 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.16 H6 ~0 Y# y- \5 K
Scan saved at 16:55:24, on 2006-5-6
' v) g) Y7 N+ r; I9 G; K: r0 M' B. d& P' SPlatform: Windows XP SP2 (WinNT 5.01.2600)+ t; a' u* V$ N0 S& E# g- l
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)3 C5 I) s% i, h; J$ v1 H
9 z; X# O9 E \( x @; iRunning processes:
. G% Q, @7 g* r; Z, t9 h: @6 \" B% mC:\WINDOWS\System32\smss.exe/ o9 T; j* R/ Y( ~7 x
C:\WINDOWS\system32\winlogon.exe7 e4 w, Y" {7 j3 K6 u, J. r0 F
C:\WINDOWS\system32\services.exe
/ Q9 c) [+ `" F L7 r: o9 |C:\WINDOWS\system32\lsass.exe
1 E) T0 i. t. {; S7 uC:\Program Files\Common Files\Virtual Token\vtserver.exe7 L, x: y4 b% N: G
C:\WINDOWS\system32\ibmpmsvc.exe |- @" S% e( n" [( ^5 Q. N
C:\WINDOWS\system32\svchost.exe# r6 H9 E# K1 [1 N3 a$ c
C:\WINDOWS\System32\svchost.exe
7 [, l. {8 \. n5 p4 m2 C- mC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1 S- F, s) b. WC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe) J! r" a2 l: ]' k* _5 c8 I
C:\WINDOWS\system32\spoolsv.exe
( c) k5 x# w6 v1 f$ K6 A" {C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
8 v5 a9 j, _# H" _. N1 lC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe# `5 |6 z) w( v0 y( s5 W
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe' d: X* C0 D1 y, E( |0 M
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE, y5 X% h8 ^. w% b Z' |
C:\Program Files\F-Secure\Common\FSMA32.EXE3 j5 d4 o _* m: E2 z
C:\Program Files\F-Secure\Common\FSMB32.EXE* \- q0 {8 M( `6 l! N
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe9 m' Q5 o$ S; s+ I: C
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe5 e: J) W2 {9 t+ K
C:\WINDOWS\System32\QCONSVC.EXE t& J* X/ `* A, I; u" y
C:\Program Files\F-Secure\Common\FCH32.EXE9 _% s; l4 w% y; l" F4 d
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
8 ~* w/ H3 q( V2 S! p. BC:\Program Files\Analog Devices\SoundMAX\SMAgent.exe, d/ |" ^' l8 W! D. O, Q# x3 c
C:\WINDOWS\System32\TPHDEXLG.EXE
. J2 G3 P, E0 c9 ?8 h$ iC:\Program Files\F-Secure\Common\FAMEH32.EXE. n9 L4 r2 M1 w
C:\WINDOWS\system32\TpKmpSVC.exe7 K# w2 ~* r' \/ [8 T
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
3 s' b$ p; F' hC:\Program Files\F-Secure\Anti-Virus\fsrw.exe0 [6 N, t9 p% ^
C:\Program Files\F-Secure\Common\FNRB32.EXE
9 n4 S7 Q' T: R! FC:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
' C2 H) @7 U' D! `! [" `C:\Program Files\F-Secure\Common\FIH32.EXE
, K/ c! B. o* D4 h5 d* W- vC:\Program Files\F-Secure\Anti-Virus\fsav32.exe
. \/ I9 i+ k2 ]. |( SC:\WINDOWS\Explorer.EXE
$ q3 F. q, O) h, S" RC:\Program Files\Synaptics\SynTP\SynTPLpr.exe$ a6 n% \' a r+ y+ U |
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe1 f! [- f; I" e0 \1 ?% y" h
C:\WINDOWS\system32\hkcmd.exe
$ c# e; q+ E5 S9 I% \2 l9 mC:\WINDOWS\system32\TpShocks.exe/ u9 d3 w. g |' s5 [2 z/ T
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
7 K; A5 p# q/ H! R; h. DC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
& D; Q. N+ g( z7 O' U! iC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe4 f! d# G$ v# \/ _$ y+ l
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
- Q- j0 A3 G0 \& N; i( P7 a+ hC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
' y: W" |6 w. G! {0 ?C:\WINDOWS\system32\dla\tfswctrl.exe- p2 F( j6 P N0 C: T
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe( ]/ J' v; S- }0 M+ w
C:\IBMTOOLS\UTILS\ibmprc.exe
b1 L g4 f6 F9 VC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
! R$ Z: s% a& j7 W( P7 f, C! wC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
; w& o5 w+ c8 ?9 n+ P" R5 h4 ^C:\WINDOWS\System32\svchost.exe! ~! F/ s4 C/ R Y4 ^9 Y; ?( j
C:\WINDOWS\system32\rundll32.exe
% M: m9 C% I" ~- N* g' rC:\Program Files\F-Secure\Common\FSM32.EXE+ J0 \8 I6 o( o' A! ^' b, O" }& M+ h
C:\WINDOWS\system32\CTFMON.EXE0 G% x' \8 @7 _) r2 b) H
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe9 a1 Z7 g: V1 f' Q7 W
C:\Program Files\Digital Line Detect\DLG.exe- [+ @2 R, |2 W0 j$ c. o+ r# j
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
: `2 Q: c% r: q% o# ` hC:\Program Files\F-Secure\FSGUI\fsguidll.exe
% F* C5 l: i* s% AC:\Program Files\Messenger\msmsgs.exe/ g( c9 P3 I. I
C:\Program Files\Internet Explorer\iexplore.exe0 c& B* U8 ]9 N2 ~. ~4 R
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe& n+ z) ^$ H* o r
4 ^$ Z, j' S) R
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
2 L. H$ f5 C+ z+ rO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
% ?/ H$ G) b: vO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
6 L+ @8 t/ V( u! S EO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
, M- K9 G) c7 Z" a; i7 p4 y( pO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
- E* q( h( h3 @1 U6 r; T2 \8 nO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
" ?3 g2 J/ X- }; gO4 - HKLM\..\Run: [TpShocks] TpShocks.exe
! C8 f' Y+ d: i. N6 D, w* i# WO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
* j5 j( A. T6 h1 q' u4 [5 h3 H- LO4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup: S1 a m- z& M
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe8 I: c, F/ [2 ]+ y; c. S9 k
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
) O2 @5 E- D4 x! }8 d7 SO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
; ?# b$ Q& x4 RO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
) S Q" r. B) l( t) wO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r5 G: t7 |4 x& B9 H6 h
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe( H# Q1 [ k% E3 ?# p! T
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe6 K( ] p/ A2 ?8 f
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe& x) @: r& y* b1 r, D3 X7 Y
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
* q4 Z# ~# [% H5 i3 B! RO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
4 k+ \3 j$ Y' T: F- PO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor! [( U$ b4 {) K# q7 ^
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
0 C& O$ _. p( z8 u7 ZO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
: z n7 z! ]/ w2 K; B f5 J0 JO4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
2 y; S& v6 U6 nO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC1 \- ?; M! \1 [7 u0 e2 o) M
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
2 L' t2 k* [- h6 oO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName, N) ]" U; e9 Q8 U5 U
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
& n. J; u" w) p' u0 b9 i+ uO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
9 b5 ]2 [3 Z9 }; e; ~3 ]! EO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
0 R% l. D! n \* VO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe3 Z) ~" r) ^ i+ K* c `8 b% S
O4 - Global Startup: Digital Line Detect.lnk = ?# o* i' U. p- h: h* o) `9 n
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
5 Z" X# S3 |$ \# P8 f; n" @O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
& u) K+ l' F7 Z. X' yO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
9 u2 x( Q4 |* q) i9 l1 t% H* Q% qO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
) O6 G- p3 O! A& @: X# [- jO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
& r2 j8 |" q5 n" G' u5 u. B/ GO9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll4 [4 @) W* D( h
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe$ V `5 ~+ A. Y" z' S
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
) K; O7 d0 S" A9 w, {2 ]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe: d+ T5 Y' J8 ?+ H. E
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll U$ c T, w$ c9 E* X
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
0 y; {5 ?9 M7 mO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll) K( O4 [4 ?( x2 j! O
O11 - Options group: [JAVA_IBM] Java (IBM)$ _5 u; y( K7 A( m: O, b, Y: G6 Q
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll. h8 {, G1 H$ `5 t
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll. ~2 s5 M+ P) m0 D% n
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll! ~5 Q; |3 ~+ y: H" C- u
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
) u$ |2 S2 V1 O( I: C3 d8 E# kO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE. J4 z5 `3 x/ E
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe5 I8 t) K: u; ?; g5 L/ N; g7 m X
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
, ~: m+ f, b& ?3 y. ]O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE# \: ^2 Y0 m _* h% Z8 o
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe3 d; q' c# e4 e+ N" G
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe$ z. c* I7 x3 |5 M
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE! y0 J( w/ g P1 }0 j
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
& K0 |* S7 J9 MO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe, E& W" [0 I8 v' j! \
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
+ R& [: R0 _' e- c; W1 M1 g% }O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)- v# a3 e. U# ]% |4 c
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
3 {: [5 v% G0 y. {, p) ZO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe; e( r+ I5 ~. `/ z2 n% i
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe7 L! }% r8 K( @7 H0 S$ Q) ]5 Q1 V
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe6 Q8 b1 G9 |4 w( t- ?
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE# @1 l. W p, |6 m. L; D
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe x i0 e* t- E2 _9 I
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
