 鲜花( 1)  鸡蛋( 0)
|

楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
: L# r- L6 }* G9 uScan saved at 16:55:24, on 2006-5-6
; c" T/ @* Y1 I* p$ SPlatform: Windows XP SP2 (WinNT 5.01.2600)
: K5 P& Z$ c4 OMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
) P9 m T# w! c6 {$ e9 |1 R. g4 k- p4 m9 n2 h& Q+ }( G9 o- D
Running processes:% ^: j( R+ ~3 p& M5 o l- y
C:\WINDOWS\System32\smss.exe
! z8 C3 }. O7 ?6 ~$ u0 ~C:\WINDOWS\system32\winlogon.exe
% t* `" E% \8 n9 Q7 NC:\WINDOWS\system32\services.exe
6 J: O$ g0 h7 C. S. D5 }0 oC:\WINDOWS\system32\lsass.exe" G5 K. U5 ^3 p' _
C:\Program Files\Common Files\Virtual Token\vtserver.exe: w8 h1 \% E6 N6 S4 D, ]
C:\WINDOWS\system32\ibmpmsvc.exe
% S/ W. `0 `7 }7 ~C:\WINDOWS\system32\svchost.exe
# N9 c. J9 ]3 o4 Y5 a! M& RC:\WINDOWS\System32\svchost.exe
, }( M; R5 E6 M {, {C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
$ X2 `, f# f% U. @C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
5 e0 ]8 p, s# mC:\WINDOWS\system32\spoolsv.exe( f, p4 N, A5 L. i7 S
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE& z1 e! L4 d) Q/ m) Y# T( S+ P; ?
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
1 p" ]+ v& C) L; {$ I- Y! @2 i( KC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
; Q4 n# w' \- D5 A8 IC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE# `9 x, w, Z/ y9 p' {2 ]3 b7 Y
C:\Program Files\F-Secure\Common\FSMA32.EXE
- I1 F2 d! C+ H. vC:\Program Files\F-Secure\Common\FSMB32.EXE7 S. V- E; ?4 R( L
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
N3 y0 r! R; m# y9 [; D# FC:\Program Files\F-Secure\Anti-Virus\fssm32.exe5 | z6 {& t, L0 [- X3 C
C:\WINDOWS\System32\QCONSVC.EXE4 t: C; }; @. R$ p+ C( [8 N2 H
C:\Program Files\F-Secure\Common\FCH32.EXE
( K7 v) u' y1 O( K2 bC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe: F( M- D# D$ P' P
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe$ p- A/ x) y2 M" I; Y3 n. T. r
C:\WINDOWS\System32\TPHDEXLG.EXE' D& O: z) d' \) L- P
C:\Program Files\F-Secure\Common\FAMEH32.EXE
3 _% G' r$ z* ^# @ KC:\WINDOWS\system32\TpKmpSVC.exe
9 a* I( B; r) C6 t+ Q' WC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
' C$ Z+ w0 \+ O8 hC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
# ^' w( N, d/ v4 v* A5 x" E: S& `C:\Program Files\F-Secure\Common\FNRB32.EXE3 f5 y {$ }8 R
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe, I% Z/ K, @: ]& i% c
C:\Program Files\F-Secure\Common\FIH32.EXE7 u$ b: Y& J- C! @& e" V; l
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe6 R, R4 f, G$ v) W3 M, {2 x/ P
C:\WINDOWS\Explorer.EXE2 v! P E" X4 p
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe+ |- Q" V; N: L# J
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe, d7 J; `5 j c
C:\WINDOWS\system32\hkcmd.exe/ H& b' Q: U0 j/ @' P4 Q9 Z
C:\WINDOWS\system32\TpShocks.exe2 B# _' }; Z7 W5 K. @2 \
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe, d, n4 |3 N) T; b* J
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
z/ Y% b `2 ~2 K8 ZC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe8 E; {5 A% A* j% Q) ~5 U% S+ X [( X) h
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
4 T8 }6 Q& R2 W0 d3 J/ n: PC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
K% v& L' I0 R, O, IC:\WINDOWS\system32\dla\tfswctrl.exe
1 C- T& Z" R- i* u8 ?C:\Program Files\IBM\Messages By IBM\ibmmessages.exe# B% r: W1 b+ W- l# t+ C
C:\IBMTOOLS\UTILS\ibmprc.exe
' C4 E. y7 Z* h8 mC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE s% _. O" i- }
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE2 i5 m0 ]& L7 h, N0 C8 L' R1 c- c
C:\WINDOWS\System32\svchost.exe
3 M- q( I1 C: }: j4 OC:\WINDOWS\system32\rundll32.exe0 K5 S, S. c5 w- W2 n4 D
C:\Program Files\F-Secure\Common\FSM32.EXE1 U; ?3 q% ^2 E+ w
C:\WINDOWS\system32\CTFMON.EXE
5 R- l8 H. n. T0 ~- U6 _( XC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
# d8 s& J; Q5 j9 C6 ?C:\Program Files\Digital Line Detect\DLG.exe% p/ j( }+ s' ]1 X
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
- h. a O( F) {8 ?5 n8 SC:\Program Files\F-Secure\FSGUI\fsguidll.exe
2 _ }. [+ Z. G. w! h# \8 t; uC:\Program Files\Messenger\msmsgs.exe
3 \: _1 s, V# Y) w% n `" i. v8 c. ZC:\Program Files\Internet Explorer\iexplore.exe3 U8 o8 ?% h% ~! p# J2 Q! K
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
8 R' l6 s! r4 X, y5 f" [6 w5 c
$ l# H, c" W+ S# DO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll- b- c J/ X1 q3 r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe# q9 x5 W1 k# S4 k! R* R
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4 g) m8 W. m# e) MO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe- ~ R. F! H, U( O
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe4 u0 P; w5 q1 N# {7 S# m
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper1 l5 R( B( m4 t2 p# o! P3 B+ k y. ?
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
& s1 t8 _( U2 VO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
) n, q% S- a- _% x& u# Y& D# `O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
% S) a3 ]8 y, sO4 - HKLM\..\Run: [TP4EX] tp4ex.exe
2 t; A1 m4 J3 ~( ~9 `) O7 ~O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe/ L8 @% c) x; S' C- |5 U6 j1 U* W- k
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe9 t# L7 | b) { A" p# d
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
]+ T* R- C5 h( f& `% EO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r8 A' {+ F6 j: ^, ?! Y! C
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
: V. N- h! z) YO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe0 x8 b" }9 {" T2 I$ M
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
! [8 q, I" A# _; iO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
+ f' g# K) _4 M1 ~* x$ t2 c, GO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE1 g" o6 L- _- ~3 x" ^% M6 \0 X
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor0 P) h& S, K, M, L. f3 q1 Z1 {
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
- H& O0 b( }2 u& KO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration325 F' p3 q( T+ {8 M; D3 @) W
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
) Y/ V& E* Y/ d6 N- r, fO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
& d8 p1 w: |' z( H& r7 G2 S3 R2 kO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
$ a( [* x. f* r% H# ~7 _- \O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
' ~) c4 D o" Z! V4 z4 _2 F' ZO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
2 F* s! H2 e8 ~2 r, u# HO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
( z: o, T& S8 c1 BO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
2 i$ k$ D. w5 |% n* y) `! UO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
J/ {8 y& P$ ?5 TO4 - Global Startup: Digital Line Detect.lnk = ?' _; _5 [. W. Z, g1 ]
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe. I6 o2 `- m( J5 Q0 F1 q
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm# U/ z) K% z B7 i9 p) r0 x
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
1 n% d& P7 s/ X* C8 _1 m7 O( DO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
* K. e- f! d' T2 QO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
; V+ _7 @# ]$ N7 |O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll' j* V( k4 J& f7 \; p C. J, ?
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe% g8 ?, Q0 n* D0 @$ q; R0 j& L
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
% d/ _( q B4 Y- OO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
4 z4 Z8 |, L( {8 O7 nO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
+ w8 D2 _6 S# G# l1 |" {7 Q7 |' xO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
- P% q: m3 K0 d5 j3 M' BO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
! m& N/ A# u$ `$ k3 C" r/ |& _6 JO11 - Options group: [JAVA_IBM] Java (IBM)
, B2 i5 r& j# l8 P2 o1 O$ QO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll% _0 F i: L: w, h o( W0 P0 R& z
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll1 s4 q* \. S7 }
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll% Y+ S4 E% z7 }" n2 e
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll' x% M# D, x/ i( ?
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
' [3 U a9 K& ^( L. fO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe# x0 a0 H+ p4 M% H! P) ~" q4 \
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe$ F7 T4 p. O4 b& J
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE* u7 ]6 v. Z6 w9 w! x
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
; G2 ^" v1 T' GO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe* }" P' V' H+ n7 [. ~) V8 m, o" \
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE" j! w2 m5 b% y
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
$ u3 G( ^; c% L% I9 ^O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe+ X: X8 n# l+ t
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
& P# W0 ^4 y5 E) I( iO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)6 C ]& v9 s) Y. b0 V
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE' C* H5 \ k0 E6 t1 _
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2 A p6 w; y9 WO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
, P! ?7 s7 N4 k9 ~8 pO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" c2 X0 Y/ x: S
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
8 e: ~$ u- H3 p5 \0 [8 f) qO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
: D' M/ I$ e, v% V( H( ]) g iO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|