
' E6 I, x, ^6 @3 \" f& [( fO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll Q+ l$ l O! O: n" g: S( n; b2 s" H
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll% I# l# n& I3 {+ H/ i5 e
O11 - Options group: [JAVA_IBM] Java (IBM)- j1 E4 x: {5 H5 P
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
) P# j0 h% F+ b+ Y& FO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll* U, H$ ]) l+ h' t$ _. g8 K
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll" F; t+ J+ e/ G4 k7 F: P
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll- n: E1 C( B$ \1 r: _8 I( P
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
! g7 D3 A; s0 Y: s1 S* C N3 HO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe0 {. ]: M9 i- N; G
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe/ z4 O" d) G- A' m3 q
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
3 H' N% S, e* I4 |- r+ P1 a4 r# TO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe- |8 t) h0 G% G# b; q& g- ?' E
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
5 W6 C( M8 N3 }2 \' gO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE2 V |% ^- h8 C Z5 q7 W6 o
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe \* P' \( h, U9 v
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe! l6 ]: f0 g1 ?- j* x( K* E
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe5 L; v, H1 M7 h& k6 N1 X
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)2 _, r$ V" {: Z; F' K1 u* Z9 @' q
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
# t& c, x, Q( ~1 _$ A7 ~# c' {O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe( H P" ]7 j/ `7 A, O( N
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe3 I0 F+ E7 h5 f
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe+ h( X# ~3 |$ Q+ o
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
! i# U6 @& D. e1 b; @+ W2 @O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe6 _. k( g8 { o; W4 U% q6 j
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
