 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.15 f* G/ ~7 M/ D9 w5 p
Scan saved at 16:55:24, on 2006-5-6
9 i! j. X' J7 @* v/ d& cPlatform: Windows XP SP2 (WinNT 5.01.2600)
( G" g+ t: h' OMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)% h9 o6 N: q5 c: b1 c
1 V% |; D$ Y2 j1 ^0 e. j4 CRunning processes:' q9 y" F% S& F R/ s9 A& l
C:\WINDOWS\System32\smss.exe
: X: B) N0 i+ W1 ]% Q/ ?C:\WINDOWS\system32\winlogon.exe
* L; h, t2 }) y2 r1 a. U3 MC:\WINDOWS\system32\services.exe
; F- ]7 E7 Z o; v- a7 DC:\WINDOWS\system32\lsass.exe
7 `0 O, `! ~, h; Q3 T6 B$ \1 {8 |) xC:\Program Files\Common Files\Virtual Token\vtserver.exe* A+ f1 r0 P5 F# u: [
C:\WINDOWS\system32\ibmpmsvc.exe/ \" D7 v, ?9 e
C:\WINDOWS\system32\svchost.exe6 ^5 M4 k" k2 ~6 w( o8 j
C:\WINDOWS\System32\svchost.exe
: R9 c* w% x, i' kC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
$ ?7 U, r$ u0 N/ O% _6 O1 NC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe( a* Q; c; h" B/ i" ^# x
C:\WINDOWS\system32\spoolsv.exe5 L" k3 |: p( C+ N( N) T
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE8 X3 J( b* v {$ x3 l8 _
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
0 a# W) J6 ~% L1 Q" x, bC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
8 x, Z7 b8 S$ xC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
* E& P1 p( n2 c2 xC:\Program Files\F-Secure\Common\FSMA32.EXE
@1 ~+ {' q& {' u' MC:\Program Files\F-Secure\Common\FSMB32.EXE3 m+ @9 l. q% H9 y9 N
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ?* ?% K$ p* {: M6 d6 E
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
$ ?% l: I! g0 cC:\WINDOWS\System32\QCONSVC.EXE8 _% e7 p0 ~# ~. q
C:\Program Files\F-Secure\Common\FCH32.EXE$ [# ]7 y' O: ^
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe& b4 q# n( F) Q( g, |# c! }
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe! v( ~# }' @ a& I+ o
C:\WINDOWS\System32\TPHDEXLG.EXE! e* O2 X' k) a: ]/ [: L
C:\Program Files\F-Secure\Common\FAMEH32.EXE
, [( @: Y; C. d% sC:\WINDOWS\system32\TpKmpSVC.exe/ I3 }% h( E3 f2 g
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
9 Q% S) \2 N v+ Y- O7 y1 x T: a+ cC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
$ `. m' c `! _& X4 U dC:\Program Files\F-Secure\Common\FNRB32.EXE! V$ D6 p% u% _' ?+ _
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
* A+ K. ~0 C0 Q+ t8 dC:\Program Files\F-Secure\Common\FIH32.EXE9 B4 b! m1 b9 |
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
# {0 u2 a/ l# ~' tC:\WINDOWS\Explorer.EXE+ V. C% m2 @5 v6 Q' ~7 J, ]0 K6 a
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe t* L2 |9 v, U! a2 v
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4 }# h \* k% CC:\WINDOWS\system32\hkcmd.exe! a: r/ K, p r9 U$ {
C:\WINDOWS\system32\TpShocks.exe* S! J2 U+ D9 A3 Z0 _* y- t
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe+ K/ s, K/ R+ f( \$ N0 v/ R
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe S2 g# p6 P5 M A) w( W6 t7 {" ^( J
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe# a- ?: |! G' a4 y; B$ `3 i( c' `) h
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe: N$ W. m$ X+ d2 E0 K
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
: b& U; B$ T/ DC:\WINDOWS\system32\dla\tfswctrl.exe
! Z9 Z Y: o0 n& |! oC:\Program Files\IBM\Messages By IBM\ibmmessages.exe
# O5 Q+ p+ Y4 Q. ], D2 SC:\IBMTOOLS\UTILS\ibmprc.exe
' S; {" r7 W2 Y' \- BC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
! @3 q( ~& L# a- BC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE0 @/ `7 K4 d! Y9 f
C:\WINDOWS\System32\svchost.exe
" R o: b- }0 r7 z+ p- e6 _* uC:\WINDOWS\system32\rundll32.exe
6 ^/ X0 ^. @9 S% UC:\Program Files\F-Secure\Common\FSM32.EXE4 c, p5 Y; s8 f* M" `$ E
C:\WINDOWS\system32\CTFMON.EXE
+ W, o# c a0 B0 o- QC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe/ ^: W6 M6 `( G o+ S
C:\Program Files\Digital Line Detect\DLG.exe
' }* F) ?6 [7 n: Q% QC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
: @5 a. j7 s8 N7 ~& \2 d- TC:\Program Files\F-Secure\FSGUI\fsguidll.exe
, E3 ^$ L: ^5 V1 U) b! _( t' LC:\Program Files\Messenger\msmsgs.exe0 y1 _# S9 k" s3 _. D2 E
C:\Program Files\Internet Explorer\iexplore.exe! l7 z8 e9 r, b1 y; ]+ I) {5 l
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
- C% l$ g5 N. {! C2 a5 p
0 J B& _% S/ u& o' ]O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
0 O8 `1 s3 Y4 p0 QO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe+ [0 Z# \9 B- C0 O
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe# k; ^' i* h/ F2 K
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe! S) f8 a2 i) E- d. C3 X
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
4 p8 o9 a: ?- I- R K1 w' ?O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
' h* F( O) Q% Q2 } B5 gO4 - HKLM\..\Run: [TpShocks] TpShocks.exe6 I2 P) a. m; Q6 j( T
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
" ]( o7 @) e6 j9 H7 ^) @5 {O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
4 p! }1 A) h( g7 i1 aO4 - HKLM\..\Run: [TP4EX] tp4ex.exe; C8 Y' X2 Y& l }, ^$ `
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe! ?3 z: W/ r) { B H1 O0 V5 D
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe2 |6 ~4 f7 X) w) P+ A/ t
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
) A) Q9 L. w9 a8 N5 {0 gO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r3 {: i6 e% w& {& }: T9 s* }: \
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe" A, b/ R& ?2 [1 a; s& |( t: s
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
, D: @ _9 e9 B! h" `O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
i; J. E$ b# S! CO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
3 O1 \ \; ~. K1 p3 r: DO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE0 f& \3 P+ H' y# S6 @5 n
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor' ~& i& t3 N# v9 v# S/ e
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog. W: k- b, k. d/ ]0 J
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
1 c/ T+ T7 G3 M& qO4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE2 a7 B, U5 e# b; `' F0 {8 {
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC* F$ _" Y2 g$ B! t4 \% P$ t
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC- i; O' Y- q6 w, d0 U! v0 u1 N0 m0 R
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
7 ?1 r% ~( k; N0 o1 _9 h0 mO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
: x, S' @2 K2 {; oO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW8 E( ^) t$ P; T" p% g: Z1 u
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe; @4 e2 w. @2 q4 S8 D
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- k. X; f) d1 V# B2 ?O4 - Global Startup: Digital Line Detect.lnk = ?
; a8 T& q( A; ]7 m: v+ vO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe4 r, W) E) {2 g- S; D3 `# g
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
/ E" X# D9 v4 j3 o7 NO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll; P) e6 g3 `2 t8 d) t6 N
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll2 ?- i$ K! R" g
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
, J2 c: Q; {+ c! k' p5 T BO9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll4 ^0 H, D3 M$ _) {! C5 N
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe5 a" V: J! H4 n* s
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe8 |7 p" h9 W5 M8 _+ K; N
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
$ Y3 ?4 _) f' x9 Q8 c1 RO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
4 f7 ?/ N6 o* {3 |- QO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
3 F- D9 q/ c1 e( a; A% CO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
) G1 e' L( ^$ {9 d& V+ R& Z4 _O11 - Options group: [JAVA_IBM] Java (IBM)
! p& p/ }' ]+ i- uO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll3 p4 H. E! e+ _- F/ M" U0 t" q
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll" F; G, V" B% Z$ ^; F
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll4 n+ r- {$ J+ ^
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
5 O9 A; i; D( J# L/ B/ S3 xO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
) ^& `. L$ T# q0 _9 RO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe1 D6 p3 e# n N/ m/ d
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C9 L% ~7 V, E8 s$ R4 w
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
7 U8 ^* D% u, K) K. PO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
0 g* k# P8 o% qO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe) W* Z2 ?- |+ f: j V
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE% C r4 S$ Y* f2 o9 W3 q0 t
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
( O; ]7 c0 A( i% V9 NO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe \3 H3 t* M; q6 N
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe+ L# {1 t. B: c& U2 {! J6 _
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
( r1 s U- y1 Y( g& B: x% RO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE4 y5 D3 E- O* Z! g9 ?; D& Q
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
8 Q# [4 h& l* R. v& G( M1 T7 ?O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe7 G2 c2 ~( ^. S m6 d" t8 d- ^
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe8 C- f; b+ s( S
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE& O$ ~+ Q% ?6 T' \3 q- d& G, U w* C
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe% G0 l9 a! @: c
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
