 鲜花( 1)  鸡蛋( 0)
|

楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1) N$ I. r$ g/ r. p( m
Scan saved at 16:55:24, on 2006-5-6. n6 Z( {$ U; w Z4 P+ H5 B" o/ \
Platform: Windows XP SP2 (WinNT 5.01.2600)4 i) E2 g2 r' b. [8 f6 Q; x# ~9 C
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)- y6 K; p) A, \) z7 A5 M6 E
% O) w: b) x& t: Y9 F0 DRunning processes:
0 {" Y3 L% Y; j* c, I/ j! g. dC:\WINDOWS\System32\smss.exe0 Z$ @9 h/ Y. a3 _9 G) @ ]
C:\WINDOWS\system32\winlogon.exe
$ t& X2 _ v# ^' _C:\WINDOWS\system32\services.exe) k+ o6 R/ W2 L& K9 t1 c7 ?
C:\WINDOWS\system32\lsass.exe1 j4 v8 G6 H/ p2 T0 }; r1 \
C:\Program Files\Common Files\Virtual Token\vtserver.exe
9 e% A; o+ Q! @1 QC:\WINDOWS\system32\ibmpmsvc.exe$ Q' _; ?6 t) R8 m5 E
C:\WINDOWS\system32\svchost.exe
( C& w5 ^& b$ M# Y% ?" gC:\WINDOWS\System32\svchost.exe
9 L+ i. ?- ~* R7 V. K6 M7 LC:\Program Files\Intel\Wireless\Bin\EvtEng.exe. A' i. Y5 w* {- T
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe: y7 g, \4 c: @: o4 [& V4 x
C:\WINDOWS\system32\spoolsv.exe
; s; b) b! ?; z! G# K: HC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE5 Q. }7 o4 N4 n0 Z( y
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe- t9 P( t9 H. a) b
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
! Y" T( B, c( W( L2 iC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE5 a9 X- R8 B8 h6 b# g8 h
C:\Program Files\F-Secure\Common\FSMA32.EXE N) H8 O5 @5 O3 p! c# }
C:\Program Files\F-Secure\Common\FSMB32.EXE2 E6 k) {0 Q1 h/ t' e; N" w
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe1 O- C. o. P7 L6 c4 z
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe& \1 R6 @2 r% g
C:\WINDOWS\System32\QCONSVC.EXE" q( o" u9 f7 s% X
C:\Program Files\F-Secure\Common\FCH32.EXE
' D! ~" b- a/ w0 }2 G9 wC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe- N) Y$ l' f }6 Q
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe/ b* V. _1 a! q S. {- c: {. c
C:\WINDOWS\System32\TPHDEXLG.EXE
: k4 G& z! b) Z3 BC:\Program Files\F-Secure\Common\FAMEH32.EXE
8 x, \" q" K6 u* Y' ]" K+ N, EC:\WINDOWS\system32\TpKmpSVC.exe
' y" N% `7 }& B# J7 S& V. AC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
9 {1 k# D+ n) C* R5 vC:\Program Files\F-Secure\Anti-Virus\fsrw.exe) n# V" h8 e5 h5 j8 u
C:\Program Files\F-Secure\Common\FNRB32.EXE( F P$ z" k# H* t1 i) | f# v
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
- M, b; q. e6 P' f4 N/ i1 ?/ bC:\Program Files\F-Secure\Common\FIH32.EXE) z" D# J% @8 C
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
# Y. T8 g1 t) L4 Y' h, HC:\WINDOWS\Explorer.EXE
( P! S' j. P( CC:\Program Files\Synaptics\SynTP\SynTPLpr.exe
# P1 N4 y* z# d* q/ z- ^C:\Program Files\Synaptics\SynTP\SynTPEnh.exe8 W" I' |3 `/ S7 z9 K
C:\WINDOWS\system32\hkcmd.exe
- F$ Q! q+ h1 \( f) [C:\WINDOWS\system32\TpShocks.exe
% [5 ]. d: o! K2 ]1 {$ i+ i# wC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
! A# q# _8 I! M$ {C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe$ f8 v+ x5 Z" |0 s8 Z
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
" L v$ M8 k- b) j$ a+ TC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
6 V# f: @/ ? x% P& l, G3 }5 zC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe$ M! r& ?7 w) |& L0 c* j, I& z( @
C:\WINDOWS\system32\dla\tfswctrl.exe; ]1 S% L' y/ `1 b, `8 u
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
. R4 u) ~% F/ ]( T% Z2 vC:\IBMTOOLS\UTILS\ibmprc.exe
2 v8 Y4 @9 `5 c( l7 ]C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE2 N6 H: j9 L) V4 h. s$ p; D0 L
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE2 P+ | i- V9 }. m, E
C:\WINDOWS\System32\svchost.exe2 L' d0 V4 }6 W: R3 ?
C:\WINDOWS\system32\rundll32.exe
1 |" W$ }3 z- H+ T, V% q3 ^- wC:\Program Files\F-Secure\Common\FSM32.EXE% ~. h9 K a% r8 _" m4 A# Y
C:\WINDOWS\system32\CTFMON.EXE H4 n: H/ u9 H
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
7 I3 Q( H" F1 ~, F% fC:\Program Files\Digital Line Detect\DLG.exe
7 y& b( x( T% p8 [- _, bC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
7 V }% r. N# r; jC:\Program Files\F-Secure\FSGUI\fsguidll.exe8 s% b' i4 Z; f) [# n- Q
C:\Program Files\Messenger\msmsgs.exe& _$ v# B5 b, q9 ^7 ^/ t
C:\Program Files\Internet Explorer\iexplore.exe
1 A: Q/ ?2 R Q6 `/ q7 r$ bC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe: m4 C, P8 o. W/ E: n
5 _" `+ G& X, t9 M% vO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll h% f: K( c j
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe- w f- f$ S7 _" x9 s
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe/ ^% R8 r- z7 ]4 g" W+ y7 i+ Y
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
" N [( o# Q& J4 i7 Q* n- o9 ?' q# D' FO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
+ D. {* Y& B1 n) X% D+ CO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
+ Y! y% W, M2 Z9 PO4 - HKLM\..\Run: [TpShocks] TpShocks.exe B# Q5 R' [4 I1 B- H
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
: }- i" e2 Y) b+ VO4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup( [ W; V; w7 b7 G/ v
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe' G6 g; t2 M* C
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
V/ {0 Y; r. N; m" U8 lO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe4 D& X9 ]0 }: p& C
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray) n5 o4 t" C" N' o1 f
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
, n9 T) D4 \. Z3 V* EO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
1 V* _6 O1 r h- _6 O- }O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
) ]6 H" R7 `4 m2 x, wO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe# t+ `/ l/ s; H x4 p
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
" i+ x2 E' K" i% |- F9 I! }O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE! ~; _% l/ H/ g$ c5 B
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor/ C5 x* I. W0 g, D9 s7 t0 N X$ I
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog9 H3 @2 U! O: [6 M- _
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32. ^0 g7 ?% { y8 q" y j9 z) A
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE/ q! X9 h* R. n( @" H; a
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC4 M" w3 n0 {4 j5 E E; E1 {% l+ J6 N
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
% y4 X, h' u& r; hO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName& l8 {' n9 [0 X. s. L: v; V
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash7 i5 z( E( V9 O7 G* J
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW! K& d1 L( U7 v* M
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
( f( q# h2 p2 q) W* Z9 iO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe5 a2 s) q' _% P
O4 - Global Startup: Digital Line Detect.lnk = ?
4 j" R5 c) o& \O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe9 o1 {7 o- Q" {
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm: x# P$ u5 n. n R4 N4 F
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
' ~8 b8 g& h Z. ^% UO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
6 W4 k! ]! ]. ^# j% O8 jO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll# p0 q: g! L2 \+ R o
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll ~: H2 D2 S4 ^. D- J. O) H
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe) \4 C6 ?- k! G& g( k" Z
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Z$ R+ @8 b6 i& j0 D; }
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe7 {) h0 ^8 X( q8 ^: b: N* ^
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll {$ z$ ?$ r! w0 L/ Q+ Q/ J) |3 b
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll; M: y+ X; t$ N4 {+ {5 x0 [
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll1 d8 M* Z& X( ~2 z; y( j4 @
O11 - Options group: [JAVA_IBM] Java (IBM)7 [& C2 W# w% [& ?& i( E
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
4 z, n7 |3 b# a2 u S. Y! [0 YO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll% q% K8 v8 \* Z. C4 J v$ O5 C
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll% A+ m7 c' R" j3 T9 v. k K: U$ A
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
, Q. r. G( X7 ]O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE, n- ^( H Y% m& ~( e
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe6 B3 U9 x% d9 N
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe. v$ b3 G1 T/ r. H6 n0 _5 P% y
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
8 w% d, M6 B$ L0 I3 D; d! T6 u' cO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
5 M+ J8 ]! N C. |$ YO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
- q+ ?4 G. t2 FO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
& u) h9 k! l0 D8 O4 H7 dO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
# D& V8 A3 O& s# ZO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe" v$ R, R9 S9 r4 k% ?
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" _3 `) D! X$ M: R! G4 j2 i1 h
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
9 C% z. x0 i7 `, O: Q6 HO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE/ d+ Y$ u; B. v ^5 f
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe% ~3 e! O0 y' o: ^% k1 Y# a
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
8 Y1 X* r/ ~3 H" p- R- j8 F* KO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe3 j/ p( i9 O# L
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE4 C; G" N ]) L! C! d( b1 j( ~" w
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
- u6 a+ k i* B4 E' t1 I: S: iO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|