 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
& h+ `+ Z( K$ G& D. r5 x6 m, F5 A6 mScan saved at 16:55:24, on 2006-5-6
# I7 \2 L7 H9 T0 ?& zPlatform: Windows XP SP2 (WinNT 5.01.2600)
7 o) R3 P" Z N" s! RMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
; I1 Y: v; h5 \3 D7 r3 W
{0 b$ ?' ?6 \$ q& m! Q7 H6 n2 k5 ~Running processes:) a! W+ `8 z* A @' k$ k, l; a
C:\WINDOWS\System32\smss.exe. }, `9 F/ ^4 C$ e
C:\WINDOWS\system32\winlogon.exe
w. V# F: y- Q9 l& ?+ }C:\WINDOWS\system32\services.exe) S! [* T: z6 }- P4 |7 N: O
C:\WINDOWS\system32\lsass.exe2 k* k6 }/ \2 j b3 W' @5 _0 U* N
C:\Program Files\Common Files\Virtual Token\vtserver.exe
5 X# A* X4 Q) GC:\WINDOWS\system32\ibmpmsvc.exe7 R1 g" M* N% A" W R) x
C:\WINDOWS\system32\svchost.exe5 D# m9 G3 k0 ]! T$ r
C:\WINDOWS\System32\svchost.exe
; U t6 \! D9 U, V# M/ C# AC:\Program Files\Intel\Wireless\Bin\EvtEng.exe4 }! ^2 f2 b+ ~( t
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe& D- H$ ]- e% [7 r; N4 `
C:\WINDOWS\system32\spoolsv.exe$ v8 `% M% ^: g0 T+ i/ h
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" c6 o, c3 m3 e
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe9 k6 I7 t0 z# C% h
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
% i# S& z7 G( g: uC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
. M) K' j! H, J6 n M2 K1 |; r. ~C:\Program Files\F-Secure\Common\FSMA32.EXE/ [5 |+ _8 `+ D0 @0 S" J
C:\Program Files\F-Secure\Common\FSMB32.EXE
8 G6 n5 @, D- X1 ?& U; {4 }C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
! ~' Q3 O- p6 h6 j/ x8 l$ `C:\Program Files\F-Secure\Anti-Virus\fssm32.exe# L: b8 Y3 h3 ~2 V( Y
C:\WINDOWS\System32\QCONSVC.EXE% g8 Z! }! ?# \$ d! b' g6 ]! l. h4 B
C:\Program Files\F-Secure\Common\FCH32.EXE
& m4 ~) |% W% }$ X7 h# t! FC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe. ?2 V1 L0 ]: h7 u' ]0 j9 p
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
8 _0 u7 x$ r+ j8 g& K! TC:\WINDOWS\System32\TPHDEXLG.EXE
7 n/ i% z+ O" z1 |' G- G& H0 z# DC:\Program Files\F-Secure\Common\FAMEH32.EXE
# v4 M8 f# n7 y7 P1 Z5 RC:\WINDOWS\system32\TpKmpSVC.exe" ^) Q+ Q# c5 y5 b) s+ D5 O; z
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
6 l5 m, a; }" i; D. R zC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
9 d" A6 k( E" F- O4 NC:\Program Files\F-Secure\Common\FNRB32.EXE1 A: N7 \ U: C2 v$ |4 X$ K
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe8 {, t+ [1 \9 y# P" C) o& j; [( M, c: n
C:\Program Files\F-Secure\Common\FIH32.EXE
; J& {9 E' W0 u' ~1 s4 CC:\Program Files\F-Secure\Anti-Virus\fsav32.exe
% c; i, P7 H. m* }" K) LC:\WINDOWS\Explorer.EXE3 u( q8 A+ n! a9 ~3 g
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe& C/ V7 U: W4 w2 J) K! k
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
, e( `, y* ?9 f& IC:\WINDOWS\system32\hkcmd.exe
% h( i }2 k6 y# {4 C2 D" VC:\WINDOWS\system32\TpShocks.exe
1 h* N- x7 x7 ^3 |9 @ k+ gC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
+ P+ n9 o5 H6 u7 z% c+ AC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe! Q. a: v+ I7 R2 F, E* G' a) c
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
. M, N4 t& P0 sC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
2 W1 V4 m% ^9 S" k. G- H6 v" [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
9 w, {6 t$ |+ F6 F& PC:\WINDOWS\system32\dla\tfswctrl.exe
; c2 e9 ~3 D. J0 f: YC:\Program Files\IBM\Messages By IBM\ibmmessages.exe
3 P' E7 O# k) \C:\IBMTOOLS\UTILS\ibmprc.exe
, |! w" S. n% _C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE4 M1 @. ]9 G* G. Y
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
! [" E1 T) k5 ?1 h! |C:\WINDOWS\System32\svchost.exe& m6 l, d4 Z& L+ `% Y. _
C:\WINDOWS\system32\rundll32.exe6 v/ f; e# D, _8 B
C:\Program Files\F-Secure\Common\FSM32.EXE
6 ]7 ^0 c+ V% G. _6 ?C:\WINDOWS\system32\CTFMON.EXE
9 r' ]. v5 i& o/ {* _- E- `C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
$ F" \2 H8 c8 N8 AC:\Program Files\Digital Line Detect\DLG.exe: l$ W2 J5 t5 d: M- R
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe3 u0 d5 g) x* n. T E! ?& o( S
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
6 W" e3 e6 M5 Q( _C:\Program Files\Messenger\msmsgs.exe
2 B% R# z6 i1 `5 {8 m8 jC:\Program Files\Internet Explorer\iexplore.exe
; V2 T8 E9 o% e A4 B# ]C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe* ~2 `, X$ d ^) X
) o# `9 i) _: H$ [9 VO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll! X9 D! Z7 ~* S$ N
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
/ Y5 T9 w% s. Z+ F& _' e) {O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe( U% ^4 z$ F$ j& H: q7 ]! V
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe8 {% x" V9 c: a ]. b* C7 ?
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
4 [: h3 t6 Z9 s/ k: ?3 x- v9 a: MO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
9 G) k4 ^8 n" o6 c, pO4 - HKLM\..\Run: [TpShocks] TpShocks.exe
% S, Y1 b, \+ k9 cO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
& T" @2 q; Q! J3 l9 H2 E7 W5 zO4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup+ n% V3 J8 m3 h) k
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
8 ?* P9 z: {/ S! j0 ^, U& ^O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe- v6 T" H1 m1 N
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
6 j& U. b& _" l n/ e. L: xO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
, }9 e/ s& k& P5 jO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
1 J5 Z1 x& J u+ w2 t+ g8 ?O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
4 [8 N7 K$ v% z! }8 m& OO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
" J2 V$ Y+ q( u! M# W. ^O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe) a G7 x# Q! ?: Q) C. W# j
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
# I/ e1 D! {2 z5 C2 p7 @O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE1 y. E- y" \+ Q, a
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
2 @7 a& J8 h# L* u _9 mO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog, p" g# O/ X, U b& v4 F
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
* \) i, J; J/ m& F( sO4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
3 |$ T, T/ [) W, H$ g& b, f' ZO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
8 C& m! }- N, ^8 W8 U0 ~) g3 OO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC }( b' _+ n- S
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
$ }2 L% J/ s+ P; }) g! p5 V8 V ]O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
# N" Q) ]/ q4 g/ P, m+ R2 d- NO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
- ]8 n3 |; ~3 V: l& m' R: I) W) Z$ WO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
7 U5 s5 Q* I% R( X8 n" fO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
( W. ^) W+ d, m& _) r7 }O4 - Global Startup: Digital Line Detect.lnk = ?
& p( `7 @: n. ?* }- {# JO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
$ @" Y, e1 M; yO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm# ^$ |* o- @' G/ ], }
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll+ K! i$ Z8 y0 w/ J) K
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll, ?% q( X7 B/ ^ m0 z1 U
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll7 m5 k0 M) ~3 G# U) F
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll0 z3 [- [% W2 x' x/ Y0 z6 K
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
" r" u% Z0 _# SO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
S" G7 D. g5 T5 ?9 eO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe( P7 k! M) c4 S' q( m- E
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
& y8 z# c; ^% H$ i- wO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll- I, X: Z) f: L- I ?9 i
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll* m& R/ r$ o( t% |$ |4 A. ?
O11 - Options group: [JAVA_IBM] Java (IBM)
8 b( }. ^6 G l, c5 t6 |, r" qO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
( i2 C$ r X/ g/ ~; R2 GO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll/ Z$ u$ _) o' y! v) o# C
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll0 x9 C- l" W- E7 }. }( w
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
0 W7 ]: q$ h0 m; O ?+ t) O0 qO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
, b; |( x* @) m- d) DO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
) C) B6 X$ R+ H' ^8 U8 SO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
5 |+ D! a( W+ HO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
7 W/ W$ a0 n. o7 V9 ^5 f2 u0 zO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
+ }! r, |0 W( y" CO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
1 a( {( W4 R+ y% x. ? F4 W1 }- _& GO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
! u' ~! O+ g, }. M/ {O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe2 O% ~; g' r. j! ~5 J' H
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe; p- U1 @& ^! P3 _ ]- K p- v
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe( f; Y( M; j6 |8 V
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
7 r1 o& k- q1 C8 R) u b2 p3 E" t' oO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
- w6 W+ j+ k$ S E& mO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
q1 M1 I/ D/ lO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
: e. M% c' G1 G0 w5 N% J* y! wO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
5 K, _. z$ h9 Z8 nO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE, w+ w: l6 T/ y) Z
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe# Y, ~6 u# D- m* |, Q& Z
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
