 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
3 v) l9 K) f) e) ?, z# S) gScan saved at 16:55:24, on 2006-5-6- u9 [, W6 `8 w% }7 t7 i( W
Platform: Windows XP SP2 (WinNT 5.01.2600)
3 r9 f& y5 U6 o" b3 ]MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180). h0 E% [! q5 v) `* C
, T% z$ x8 i! T; q+ z- M
Running processes:
0 G: X/ D' i# G, m5 ]C:\WINDOWS\System32\smss.exe& U3 N' N; `3 w K; h1 U% {
C:\WINDOWS\system32\winlogon.exe* r, p) G9 b& Z
C:\WINDOWS\system32\services.exe
$ j! w* D, E4 |0 i8 ^$ dC:\WINDOWS\system32\lsass.exe
! C2 m+ ]. u. H8 f0 LC:\Program Files\Common Files\Virtual Token\vtserver.exe; Y' b5 V2 J2 N$ B( ~3 d
C:\WINDOWS\system32\ibmpmsvc.exe# ~ J3 ?9 K7 h% @9 d) i! V
C:\WINDOWS\system32\svchost.exe
7 v/ ^) J' f$ F c$ l) uC:\WINDOWS\System32\svchost.exe( h; R% j' h6 f
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
+ p0 E J: G9 b% {! fC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe) `5 L# ^! s0 Q l8 F: J
C:\WINDOWS\system32\spoolsv.exe3 [, j6 [& i0 T: u, S" B% }+ y( s, E$ u
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
3 u% O' i4 v4 P- x: kC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe+ x/ B- v0 F$ O6 r
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe1 D! @, i) J; K) }! R' R6 V
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE6 l' Q8 O- s9 c5 v4 N
C:\Program Files\F-Secure\Common\FSMA32.EXE
/ K% \& H5 P) a+ h" ]4 m* J: dC:\Program Files\F-Secure\Common\FSMB32.EXE0 m. B3 F3 @! n$ K
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
9 D2 g1 _9 n4 u# qC:\Program Files\F-Secure\Anti-Virus\fssm32.exe1 p6 l! o e8 B6 j. a; `6 s! A
C:\WINDOWS\System32\QCONSVC.EXE
0 F! _+ D# w- P' R+ B3 {C:\Program Files\F-Secure\Common\FCH32.EXE
5 B$ F. _; f" B% w9 b9 q5 hC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe% O; Z6 b* V' x! W7 R; V* V
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe) Z4 N1 x& x# l" E7 q" @$ p
C:\WINDOWS\System32\TPHDEXLG.EXE
# Q2 d+ H L! Y9 i. [C:\Program Files\F-Secure\Common\FAMEH32.EXE
9 s, A& w% n6 d5 H; S lC:\WINDOWS\system32\TpKmpSVC.exe
' h- I- B3 z, H+ qC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
& `7 R: J8 Q- t' o1 {, n, nC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
- h5 g/ @% ^8 f) \" `( ?# F4 u3 IC:\Program Files\F-Secure\Common\FNRB32.EXE( E$ ?0 k/ j+ G( W; k+ H% M% y
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe7 Q5 k% C) W2 J0 J
C:\Program Files\F-Secure\Common\FIH32.EXE
/ m! I. j) ~0 @% ZC:\Program Files\F-Secure\Anti-Virus\fsav32.exe
# L: J% ], T$ H1 sC:\WINDOWS\Explorer.EXE% z9 S- N, b, q( P$ I" k+ C
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe2 t) w5 `" Z8 \5 j
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5 }7 Q2 @" s iC:\WINDOWS\system32\hkcmd.exe
5 Z0 a% F4 u1 \ a' @C:\WINDOWS\system32\TpShocks.exe
. Q# M7 i: z% kC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
( n. Y6 S/ y4 ^! V8 ]" WC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
5 a3 \5 |/ e6 ]# e* j/ JC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
. R7 X9 }0 q$ WC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe! ~7 O0 U) K$ J, ?* ~* \4 K
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe+ H+ _7 M/ f& Q4 o2 e7 G% {) `" Q
C:\WINDOWS\system32\dla\tfswctrl.exe
l2 x* @. O/ c0 G3 a- o$ K G. WC:\Program Files\IBM\Messages By IBM\ibmmessages.exe
' W5 f& l v: I0 d0 I& D: gC:\IBMTOOLS\UTILS\ibmprc.exe3 I4 A/ d- {# O9 [; P/ | H q) \3 |
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
, \! a; j, K$ _& j( x- A$ u1 @# s# ZC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE4 f: j2 H! I7 l/ J# E
C:\WINDOWS\System32\svchost.exe$ P1 C6 e, h5 i! B9 p- y
C:\WINDOWS\system32\rundll32.exe# @7 _. @8 W. n+ f& M% w/ ]
C:\Program Files\F-Secure\Common\FSM32.EXE
) D0 b- U/ h+ a" W1 V( @C:\WINDOWS\system32\CTFMON.EXE
' H' y! `* Q- ]0 h/ H9 oC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe, m6 K! G3 S# O
C:\Program Files\Digital Line Detect\DLG.exe% {! D% N9 {* i }1 k& {* P+ ^
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
2 A# a3 V! z- V* ^6 d* B- VC:\Program Files\F-Secure\FSGUI\fsguidll.exe) {0 u2 B' Q' i0 l' Z8 e
C:\Program Files\Messenger\msmsgs.exe
- X1 R. }# r# i1 M E/ S0 |C:\Program Files\Internet Explorer\iexplore.exe) b: t! V( o7 u Z, x3 P6 D
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
( |3 X3 d: s0 ^* U( n& j
- d; i: p1 x) o' x- @0 \# fO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
+ N/ C0 [1 X; A- e/ R. G$ D G2 \" u3 c" FO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe) r7 q2 D: t0 w9 A4 Y1 p) J) [5 t+ v
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe2 e# H4 o, M. n( E. k/ j* T: `+ B
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe/ W4 ?( K. ]$ e3 a' h
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
* |5 A1 Q3 F" Y5 g4 ~7 @ ?4 o# CO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper8 Q3 W) o7 V" L q( ~
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe% b9 m; N, h( a; _0 q' v4 R$ [" ^
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe9 L" R/ |3 B) ?: S ?
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
' S0 }, |* N# z- Z8 i7 `O4 - HKLM\..\Run: [TP4EX] tp4ex.exe9 _& G5 L% C+ k
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe8 r. a+ t g; L( Z' O$ h
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe) S7 V2 i/ j# P1 X. b* J
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray) Z* ?; e; a" q, ~
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r6 x" Q. Q6 F3 B
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
( m' X7 N# L: c' \, rO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe& t2 H3 A2 e, _8 c, x
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
5 F" H. [7 |9 A( [! nO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
. ]; x( W# {8 k8 P7 h2 [, zO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE u' {# ]$ o+ i2 J/ V
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
, M4 o) J' B f8 l" T7 gO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
* G; N1 C8 h& z2 A* H/ XO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32# Z* C. Q2 u* M. h( I1 ]9 a5 U* u
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE+ W7 z1 J! j- F0 A
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
3 j5 S5 A; N, l& ^# ?) yO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC4 K w1 m# k* J6 U, ^
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName9 Z! \! Y1 B; r& Y% J% W
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
$ U& P" _0 ?: ~; l; E7 m5 u SO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
0 [1 z6 \# S0 ^8 v; e/ w- ZO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" b; i( H$ m. r7 ]- R4 g1 c5 h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
9 t/ H. f0 `; n5 AO4 - Global Startup: Digital Line Detect.lnk = ?* ^; w2 n3 r8 f" R5 O5 ?- I! [5 `
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe" U# T* U7 E& E& z4 y* K
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
9 T( ~4 a u! h: oO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
4 i p# \& ?1 jO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll" W: ^3 _3 T# U
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll3 S) D" n5 z$ F W% D" l' a4 Q
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
4 F0 r9 o' O6 h" ^O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
, ?& C% V; h$ p4 y* fO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe5 k; J3 \/ O$ K8 w$ {
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe3 x" C# f5 s. V' L% N! M
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll9 P6 r2 U# z1 Q3 Z$ X3 E
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
$ B# c( c! R6 u5 ?" ^! iO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
8 F/ G5 e! H$ bO11 - Options group: [JAVA_IBM] Java (IBM)
2 P* z3 \! D; n& o( [ A; E7 ?O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
* S h) B; ?5 R$ VO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
* `$ f3 Y: d# u$ GO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll/ q. w! B0 o" P! r' U+ l9 f
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
/ ?# E: `1 e. ^) dO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
( `- D ^# J. s4 `( ~# {; LO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
3 \' t4 x+ ^; L8 i7 W" f- ]4 iO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
6 \3 q! j: v1 k: W2 ]2 @O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE4 A2 g* S9 f! o0 W \
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe( z: Q' ?! H1 A- @
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe2 K5 E' [" h# \: _+ r* E- `
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE2 c, W6 N, _" a) {" X
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe9 |( Y1 F- G, z! y7 B. V5 K. _
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
- q& x: I& \% ?$ B/ JO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
! g; L+ h# D, vO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
5 [% c0 I! [5 N! }4 {# yO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE0 @; d Y5 g: m8 w
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E/ W) @' j' x( O4 ?/ Z5 nO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
4 B" j: z( Q0 l# a1 d- IO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
/ i. g- |1 R8 z$ g1 mO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
* |7 ?6 P! Y; E5 l$ ~- |O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
: s3 N2 i0 t8 q7 O) l. b* D; dO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
