![](source/plugin/floweregg/images/flower.gif) 鲜花( 1) ![](source/plugin/floweregg/images/egg.gif) 鸡蛋( 0)
|
![](static/image/common/ico_lz.png)
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
9 j# T7 j3 V7 i8 F4 N( tScan saved at 16:55:24, on 2006-5-6
( b# A. @2 u+ K6 p# R! xPlatform: Windows XP SP2 (WinNT 5.01.2600)
5 [+ L }/ w: P" fMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
8 @) E# z& Z: B b! H8 P! l6 x% d& i* U& @
Running processes:7 ^" V/ O U6 ?3 x( m8 N; d Y
C:\WINDOWS\System32\smss.exe; J& y, O" ^* t @6 i' Q1 L- \/ C1 D
C:\WINDOWS\system32\winlogon.exe
# e* J2 J* j! z5 h* BC:\WINDOWS\system32\services.exe
, K3 B5 {- g" a% J' l- a9 i, s9 {C:\WINDOWS\system32\lsass.exe7 f% y9 Q1 [ n& E
C:\Program Files\Common Files\Virtual Token\vtserver.exe
3 q* ]8 E: E8 \2 n9 x2 X5 v3 j6 ZC:\WINDOWS\system32\ibmpmsvc.exe6 p4 |4 m" E! {2 P& `: a
C:\WINDOWS\system32\svchost.exe
& _8 }+ W% w* Z7 ?C:\WINDOWS\System32\svchost.exe( t6 g/ w1 e v; S# x
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
8 r9 S& K1 i0 LC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe% D0 z7 k5 \3 T- d" i \, b% d. R
C:\WINDOWS\system32\spoolsv.exe
/ ]6 j' n8 ?% O& W9 p) C6 |C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
1 a$ L6 }7 @' v5 j6 W) Z* \3 P6 [C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
/ A; ^( X( B' d, `9 UC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe8 p0 u" L+ u0 m3 h3 `
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE5 L: s" w6 H/ `0 N
C:\Program Files\F-Secure\Common\FSMA32.EXE
6 L" M5 q8 f7 ]/ XC:\Program Files\F-Secure\Common\FSMB32.EXE
8 V) G P2 J( HC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe& H( @7 U* M6 k. D7 Y' c* l
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe2 l1 T- Z. }, v( T( ]* | h
C:\WINDOWS\System32\QCONSVC.EXE
i; X8 c, h5 H2 l8 Z1 hC:\Program Files\F-Secure\Common\FCH32.EXE; A5 z; E* D+ [; @
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
/ I* f- F' T5 w! R+ BC:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
. \4 t# p/ a1 }* \9 Z# jC:\WINDOWS\System32\TPHDEXLG.EXE
4 G- b/ U5 `1 p' ]1 Y( d: zC:\Program Files\F-Secure\Common\FAMEH32.EXE5 h7 t& E3 g" a# A g. _3 o
C:\WINDOWS\system32\TpKmpSVC.exe
; Q6 e( d! o: C$ K* S8 ]$ ], lC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
m% ~! ~2 V4 C* P) N0 E% |C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
/ p7 e! m/ X6 ?' m' ?C:\Program Files\F-Secure\Common\FNRB32.EXE
0 L* `# u8 K: ~# }8 j9 O& xC:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
! e# E; \! p$ U0 j( |C:\Program Files\F-Secure\Common\FIH32.EXE$ g& C2 g$ q6 V n' Y5 N" c
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe. c Q3 g; `( Y; b$ q
C:\WINDOWS\Explorer.EXE& K, m1 f O0 Y0 [8 j# x
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe7 L6 O! y) D `. B
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
n9 e/ @ Q. P" m7 q5 X7 `C:\WINDOWS\system32\hkcmd.exe
1 `1 S% `5 F" @C:\WINDOWS\system32\TpShocks.exe& I8 D) y; p$ I" | o- a
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
; t# L; O2 T2 z% q1 ZC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
3 g9 z! i" @2 r' [6 y. BC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe. t) j* u, Q, Y
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
$ \+ q2 |8 [! [' v1 e9 OC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe% S2 F+ E1 m1 s; V+ P
C:\WINDOWS\system32\dla\tfswctrl.exe b- ~8 S: j% l( Y R
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe5 V. u3 A8 K: S4 Y% D# j1 Z
C:\IBMTOOLS\UTILS\ibmprc.exe' W* N1 S/ C% t; o( {2 V
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE4 y, A' N' K1 Z/ m8 p) R' k
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE7 G3 b6 I. X6 m# q6 U
C:\WINDOWS\System32\svchost.exe5 u) i* ~- k4 ?0 l( ?& c. M
C:\WINDOWS\system32\rundll32.exe$ g3 M# y# |! B5 t0 e
C:\Program Files\F-Secure\Common\FSM32.EXE
K, x# F# b1 Y' l! nC:\WINDOWS\system32\CTFMON.EXE0 Z. ]$ L, T6 P5 S
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe, D2 |6 l+ ~# M( A
C:\Program Files\Digital Line Detect\DLG.exe
4 Z* f; s$ ^# V/ \6 ^C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
3 n" g$ h6 y6 g3 jC:\Program Files\F-Secure\FSGUI\fsguidll.exe
, }. z4 I& C* y: H) Z# R% aC:\Program Files\Messenger\msmsgs.exe
A% f; o; X) b$ VC:\Program Files\Internet Explorer\iexplore.exe) v. `1 y$ ?. c& v
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
$ c8 X9 j6 {% \8 L+ L0 F* v* O, |% K6 j8 w
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
0 E; r1 Q& A- a3 p ~8 A& ]) sO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2 T6 U6 Z$ d6 \$ iO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4 R3 a0 m& ~$ m+ \" t3 MO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe- t! ^ K8 \$ c8 C
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
. u* y* Z) ~3 k V# vO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
- J0 c" o" P7 x) ]3 D- K2 N- ] eO4 - HKLM\..\Run: [TpShocks] TpShocks.exe
! h4 A' e1 f: N- g3 A1 {' fO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe9 t; y7 E1 z( a% W" v. A
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup' e- u w, k$ \2 w- ]. |) [8 L
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe% k; ]0 ^8 T' l5 h/ a- Z
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe3 Z; t, _0 }+ m- Q) m8 A
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
' c3 K" e1 e0 g+ f& iO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
* e; q3 G" ]) N0 BO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
" M3 H+ u: z/ ]% `+ wO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe( V" d3 _8 L$ c. O, H- s
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
5 R. n' L* \: r1 }" x5 IO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
; M7 Z8 E$ G" c7 ?' T9 w e2 v2 R4 DO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE+ ]2 i' S% |( n8 s0 p, T6 w& d6 o y& p
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE4 T5 f/ K* N! `. k
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor, N; b. q0 @) T0 ^
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog) r" K5 S3 H3 e4 f) `( V
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" L& l0 f" T# n" @
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
+ a0 A9 o0 x: LO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC' L9 X' D3 Q) u/ [% L [; D# r
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
% w4 D. ]9 L+ P2 c( [8 bO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName, E/ k7 ]: H' W4 l+ L) F8 D
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash' [2 K0 l- b& H( J: l
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
6 ^% U- I; k" p6 J8 L v' O4 o( h$ g& TO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
6 J" T+ V- U3 Q% U, XO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe) K" Q; B& a9 R/ D* y5 |2 P
O4 - Global Startup: Digital Line Detect.lnk = ?3 O' u5 ?, F$ f w( |" @7 y
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe" ?. m- b! ~/ X$ u* @: ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
2 F* W. N3 n& i* C M7 J8 uO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll) j- B2 [0 ?. X
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
' W% F2 B8 c, s' ]( h, vO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll2 J6 p, W. b' e' K: W D. q2 Y% F
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
8 s* I/ A7 K9 f& oO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe6 m, M' W1 ~# ~6 Q
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
) ?; F5 y# n. w3 G# @; M- iO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
# q3 }- p( |/ Z! p& fO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
' C3 Y2 Q+ y( v: ~0 A+ \; C: rO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll M5 o8 f8 n8 W6 w4 ^2 ]" _
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll' i7 ^$ u P* W0 @/ J
O11 - Options group: [JAVA_IBM] Java (IBM)) ]5 p3 i+ P$ d" r, t, n
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll% I3 ?' j- @ w
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll z2 N) E+ n. X# r, Q0 y
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
8 o% }) k7 w6 i' l0 JO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
$ L _; v' t" s3 n! {/ b( G! M# H$ U& uO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
- r% A' i3 m, I7 QO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe; x- _- z$ s0 M% Z+ f. _+ v/ T2 G
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
# ^1 x( w! s, VO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
6 j Y6 F* y! iO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe8 D! Q$ S, ?- z2 g! K7 H: j
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe5 x4 A! n* h6 q5 q0 V
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE* V6 ?& j* ^- K- R
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe; h' d- g5 L1 X: f0 v
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
2 ~3 l6 [; n% |" `7 L9 SO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe, `; _9 g- e( g4 v4 S
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
6 P' f8 w, ~& j; e' {O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
5 h! v: L. J6 IO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1 r6 F" b9 m( c% |; O4 F2 IO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe0 ^* R+ [: k8 P- y2 |0 |2 d, `- H
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe4 r+ R- B, E8 g5 g: a0 g' \' x8 P# A
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
) c# Z. d# N" d% L% e4 ~O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
" d8 L/ i) X) i& z% oO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|