 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1+ @- K( c) y" j) M* Q8 g( M9 t0 p
Scan saved at 16:55:24, on 2006-5-6 O$ v: o: l% F
Platform: Windows XP SP2 (WinNT 5.01.2600)- j4 I0 n- {6 ~( ^# x1 b Y
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)) B+ V1 w0 e+ J, @4 A* t
- ^$ C$ e# g8 M
Running processes:
* T! t. v1 G8 }, b9 LC:\WINDOWS\System32\smss.exe
, ^& y& ?* G# T4 t! Y3 z- l+ v) \C:\WINDOWS\system32\winlogon.exe0 y! |. _; @$ Q. a
C:\WINDOWS\system32\services.exe5 {; L3 I" a1 J9 q
C:\WINDOWS\system32\lsass.exe
& S V- H2 o* T0 z% U; ^" xC:\Program Files\Common Files\Virtual Token\vtserver.exe
5 d1 U- X3 w# G; n9 FC:\WINDOWS\system32\ibmpmsvc.exe& }* H: ]7 }! q) v
C:\WINDOWS\system32\svchost.exe8 I! T7 U, v; z0 U9 N
C:\WINDOWS\System32\svchost.exe% f% m, O1 d. Q; \
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe. j* ^6 I. z3 \$ V- g3 @# C
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe( o; K. `% \2 l V
C:\WINDOWS\system32\spoolsv.exe* |4 U+ [" j( R3 U, x
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE! M) `: l5 S6 P5 ~
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
4 ], a h: K0 i+ N9 q ^3 `C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
6 n1 K. [6 @. n4 U; g; AC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE% Q: G! _- l/ a" v, G0 \- z
C:\Program Files\F-Secure\Common\FSMA32.EXE: n' l3 i, \# V: E6 w) ~# | `
C:\Program Files\F-Secure\Common\FSMB32.EXE5 `1 `+ w- @& f8 y& d0 ^4 l! c
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
& B* I: j# h, r" {1 n4 L9 TC:\Program Files\F-Secure\Anti-Virus\fssm32.exe# b |$ Q3 P5 T! w8 q7 |
C:\WINDOWS\System32\QCONSVC.EXE
+ P; `2 N- _( A8 iC:\Program Files\F-Secure\Common\FCH32.EXE
6 l" v1 |$ [: T; v7 EC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe& s0 k. b7 ?5 _
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe; a! k9 \; I9 h9 ]/ c! B1 Q
C:\WINDOWS\System32\TPHDEXLG.EXE
) }- |2 k; y% L P* h ?C:\Program Files\F-Secure\Common\FAMEH32.EXE( P1 K+ P! K; a- h% z2 o
C:\WINDOWS\system32\TpKmpSVC.exe
8 F i3 A0 B% t9 U' WC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
5 Q. t Q% _' k; ~. bC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
6 b! c! X7 n3 \9 B, N$ H% A5 uC:\Program Files\F-Secure\Common\FNRB32.EXE) `' S5 S& S7 m7 F
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
# H5 d1 J) ?6 c% L0 O% ~' T' Z9 AC:\Program Files\F-Secure\Common\FIH32.EXE0 E0 T4 v! q! @4 o. [3 W' ^
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
0 u( y$ S% ^; N }" O3 XC:\WINDOWS\Explorer.EXE0 r6 I- ?5 W" g- f9 n4 I
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
`, Z6 D9 e6 n0 f2 r4 `: \C:\Program Files\Synaptics\SynTP\SynTPEnh.exe* d2 A( d# s4 q8 u7 r
C:\WINDOWS\system32\hkcmd.exe
! x4 M+ b6 q3 s6 C5 X' k! G8 }C:\WINDOWS\system32\TpShocks.exe! @7 a+ Z+ t) A6 L, X( A# l; u# c
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
" y" F, f6 Y) R' H9 f) ]* jC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
( g0 z4 U* B, ]C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
/ Z" h* S* r4 J( s' `# BC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe7 K2 ~2 ^ `0 Y3 Q- e
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe- G! \# W. _2 K( ^ W7 [: z c/ D
C:\WINDOWS\system32\dla\tfswctrl.exe
* ^( X& e6 `. e( \2 V4 rC:\Program Files\IBM\Messages By IBM\ibmmessages.exe0 }0 D* [9 K, c
C:\IBMTOOLS\UTILS\ibmprc.exe, C1 U6 s. B( f3 K$ B
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
- A3 F3 i2 X$ H9 \) qC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE5 Z- R4 a' J' |! @% c0 C3 o6 r
C:\WINDOWS\System32\svchost.exe* d( q- X& w, w0 i' F/ @6 F
C:\WINDOWS\system32\rundll32.exe
o( P2 b/ z% I1 uC:\Program Files\F-Secure\Common\FSM32.EXE; Q* h: P$ N: x! g
C:\WINDOWS\system32\CTFMON.EXE! j8 V0 p k0 u9 \
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe0 i3 v3 e. ?; o8 Z q4 [5 j% e+ w
C:\Program Files\Digital Line Detect\DLG.exe
* i4 \ o) S: s( R& ]+ x% ?C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
, w! K. ] K) c, \9 G5 h( `C:\Program Files\F-Secure\FSGUI\fsguidll.exe
2 U$ ?& G2 C" H+ M, TC:\Program Files\Messenger\msmsgs.exe% p9 E4 d5 Y' A
C:\Program Files\Internet Explorer\iexplore.exe
~$ r: N* \, U; d' Z3 zC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe# k# z( [( h0 G" B
7 O) q$ b I( N' q$ Y- d
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll9 C3 c0 B1 r& ]2 O+ {# T7 _$ A m
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
' b) m1 L% x: T. l) YO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5 H8 p+ J* g3 h# ^O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
' a3 e; I4 P0 H/ Y/ P# _) |/ F7 }1 G5 MO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
# K: f! ?# ], ~7 k8 c7 ^1 G/ D5 nO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper1 ^' ]5 s a' h7 h( ^
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
% M9 l. ?' o6 {' w' U8 zO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe7 v9 e- m' a- n& o# y
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
! G: M! G! Y' h+ r* `% q( H, S3 |O4 - HKLM\..\Run: [TP4EX] tp4ex.exe: u8 x& {+ a/ W8 {6 @$ J6 ^
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe8 n1 j3 a- x$ v3 y# L; ?
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
8 _2 X+ \. v( C* AO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray9 Y. U/ w% e$ \$ h
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
& Z0 ^* J) [7 b" x! ~O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
/ I9 U2 K1 y: v2 `O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe9 @+ x5 n$ k$ t4 r2 ]9 a
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
- M( r x' A1 tO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
* ?4 S1 E6 q% F( Y- {- I; j5 J) M) bO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE) a8 k4 N/ {8 L/ ~" C1 E
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor, H* K+ }2 d8 M: D
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
- M. f/ }, @. O. p! |O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration326 I4 a' {8 A( L+ @ P6 N3 ]- ~ A2 ~
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
1 R; Z% K3 S4 h0 S8 tO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC& d$ Q( F7 |) s/ ?+ O2 d$ @
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
5 T- j$ N5 w& U7 k" S7 ]9 ^O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
5 D/ E" G, Z# T- ~2 @O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
9 x' \4 j8 _9 S0 ]" n" @" F* g6 M7 ~O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW4 ^2 C- \6 u: B. ^/ d+ j% J& |
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe, E% U$ _; D9 g* w0 n9 T% Y
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe1 F% Y$ n5 k$ }4 }- W) _; o
O4 - Global Startup: Digital Line Detect.lnk = ?8 L0 g* n) S# C8 v
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
7 h) J, Z1 f" g# vO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
2 D' y- A# F# V$ R+ m: gO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll# F% x0 `9 ?( @5 Z+ n% t
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll$ R C$ L0 Y/ @1 L$ P- |
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll S+ `+ n$ M& p' M I2 o$ R
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
; [& D! c9 v6 _9 fO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
& Y# {& x/ ^% zO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe8 w& y1 S& ^/ E
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* p5 G1 @, D Y# L' ~O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll8 E- P' ~2 }( g/ Y4 l1 i q3 x% W( w
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
8 e. C- m8 c' W3 b" GO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
7 g9 u5 y2 B( r- f8 l0 x: MO11 - Options group: [JAVA_IBM] Java (IBM)# d% f( R) }3 P5 j8 a
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll& Y1 {$ F; G; x' O
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll {% W5 ?' K6 o" J# j
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
' u+ E( g6 W+ U0 R/ b7 TO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
' d2 t+ ^9 Y: P6 LO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
; a# }3 R6 P5 W0 x7 j! ~" Z7 k, _O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe! C/ z/ S9 W; P: S* q- {
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
6 c4 v% A) ~0 N* ~' [, x6 WO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE4 B# z! @1 Q# I, @" N# z# ^1 W) ^
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe: s, D# y0 e, D8 b
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe) F/ @/ y& F9 H$ v q
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
5 |1 g9 ~/ H$ S9 vO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe; C: H$ p3 B, Y
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
- T7 u7 P5 n) g, AO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe4 C, U: l! s: U M6 _0 s
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)( i' k W4 y8 H% Y
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE* J- R% |+ O7 ^" o- g% l/ ]* p U
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
# e7 k ~1 e! d2 d( _O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe8 a7 F3 g& R0 l Z; d, F; f. D+ _% p4 Y
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
4 X9 W2 g9 V7 AO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE! x' b. O% c0 Y( w+ r
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe7 N, Y* p0 y2 Y( B
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
