 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1% c$ i3 ^! K/ V% `9 G! u) w. I
Scan saved at 16:55:24, on 2006-5-6
5 I, K2 x. r! s' M: bPlatform: Windows XP SP2 (WinNT 5.01.2600)1 n# w q+ P/ {- s T& p
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
" X4 z# n, W& i8 e7 P3 m' A( G) y% R. i9 J+ ~: f
Running processes:6 [/ N0 f5 D3 H' n2 r$ a
C:\WINDOWS\System32\smss.exe c" u1 q1 D4 I4 l
C:\WINDOWS\system32\winlogon.exe( W. C }! Y) K3 r. c
C:\WINDOWS\system32\services.exe
* \7 W, {- X2 [! w, N C# Q1 Q6 MC:\WINDOWS\system32\lsass.exe
! l- |0 V6 \9 X, fC:\Program Files\Common Files\Virtual Token\vtserver.exe
: z8 k! x, W. s; x5 g% H. \5 @C:\WINDOWS\system32\ibmpmsvc.exe
0 L( V" l1 V7 x0 ]3 S* pC:\WINDOWS\system32\svchost.exe
" i S$ K3 _ P' ~: NC:\WINDOWS\System32\svchost.exe" ~# J v+ o1 o) t9 o
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
" v) J3 c% c7 K/ c( @# A. _0 bC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
5 q5 m# e. D6 I0 h$ b pC:\WINDOWS\system32\spoolsv.exe5 Q1 ?7 I. P+ T, W" T8 A
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" H. i1 F+ k: [9 d( r
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
6 T: H$ A, \; x" d0 F9 uC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
" L! l3 y! _0 } { [! cC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
+ B w0 o' L6 B. f, F# GC:\Program Files\F-Secure\Common\FSMA32.EXE4 v5 I' \, I! a5 `
C:\Program Files\F-Secure\Common\FSMB32.EXE' _% |* }: r& u. T/ n% I5 \5 g
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe* j1 n' W0 S( ~. a/ o, K& H# c' a
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe7 {7 r" ?4 {+ F$ M! c! y# j; w y
C:\WINDOWS\System32\QCONSVC.EXE) b/ R- g. w H( B- F
C:\Program Files\F-Secure\Common\FCH32.EXE
. ^# L9 w8 _1 G" e2 t9 HC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe$ b1 x6 R0 c2 h, q3 q. ?
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
" w! `. \3 l2 EC:\WINDOWS\System32\TPHDEXLG.EXE5 M# F; d% N6 V1 A0 J
C:\Program Files\F-Secure\Common\FAMEH32.EXE7 C8 d; a, u$ _: M( S
C:\WINDOWS\system32\TpKmpSVC.exe
/ m- G' g8 M0 M% T( P2 ^4 _C:\Program Files\F-Secure\Anti-Virus\fsqh.exe! }: l0 O/ l, w& r& g
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
- M5 M5 C6 U+ H. X# ~% T6 WC:\Program Files\F-Secure\Common\FNRB32.EXE
# _4 {. K- {: q3 [7 l# eC:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
D6 m! O1 V/ w \C:\Program Files\F-Secure\Common\FIH32.EXE
2 ^+ N0 x# L) {+ l% _C:\Program Files\F-Secure\Anti-Virus\fsav32.exe) K5 p1 w. h" k
C:\WINDOWS\Explorer.EXE
! x x. N+ h0 F! U: [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
8 d5 Y* X* I) qC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
& F9 z; Y+ S9 ~& }( d4 I2 SC:\WINDOWS\system32\hkcmd.exe! h7 N1 C+ o! {: K
C:\WINDOWS\system32\TpShocks.exe
" f+ n1 ^! C4 v z: y7 zC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
$ q" z8 w( h* l! RC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
9 O! }1 U. F( ^: b. d; \# y* HC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe6 y: b H9 G5 D3 \
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe0 D0 R" `4 v, _; l; A. j1 I+ r2 p
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
5 L# ~& y2 g6 B( AC:\WINDOWS\system32\dla\tfswctrl.exe4 M/ |, G. G" z. P$ |% v$ B* ]
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe* J! Z) F" e E' [
C:\IBMTOOLS\UTILS\ibmprc.exe
' [3 J; _1 A# A* N% v4 O* G0 kC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
# y9 a: p6 m. V7 uC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
/ _) B) |5 m4 {C:\WINDOWS\System32\svchost.exe
, Q- @; T9 M T4 z- u; z1 b- m1 JC:\WINDOWS\system32\rundll32.exe
l) _8 i# m$ w; L1 }. WC:\Program Files\F-Secure\Common\FSM32.EXE
" L0 }. P+ j1 f5 ~C:\WINDOWS\system32\CTFMON.EXE
* r* E1 v$ e# Z) b/ lC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe+ { q# y2 V0 p2 p' ?
C:\Program Files\Digital Line Detect\DLG.exe
- x4 d+ e+ s" ]0 F( U+ iC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
- c0 B8 V1 p+ X+ P/ y3 m; yC:\Program Files\F-Secure\FSGUI\fsguidll.exe# b; `+ F6 S1 F6 q1 L& a) h
C:\Program Files\Messenger\msmsgs.exe
9 t9 r- H0 _% jC:\Program Files\Internet Explorer\iexplore.exe
: }. f. Z0 A* rC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe8 [, U; w& Q& |* W. Q" F
9 S) c ]7 ~, Q A, |O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
; r5 C7 l$ C" }O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1 x2 e; I' U1 A* i) W+ A6 e8 y0 y0 j# DO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe# ^* \& z$ g# L. C: A# |% J
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
3 S0 G3 K8 s# q& K" BO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
( O. `! Y6 m1 W5 _O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper# X1 }- H/ n# E0 Y& x) A A
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
. j+ F. z+ t1 u8 y) \ M3 xO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe' Y( K2 y; u4 @- n0 _6 F1 r- `
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
' g% K$ q/ c7 L% Y% i" MO4 - HKLM\..\Run: [TP4EX] tp4ex.exe
8 F8 ~+ y8 q2 a9 Q' xO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
7 z: W* Q! }# s* k4 d% p* nO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe7 ^6 \! c3 Q5 l% [; b% U( y
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray9 C, e+ c' W; J: H# V0 D( y' p
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r2 k6 Q; \8 D L
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
_5 C4 Q. t4 Q e5 }. J. L& H# uO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe9 L4 ~( h1 e: `5 J- a* J8 E% U& g4 u
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
& h3 P5 r4 a. y5 w& R0 iO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
; k- Q' B* R3 G# Y- W6 BO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE5 v3 Y9 G d7 A9 y2 k( o
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor+ y9 W; e" P* Y
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
2 {. W; r1 t5 M% @6 k2 BO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration328 ]4 C: b4 V$ |3 w E
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE2 T! Z G5 E, a# n4 k5 h4 B7 J0 B
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC' T2 h7 a& q4 |1 p7 f! n
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
5 Z6 d2 w4 X- K8 p. m# J2 @/ ^, W* CO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName2 y: ~: B K, I( C! i, A
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash3 w% j: y: C( u2 N. n7 o! F" _5 k w. E
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
% g- ]; K( f& MO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe3 K# b) o: ^9 k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe) {$ [, G/ C+ Z- D3 [9 P
O4 - Global Startup: Digital Line Detect.lnk = ? a) W6 \ l B9 F. }
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
- m- k' N, k% a) h% G. mO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
1 _. {# a ]% `) e/ N+ t; ]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll* V, |) ^* B4 h9 }! j$ }
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
. Z" X6 O: W" c# ~0 mO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
1 C' Q) {. i1 B- V" ZO9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll, E7 t5 G' k5 E/ i2 `8 g% j
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
; L1 j7 i2 W V; Z1 z$ `O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe; g+ \$ c ~- Q# G
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe* C( c5 c% P G' I
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
5 v4 Q% n6 Q( xO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll+ J+ Q: O1 n5 }, K H
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
" u9 `1 `' R1 h/ B4 ]O11 - Options group: [JAVA_IBM] Java (IBM)
. C& d- i$ B* ?; D7 j+ C' IO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll6 c1 [3 T; T& y# j; G
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
1 S; k& J3 e: ~; q& _O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll* q, `# ~! v5 {4 u, x* f- T. {
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll* [( k( j1 d3 k# o2 Q+ U- B% I
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE5 \6 b- A1 Q% a# g! B- B
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe B' k7 K# F6 h" M L) r- x
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
0 q- U: ?1 [- F, d4 e+ m0 OO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
" l7 ^+ K4 z) p4 H4 L8 AO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
0 A% W2 G3 T3 BO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe S) d) l4 d# q2 ~4 X
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
+ t; [* e6 S8 a$ V) x) N. K: oO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe( Y3 {3 ^0 W4 `
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
6 M& l I$ b! W: Q) a# {O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
+ F2 p! N8 j; x8 _! w& SO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)4 i1 j% h' A; d: t; q# q/ [
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
( ~+ ~& @' N# t$ r5 s' _% Y/ Y2 ZO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe! |2 n# ^% U0 ^$ V3 r
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe4 P/ t& U# Z' Q4 t
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe8 V# z. O' A! ^" _; W
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE7 p, k5 o% g* G" a2 {1 I4 M' }
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe7 n. p. i- ?8 g7 z. b
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
