 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1$ [9 X6 o. m' B: D* `- u
Scan saved at 16:55:24, on 2006-5-6
1 H# o$ S: W) g8 q3 ~Platform: Windows XP SP2 (WinNT 5.01.2600): k/ O4 A5 f3 c U, Z4 y9 ^. ]
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
- _0 n5 C) L6 e! ~- @; |5 U5 F% h# g! v' T0 v" | X
Running processes:
4 _ P t% w, x4 PC:\WINDOWS\System32\smss.exe
' V7 {/ Q# o9 H$ j4 `C:\WINDOWS\system32\winlogon.exe
3 [7 ~& m8 m& ~7 q% [C:\WINDOWS\system32\services.exe
0 I5 y' c; i5 [C:\WINDOWS\system32\lsass.exe
) F+ ~1 d: p& i( w QC:\Program Files\Common Files\Virtual Token\vtserver.exe
* H. H: r% s' i0 gC:\WINDOWS\system32\ibmpmsvc.exe
' a, ^2 k j w# y3 a+ k6 cC:\WINDOWS\system32\svchost.exe
- P/ e4 s8 ?0 W! ~6 `% qC:\WINDOWS\System32\svchost.exe- V9 [0 s9 h J6 r4 T
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe I# V! \3 i" Z) y8 c2 W, b1 X
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe3 }' Z3 x7 `, E
C:\WINDOWS\system32\spoolsv.exe
$ l9 O) y W9 t _7 xC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
1 _4 @9 y# o4 k9 |; [" eC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe- k. y! u; p" F8 f1 }
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
; \1 E8 n# H! {7 \0 ?C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
; {* o2 ^- R+ ]. t2 t- p% eC:\Program Files\F-Secure\Common\FSMA32.EXE X' Y& D* h9 }" U0 H! t8 c4 G# ?
C:\Program Files\F-Secure\Common\FSMB32.EXE4 y/ s, S- i; F- d Q- i! r
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe9 y+ Z1 d7 H0 m
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe6 S( q9 Y4 p; U
C:\WINDOWS\System32\QCONSVC.EXE1 G6 `' E6 {$ s' o r
C:\Program Files\F-Secure\Common\FCH32.EXE
6 o9 G/ v" q: n4 O+ n( VC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
& S% Z! L; n) NC:\Program Files\Analog Devices\SoundMAX\SMAgent.exe; W/ c, D! ]0 C5 D
C:\WINDOWS\System32\TPHDEXLG.EXE
8 A5 j h0 T. T2 ^% A0 x1 ZC:\Program Files\F-Secure\Common\FAMEH32.EXE4 n- c! i5 L* M& S
C:\WINDOWS\system32\TpKmpSVC.exe
) k5 J1 |1 m% [7 q- R) g& `C:\Program Files\F-Secure\Anti-Virus\fsqh.exe% `& t* S, l5 v" O8 D
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
( d* h Z- V3 D! P3 u, O) iC:\Program Files\F-Secure\Common\FNRB32.EXE/ r, {7 D6 Q w N
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe$ E2 m& h% m9 ]$ L
C:\Program Files\F-Secure\Common\FIH32.EXE
% \8 C' \9 ] U! h9 J& A/ p, MC:\Program Files\F-Secure\Anti-Virus\fsav32.exe! r% f2 S2 N% ^ ?# K) d
C:\WINDOWS\Explorer.EXE
' b' E0 ~; Z' l& Y. t! @C:\Program Files\Synaptics\SynTP\SynTPLpr.exe9 b4 \6 c z- Z) p
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
d% o7 [1 [6 n- ]& S- }C:\WINDOWS\system32\hkcmd.exe
' A( l0 T! W: {% k0 W( SC:\WINDOWS\system32\TpShocks.exe! M- P! e$ G9 ?( q5 q9 ~% ?
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe' V% l+ E6 \/ H
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe- S2 ^# C) M5 Z1 \2 U
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
9 [, v4 r% r$ SC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
5 [* w! D( `: F/ L3 b& rC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
5 I: _8 f, T4 c' LC:\WINDOWS\system32\dla\tfswctrl.exe
3 W( F1 ?6 \, j1 eC:\Program Files\IBM\Messages By IBM\ibmmessages.exe* b! N* K5 H) T1 b/ k* s8 F
C:\IBMTOOLS\UTILS\ibmprc.exe
! e9 b* m# t6 h9 \1 k( ~' K7 kC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
+ x: G% m8 Q M8 T* UC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE; X, p+ i# m+ J3 x* m m* M
C:\WINDOWS\System32\svchost.exe
8 q9 l6 \$ n0 _; T4 z! XC:\WINDOWS\system32\rundll32.exe: [ E: m0 e9 Q# T z% y, n9 o/ b1 ~" z
C:\Program Files\F-Secure\Common\FSM32.EXE
5 Y, {/ C# Z2 @C:\WINDOWS\system32\CTFMON.EXE
# p! z! X& m; `" cC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe' Q$ k! E4 g* c G; X$ {3 e% U
C:\Program Files\Digital Line Detect\DLG.exe+ L6 k: H" D/ d3 _+ b% I
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
) g1 f1 p( H* p, a) p$ v4 [C:\Program Files\F-Secure\FSGUI\fsguidll.exe: [" x* ?, |& J. t
C:\Program Files\Messenger\msmsgs.exe
0 N+ K+ c9 K$ M, P) ?/ E+ aC:\Program Files\Internet Explorer\iexplore.exe
$ k G. C- Q2 E+ V& @3 }( b. uC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe* y# }3 i+ B. K
- \& F2 u( E1 K7 U- KO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
% }- A. V( t' l4 pO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
6 _- g2 f1 ^5 {7 Y: _( uO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe3 b1 _4 W! ?5 T) l) Z
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe& a* T) I0 J. S( K1 v9 {
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
+ E- [" J. Z# ]* XO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
' T; \/ V c+ P3 B% tO4 - HKLM\..\Run: [TpShocks] TpShocks.exe; J+ A. E/ |& q/ \
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe$ w% i; n7 \3 r! }
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
1 D' u6 m3 o7 _ c6 s5 r6 iO4 - HKLM\..\Run: [TP4EX] tp4ex.exe h- {4 s! u0 Z2 U
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe9 j: Y0 d% E0 O. O1 Q+ U
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
2 H. q2 I& \7 K: N3 o9 xO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
1 }0 v8 Q' B2 m6 P9 L, ZO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r1 L% J! {5 h b; A S5 r: F6 w
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
0 {' G' s) J; J# ]) y, t2 m& cO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
) ?! b3 i+ _. D+ s3 ~ V8 PO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe5 C: {' P& d2 j
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE+ B0 y& H; i/ O/ \1 R3 T, [' U
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
7 X5 v/ u. @2 {1 C3 gO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor- l/ G. z# _' w# c2 s
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog3 s) ]9 z+ x9 X2 n+ ~
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32# Y3 N) h! M# ~7 F( _9 H3 ^: P0 X
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
4 w" a' B0 M: f$ rO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC' h$ J" z5 F( c8 K
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC1 \- i) p/ c, S! ]: X5 t$ o ^! H
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
8 U- ^, B* g0 s2 l" H8 bO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash) y9 i- d* {- q7 n# j
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW) Y0 F) y) [& K1 |- P+ e
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
! |0 y t- o1 b* Y8 n0 PO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
+ M5 T9 }8 Z/ C, o* [3 C- hO4 - Global Startup: Digital Line Detect.lnk = ?
( N* {5 U# I' i! D% s9 F& KO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe, I' C" H! X1 @" |
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm& b' |" R: x I5 s3 k% J1 g: d3 T
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
$ m2 t* r5 G; RO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
5 b: A1 g2 {/ j! J& hO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
, d+ P. a# \8 ? s! h' ^O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll( m% M; n t; V+ D5 b3 r% R
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe% x% ?8 S' _& I: L7 K
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* e* [( N" }1 @O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe6 `. J$ f0 C3 j Y& E. V1 A
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
( j2 a6 M9 ]2 yO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll4 q, B5 b+ B+ E. V
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll* u6 W' _! Z! j% j1 u+ [
O11 - Options group: [JAVA_IBM] Java (IBM)
2 Q* @1 f7 T: `" w" L9 R; FO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
* y4 ?6 i7 [8 T( D6 H# ~: m9 @O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
! r& b3 {( ^8 a' FO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll: r7 R1 X; g. G8 K
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
V% }- Z/ \/ n) k6 MO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
# j) n8 p8 F: Z" YO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe9 o! t6 r' K9 \1 y. L {$ g7 t
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
8 l7 O# y; s6 N) u j/ L/ R* W3 U. SO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE1 @9 ` m$ V" q! d: z8 x
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe# z9 E1 d( g4 ^! m. M3 K, y) t
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
, a7 E6 r# K) J1 Y+ w7 H. }O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE0 |1 P( l8 U; b& {
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c1 c0 B1 E5 x c' fO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
. Q2 \+ i1 t$ d$ q; SO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
) q/ j- ^- {9 ]O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing). Z" B, p, ?- ]- S$ V; W8 h
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE {$ ^; O) g2 e1 _! _- v
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe% ~ c, H" j u2 j% T9 Y% {. b
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe( V: Y& b7 E4 ^
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" d! o* t* M# F6 R* Z
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
: f: p) }( q& ^; \8 _8 CO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
' V' d9 z: @" s6 dO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
