 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
- k* {7 N! _% S. `- y( IScan saved at 16:55:24, on 2006-5-6
0 X5 d% I/ O6 I+ i5 CPlatform: Windows XP SP2 (WinNT 5.01.2600)1 V, @' Z- J# @* O& _% `; n' C- @5 `
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)4 f% _' v4 ~3 b9 {1 ?% k) C
" c7 {/ J$ w' n3 {/ NRunning processes:
; |1 R( j& M$ B/ Q e: A/ u9 VC:\WINDOWS\System32\smss.exe
3 Q8 m# r& m- v" b/ AC:\WINDOWS\system32\winlogon.exe
1 Q" M! L) a8 QC:\WINDOWS\system32\services.exe
8 g W+ X4 N+ N0 p6 GC:\WINDOWS\system32\lsass.exe
4 D& D% \$ c, q9 K8 NC:\Program Files\Common Files\Virtual Token\vtserver.exe+ g' _1 f# c- V$ N$ \+ l
C:\WINDOWS\system32\ibmpmsvc.exe
/ ?( x9 Q$ L7 p; S( KC:\WINDOWS\system32\svchost.exe, r# X2 q3 |/ }9 j
C:\WINDOWS\System32\svchost.exe9 Y7 q" U% D2 a4 T) I" N8 P
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe9 P6 S/ S7 H( X2 ]5 I5 [/ f) |
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe8 w5 i, X; j& p) a2 l$ Q7 Y8 y
C:\WINDOWS\system32\spoolsv.exe- ]6 L. ~! M1 }' ^2 p
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE: g6 j3 L; I' s
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" B, S6 b1 K6 Z! k; ^/ D7 d& y
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
9 C7 H$ ^1 n q' \* C! sC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE* R( K- s+ {, r5 r$ a. q, a$ F: R
C:\Program Files\F-Secure\Common\FSMA32.EXE! C' _5 i' q5 p1 B
C:\Program Files\F-Secure\Common\FSMB32.EXE4 {+ R8 R/ \' N" d
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe3 |0 ]0 l! U2 C9 p
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe! e1 Q: f7 P f% c/ p
C:\WINDOWS\System32\QCONSVC.EXE# @) T2 v( c1 g
C:\Program Files\F-Secure\Common\FCH32.EXE& Z- p/ V( g- }
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe3 S. q# a; Q' g' m8 t
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
) i) t5 S; d- ], p5 b+ V5 N# `6 lC:\WINDOWS\System32\TPHDEXLG.EXE
& V4 k% p" R" P0 y. P+ ^2 U7 _C:\Program Files\F-Secure\Common\FAMEH32.EXE I. C: L# ~: s, c( @
C:\WINDOWS\system32\TpKmpSVC.exe0 D& s; c' P7 | y# y/ P/ k$ k' b8 M2 K
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
) O) |2 G7 q: [5 K: F( EC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
2 j/ u/ B7 m9 X' b6 aC:\Program Files\F-Secure\Common\FNRB32.EXE& u1 h0 @8 N6 c& x
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe" A0 {* W! \+ ]6 ^
C:\Program Files\F-Secure\Common\FIH32.EXE x% F2 i8 H4 B! H2 W. a
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe5 c* h; }1 L1 _( k7 ?
C:\WINDOWS\Explorer.EXE
4 |0 A' T5 Z' \( F( \0 lC:\Program Files\Synaptics\SynTP\SynTPLpr.exe( J. J0 Y( A) k
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
; I# a0 k# b+ v( `5 D/ w1 _& OC:\WINDOWS\system32\hkcmd.exe
- z- b; x; n% RC:\WINDOWS\system32\TpShocks.exe4 N( V; T. k0 W+ H" L
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe0 X2 \) h9 U4 q# K
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe7 r: `/ B* l: ?6 W
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe, _. v6 L, ~. E4 I8 X& M
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
X, _0 I8 r4 P0 k% j3 A8 DC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe. L; ]/ _& Z) x5 o# I" w
C:\WINDOWS\system32\dla\tfswctrl.exe
* `3 P0 v# C0 y1 B- bC:\Program Files\IBM\Messages By IBM\ibmmessages.exe
1 G( B: b& p. O" e% {9 s! T DC:\IBMTOOLS\UTILS\ibmprc.exe, C' t+ x( [# Z: C
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
- L- t) F; t3 z& z3 {* MC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
8 Z7 t$ z7 z" hC:\WINDOWS\System32\svchost.exe( H' T0 a- r2 I0 N& z6 c! ` a
C:\WINDOWS\system32\rundll32.exe/ ]5 G2 u) _! x# T; H/ u
C:\Program Files\F-Secure\Common\FSM32.EXE( ?8 K9 \# N# P& M+ z
C:\WINDOWS\system32\CTFMON.EXE
/ p% ^9 g9 ^) k7 }: p, NC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
9 B4 j! \' L9 Z% E$ fC:\Program Files\Digital Line Detect\DLG.exe
6 I/ b& ]! ]" D& mC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
0 p6 z+ d/ r7 m0 u' U' e' k7 BC:\Program Files\F-Secure\FSGUI\fsguidll.exe
5 u6 D |" [$ }. [4 q+ p2 tC:\Program Files\Messenger\msmsgs.exe
3 ~2 ]$ ]$ g A' R/ c0 j# qC:\Program Files\Internet Explorer\iexplore.exe
q! T* u1 p6 m' F( i8 X8 Y) ]! LC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
, k- \5 g$ x" T }( X( n( \5 t5 u& X' B3 r" s7 O
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll% Z7 Z" ]) {* A: W
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe' |: L5 X' F) @7 }
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
7 [& ?! v) N/ y: U+ u" @; U5 D5 ~O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe& _' m& k& F& u) M+ G' ^
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe) z: C7 L# t, d" m$ A/ ?6 ]# M6 I
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper, f, h7 d8 P8 B: b0 F' e
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe; |3 Q& M3 x; X I6 x3 ]! w
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe2 Y, @* ~8 E* g2 G) |- F V ^
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup$ O! y: U6 N3 a& y' ^8 m
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe' X8 d8 @+ {) \% e
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
' a( ^; f: ]. C& V6 ZO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe) A( O1 f" r0 s3 K# a+ l
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
* p5 ^' _0 q4 d& Q" m- D7 K& i( S/ zO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r& u1 }; \4 V r' _+ [3 X
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
/ X7 z$ m( \6 p: L: m8 G8 \0 |O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
8 V2 q# c5 n7 t. n' ?( T2 GO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
3 \* D% L4 ^) ~, d0 C& g# \O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
* B3 i- i. N) }# tO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
+ g8 L( P% C8 ~9 N3 IO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor$ A5 t- M4 I- N5 D) Y' g4 }0 u( S. K
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog) ^9 K7 o8 |4 K, x; b+ y( c
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32& D7 c5 \( u7 F7 V2 Q! d1 [/ y0 u; n, b
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE0 Y$ }3 H$ u4 \; n
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC% w" [( L! v% Y1 w
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC1 A1 w$ x$ c$ Z
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
# w4 @+ z+ v( k1 R* t, y, s2 U9 WO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash- @$ m5 h) p4 I- m' ^$ ]. w$ Y
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW& N$ S4 N& Y* a% a7 _
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe, z$ B m6 n4 f$ j6 v+ _
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe3 E/ Y" S0 t7 \
O4 - Global Startup: Digital Line Detect.lnk = ?3 B" x3 z/ ~( i+ p/ i/ Y
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe# P" j2 y) b# H) g' l
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm# u- ?) p0 y+ i J. { ?! q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll+ Y( I4 X6 t# C. T: |6 r: V: I
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll, y8 v: X7 ?" O
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
+ t! T5 e+ N3 r8 S) U, X; B8 pO9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll( C; m9 a/ G1 }/ y& s
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe5 ?( }% N+ u' k+ n2 C+ R
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
% ^# |" K5 j# Y4 FO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
+ ^. m$ i$ u/ ]: T7 N( mO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
4 ^, E+ l: w1 _; W/ m" x. LO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
% r' e3 B9 x3 I- j; A9 t& w& FO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
5 n- U' q, I. _+ d# E; KO11 - Options group: [JAVA_IBM] Java (IBM)* \! ^" B s& ]3 P0 T
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll5 x, K# C2 F6 k) u7 N9 v
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll' S+ N# z4 K7 x1 U" x
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
) w" x2 K1 Q4 PO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
) ?* |+ g1 Z0 ?7 v2 m2 ~+ e: X# ZO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
4 Z: p1 K: ?6 ?9 P& z( ]) lO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe7 d$ J# Y6 I4 _. M6 c! F7 h
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
/ A- S7 z6 Y7 J5 MO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
* Y: U: J' t$ P. F8 B$ S- lO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe' q. ^. e3 }/ s7 P3 o$ Y$ ]3 g
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
3 S9 [7 c2 _+ x6 U, ^+ {O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
% E2 S. P) L* z: sO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
, Z+ x9 A; I! r) e/ d- M, G7 U: u) SO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe* p. S8 Z- N2 R6 {" y5 w9 c
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe+ T9 M3 F3 ]' \' w- c( ~
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
2 y# s& e- n/ e B9 hO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE0 ?5 R: [! [2 q& ?
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe% H& l0 J1 z3 M/ s( ?* `
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe5 p% A; { H' F6 p$ J
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
- V4 X* A/ x6 B$ t% Q3 z+ v- k FO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE8 z6 U1 v4 R; W9 l( P1 e: d
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe* k& |' _0 b( Y3 E
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
