鲜花( 1) 鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1! ?+ k5 }/ e2 I+ a r
Scan saved at 16:55:24, on 2006-5-6
- y5 e! J+ u! v2 fPlatform: Windows XP SP2 (WinNT 5.01.2600)
: n3 u3 H7 K, |* i* q) D3 S7 ~MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)9 h) l: m( a) g. O; r3 _. ^
2 l! k7 i; A. o, j6 a4 x1 A1 DRunning processes:0 b: ^1 V! i3 a% f' N% N4 p) p
C:\WINDOWS\System32\smss.exe# y( ~5 V# F8 ~: R! _! {
C:\WINDOWS\system32\winlogon.exe; V9 }0 Z( K) n3 D" C; |9 I
C:\WINDOWS\system32\services.exe
3 Z: h, d7 x* d2 [C:\WINDOWS\system32\lsass.exe
+ V: l- Z( a" q5 @C:\Program Files\Common Files\Virtual Token\vtserver.exe+ e- a' f% K, ^# ^0 S7 v7 n6 l4 H1 `
C:\WINDOWS\system32\ibmpmsvc.exe
; r3 I1 S ~6 H5 F2 n" w2 p' R EC:\WINDOWS\system32\svchost.exe
0 x2 Q$ Y& h+ v5 ^C:\WINDOWS\System32\svchost.exe
9 I. |# }7 R3 p( ^5 MC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
( S4 M1 ?0 K. ~9 HC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
3 b1 p5 z- }; q) a) U, Y4 uC:\WINDOWS\system32\spoolsv.exe
8 G0 ^( o! W* D. jC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" W5 x2 ^6 j3 b- t8 `8 [/ f/ y
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe( L7 u% p n& K" C, n! R
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
+ V' Q& {+ _5 O; \0 ~7 bC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
' Y( M) U) i1 \' \C:\Program Files\F-Secure\Common\FSMA32.EXE
# ?7 Y6 J4 l# Q* y7 h$ u; dC:\Program Files\F-Secure\Common\FSMB32.EXE
7 V& j' E; T. }1 z! qC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe6 P& [4 Q/ f, j- U4 S f& Y: q
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe# A& S' [" ^. ?# E* o5 X
C:\WINDOWS\System32\QCONSVC.EXE$ J- x& N: V7 A
C:\Program Files\F-Secure\Common\FCH32.EXE
+ J, Q @0 T% l1 m6 l/ ]C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe$ m" h9 `' q: b" P
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe4 y+ w9 r1 @# F( k3 h& d
C:\WINDOWS\System32\TPHDEXLG.EXE
0 |% Q- U2 m% N6 E- A$ kC:\Program Files\F-Secure\Common\FAMEH32.EXE# r1 Q. f" Y3 q' {: ^0 L
C:\WINDOWS\system32\TpKmpSVC.exe
" y5 l2 ^7 d/ l/ f) M: \! iC:\Program Files\F-Secure\Anti-Virus\fsqh.exe4 ~9 Q9 ], c3 y
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe3 Y% j- _& R7 y* H- m, U5 S! g1 y1 ^. w
C:\Program Files\F-Secure\Common\FNRB32.EXE5 q3 @1 K w9 E* Q `$ C! O% g: Q
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe& w3 q6 U, [6 p( p
C:\Program Files\F-Secure\Common\FIH32.EXE
9 D2 h) U8 j0 JC:\Program Files\F-Secure\Anti-Virus\fsav32.exe. z, \$ I. T7 F- U- S ?! f
C:\WINDOWS\Explorer.EXE
: ], O: x% X# }0 Y* _+ FC:\Program Files\Synaptics\SynTP\SynTPLpr.exe# H3 ~8 g3 M8 j4 g7 g' h
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
7 J9 ^9 j7 n x) k, @7 L3 tC:\WINDOWS\system32\hkcmd.exe
2 n! c1 P, N% v- p+ DC:\WINDOWS\system32\TpShocks.exe
/ p3 `4 g t6 z3 u$ \% n8 C$ U. b6 @C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe& \# x' W7 z( h# H; Z. A- x5 i" x
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
" {0 x0 ]/ |2 z; Q# F% l1 uC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe( v+ Q1 G( a! M& x3 c$ `- @
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe8 O+ T& @. Z0 {1 {
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe5 Y) `& s' w2 J* S6 S! L$ n
C:\WINDOWS\system32\dla\tfswctrl.exe
% \( G) J0 p* C& x- N$ \ S |& yC:\Program Files\IBM\Messages By IBM\ibmmessages.exe+ t$ y: ^4 w4 s5 B2 y
C:\IBMTOOLS\UTILS\ibmprc.exe$ I3 C3 |; p) ~+ D0 N' y, f; l
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE1 @4 \, p# |% k0 t
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE+ O" T; ^7 a1 Y' @6 ?* z# n( E) g1 @
C:\WINDOWS\System32\svchost.exe. d5 Z: ]4 J$ e% }8 K
C:\WINDOWS\system32\rundll32.exe
$ S8 a8 N0 _* F7 Z1 W+ kC:\Program Files\F-Secure\Common\FSM32.EXE
6 _# o$ T. e( D& pC:\WINDOWS\system32\CTFMON.EXE$ R" ~: K3 Z) e
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe, t4 }* @& m( R& A" ?
C:\Program Files\Digital Line Detect\DLG.exe
2 Z# m* n: K8 [* m) a$ U# O8 d( wC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
. k# [7 W& o7 U) N" ^C:\Program Files\F-Secure\FSGUI\fsguidll.exe
0 _1 E$ e# ~8 z4 _, r1 N4 s/ ZC:\Program Files\Messenger\msmsgs.exe: V* g- p, B* {6 \
C:\Program Files\Internet Explorer\iexplore.exe* H; G( z1 I2 P
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe$ H0 e O3 o- B& q
/ ]; x) F. h1 d/ ~" ^9 BO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll4 N0 O/ T$ ~/ C8 ]* w
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
# d2 i c. T- b7 b! Z$ [+ C( @O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
# ?' R8 X: U. e& X) ^O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe, D" F ^: |- E5 g0 l: Q- b
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
9 p. ^# E" H8 l: K% S4 z* lO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper2 q9 [# _6 B4 g/ N" H, i
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
3 l m% m4 k' l' Q' DO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe) q5 [: r# U. ]" A7 `7 t3 [4 r9 D
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
) U0 i2 ?% O1 e' S1 RO4 - HKLM\..\Run: [TP4EX] tp4ex.exe
" `, g; R4 T- A: YO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
( _! a. [/ g- J- C) G$ jO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe! A: K1 [( h5 F0 T5 \& N/ R8 P
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray, |2 ^! [! B/ Y( C) Q* x1 P( x
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r$ q5 v& O- q0 ?
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe, G' U) r: O: t" O( Z
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe. t" {, ~+ `# y% F
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe; I9 m# W4 x0 S+ s
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
1 x8 N$ d& `! H7 MO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
% X- r0 v2 L1 y1 m% [O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
& o$ u5 J" K: G4 Y8 }( @3 g l" WO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
: S( [7 W7 ?1 l# o. ?O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
' ^0 I; y' o* s: ^7 Z, vO4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE: [- u6 d1 Y& J _* b' {
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC, q# Z/ y' ^5 \% i/ v! m& l2 V
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC# h/ U% W z* N: T4 O# q2 a
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
" a8 |! u& C4 z0 a0 JO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash6 h, h! Z6 }7 I) X- j z8 p& {, i Y
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
. A/ k9 W; R9 [6 X& d* |O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
; T7 w+ M8 r+ w. [1 p$ | pO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe$ \2 z8 d- H: r/ R2 q- X, H
O4 - Global Startup: Digital Line Detect.lnk = ?
; S# w: U* Z0 K. X: j* C' t; rO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
0 e- m0 T9 V7 x& h5 \% D1 L# mO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm% l1 u; o+ ~6 X6 g6 A
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll: D* z! S$ @( `. A% s
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll1 G1 o8 z) q: f! D* D1 }6 d! q
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll4 K9 r# e7 m& f' {4 ?$ c1 F( X) E
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
: Y; O( H0 U5 [7 \; UO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe& e1 I+ _: _7 }, x7 w
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe' h6 |& ~; l/ P7 `
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
! ~) ~; b4 W. |5 {$ c$ v- O9 eO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
$ L! p- f6 ~! V7 }O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll6 x8 N" K. U4 q7 n
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll* z* f$ U* q* y7 ^/ ]& c9 _
O11 - Options group: [JAVA_IBM] Java (IBM)
% [; L/ \0 [2 I* ?7 M! BO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll) W. x n. L- q& I5 D) r C' z
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
- p& w/ C0 r* p$ K7 MO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll! r2 N Y; e/ a& r* ]0 n' N
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
, d3 L' `; D4 yO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
1 @+ z9 V4 `/ { t7 vO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe# J3 H2 g4 b9 M" _. ?3 M( g
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
& A# A1 G8 k, C; l6 O, J' G1 x" HO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
1 T5 d# q8 ?. {$ DO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe& ~7 L. Y, M" [, U
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe8 j2 w3 \" A7 Y: Q6 s0 T
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE3 {1 B2 P# |4 s- r) S+ L: [
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe3 b$ x8 j$ b7 V2 l1 k. X2 G
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
& A8 S$ H( m$ \) @$ }O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
7 h# l( k0 E( e& P2 Q9 n2 |; o. z% A, ~O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
( m3 x9 S/ |9 j! kO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
0 m, x1 A4 g0 {7 OO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe/ G7 w1 n3 _4 S: t; k6 }7 D
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe) }" I- W# \1 u% F$ t1 A) @
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe, E3 F4 P c! `6 M# i
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
: p9 r- @- _: k/ ~O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
. K' C4 ? @2 }1 xO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|