大家帮忙看下，扫描日志

blueskyy

本子是ibm t43，日志如下，看看有没有中木马，谢谢拉。
－－－－－－－－－－－－－－－－－－－－－－－－－
HijackThis_815汉化版扫描日志 V1.99.1
保存于      15:30:09, 日期 2007-3-15
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
D:\Program Files\Maxthon\Maxthon.exe
F:\backup\system\HijackThis\HijackThis1991zww.exe
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O4 - 启动项HKLM\\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - 启动项HKLM\\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - 启动项HKLM\\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - 启动项HKLM\\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - 启动项HKLM\\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - 启动项HKLM\\Run: [TpShocks] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] TpShocks.exe
O4 - 启动项HKLM\\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - 启动项HKLM\\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - 启动项HKLM\\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - 启动项HKLM\\Run: [TPHKMGR] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [Finger] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TpKmapMn] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - D:\Program Files\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - D:\Program Files\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - 浏览器额外的按钮: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - 浏览器额外的“工具”菜单项: 创建移动收藏... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的按钮: 更新 ThinkPad 软件 - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B3DA338-0D7A-438B-BDC5-0FC2B65DB58A}: NameServer = 10.99.20.13,10.99.20.14,202.97.224.68,202.102.128.68
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - NT 服务: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - NT 服务: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - NT 服务: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

wangjay1980

用这个扫

blueskyy

上面那个不好吗？？
附，下面是你要的扫描
－－－－－－－－－－－－－

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <TpKmapMn><C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PWRMGRTR><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor>  [Lenovo Group Limited]
    <BLOG><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog>  []
    <TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [Lenovo]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <TpShocks><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TPHOTKEY><TpShocks.exe>  [(Verified)Lenovo (Japan) Ltd.]
    <EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [(Verified)Lenovo (Japan) Ltd.]
    <ACWLIcon><C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe>  []
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [(Verified)"ESET, spol. s r.o."]
    <TPHKMGR><C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe>  []
    <Finger><"C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup>  [UPEK Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><vrlogon.dll>  [UPEK Inc.]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
    <WinlogonNotify: ACNotify><ACNotify.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
    <WinlogonNotify: psfus><psqlpwd.dll>  [UPEK Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    <WinlogonNotify: tpfnf2><notifyf2.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    <WinlogonNotify: tphotkey><tphklock.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[Ac Profile Manager Service / AcPrfMgrSvc][Running/Auto Start]
  <C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe><N/A>
[Access Connections Main Service / AcSvc][Running/Auto Start]
  <C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe><Lenovo>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><Lenovo>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[ThinkPad HDD APS Logging Service / TPHDEXLGSVC][Running/Auto Start]
  <System32\TPHDEXLG.exe><N/A>
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.6.0.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[ANC / ANC][Running/System Start]
  <System32\drivers\ANC.SYS><IBM Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[IBM Access Support / EGATHDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS><IBM Corporation>
[F-SECURE AVP / F-SECURE AVP][Stopped/Manual Start]
  <\??\D:\Program Files\Kaspersky Anti-Virus 3.5\FSAVP.SYS><N/A>
[F-SECURE Filter / F-SECURE Filter][Stopped/Manual Start]
  <\??\D:\Program Files\Kaspersky Anti-Virus 3.5\FSFILTER.SYS><N/A>
[F-SECURE Gatekeeper / F-SECURE Gatekeeper][Stopped/Manual Start]
  <\??\D:\Program Files\Kaspersky Anti-Virus 3.5\FSGK.SYS><N/A>
[F-SECURE Recognizer / F-SECURE Recognizer][Stopped/Manual Start]
  <\??\D:\Program Files\Kaspersky Anti-Virus 3.5\FSREC.SYS><N/A>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WLAN 传输 / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Shockprf / Shockprf][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\Apsx86.sys><Lenovo.>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[SMI helper driver / smihlp][Running/Auto Start]
  <\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys><UPEK Inc.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TC USB Kernel Driver / TcUsb][Running/Manual Start]
  <System32\Drivers\tcusb.sys><UPEK Inc.>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TPDIGIMN / TPDIGIMN][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ApsHM86.sys><Lenovo.>
[TPInput / TPInput][Running/Manual Start]
  <System32\DRIVERS\TPInput.sys><Lenovo, Ltd. and IBM Corporation.>
[Winbond Trusted Platform Module / TPM][Running/Manual Start]
  <system32\DRIVERS\tpm.sys><Winbond Electronics Corp.>
[TPPWRIF / TPPWRIF][Running/System Start]
  <System32\drivers\Tppwrif.sys><N/A>
[TSMAPIP / TSMAPIP][Running/System Start]
  <System32\drivers\TSMAPIP.SYS><N/A>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\drivers\UIUSys.sys><N/A>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~2\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~2\INetRepl.dll, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[更新 ThinkPad 软件]
  {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} <C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe, Lenovo Group Limited>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[SDProjWiz2 Class]
  {D245F352-3F45-4516-B1E6-04608DA126CC} <C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\ProjWiz.dll, Microsoft Corporation>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>

blueskyy

续上，太多了
==================================
正在运行的进程
[PID: 880][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\vrlogon.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll]  [N/A, ]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll]  [N/A, ]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4118]
    [C:\WINDOWS\system32\psqlpwd.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\Program Files\ThinkVantage Fingerprint Software\infra.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\WINDOWS\system32\biologon.dll]  [Microsoft Corporation, 6.00.2497.0000 built by: main(SReasor)]
    [C:\Program Files\ThinkVantage Fingerprint Software\homepass.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\Program Files\ThinkVantage Fingerprint Software\bio.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\Program Files\ThinkVantage Fingerprint Software\remote.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\WINDOWS\system32\tphklock.dll]  [N/A, ]
    [C:\Program Files\ThinkVantage Fingerprint Software\crypto.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\psqlpwd.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\Program Files\ThinkVantage Fingerprint Software\infra.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll]  [UPEK Inc., 5.4.0.2786]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACGina.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll]  [N/A, ]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1164][C:\WINDOWS\system32\ibmpmsvc.exe]  [Lenovo, 1, 40, 0, 0]
[PID: 1192][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1292][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1416][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1548][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe]  [Intel Corporation, 10.5.1.21]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 5, 1, 1  ]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10.5.1.6]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10.5.1.5]
    [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 5, 1, 17]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10.5.1.0  ]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10.5.1.2]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10.5.1.1]
[PID: 1664][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe]  [Intel Corporation , 10.5.1.3]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10.5.1.6]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10.5.1.5]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10.5.1.0  ]
    [C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL]  [N/A, ]
[PID: 1708][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 252][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL]  [Lenovo Group Limited, 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL]  [N/A, ]
    [C:\WINDOWS\system32\Sensor.dll]  [Lenovo., 1.51.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [F:\backup\system\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1212][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL]  [Lenovo Group Limited, 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL]  [N/A, ]
    [C:\WINDOWS\system32\Sensor.dll]  [Lenovo., 1.51.0.0]
    [C:\WINDOWS\system32\OEMDSPIF.DLL]  [ATI Technologies, Inc., 6.14.0013]
[PID: 1348][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 2]
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 2, 008]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
[PID: 1788][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
[PID: 1820][C:\WINDOWS\system32\TpShocks.exe]  [Lenovo., 1.51.0.0]
    [C:\Program Files\ThinkPad\TpShocks\MUI\0804\TpShocks.dll]  [, ]
    [C:\WINDOWS\system32\Sensor.dll]  [Lenovo., 1.51.0.0]
[PID: 1824][C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe]  [Lenovo Group Limited, 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\SC\EzMApRes.dll]  [N/A, ]
[PID: 2060][C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll]  [N/A, ]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll]  [N/A, ]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\GUIHlprRes.dll]  [Lenovo, 4, 0, 0, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\IconRes.dll]  [Lenovo, 4, 0, 0, 0]
[PID: 2096][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 2148][C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll]  [N/A, ]
    [C:\WINDOWS\system32\Oemdspif.dll]  [ATI Technologies, Inc., 6.14.0013]
    [C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll]  [N/A, ]
[PID: 2164][C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, ]
[PID: 2172][C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe]  [Lenovo Group Limited, 1.17]
[PID: 2424][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
[PID: 2432][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe]  [N/A, ]
    [C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll]  [N/A, ]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
[PID: 3136][D:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
    [D:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5091]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3180][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
[PID: 3680][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
[PID: 3252][F:\backup\system\System Repair Engineer\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

风雪

感觉日志正常。

kuankevin

修复文件关联.HLP  Error. [winhlp32.exe %1]

blueskyy

谢谢拉。搞定。

blueskyy

老大，我还有个问题：
－－－－－－－
启动项目
注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
－－－－－－－－－－－－－－－－－－
为什么这个启动项目什么都没加载呢？？
<load><>  [N/A] 是什么意思，请解释，谢谢。

wangjay1980

没有是正常的，一般木马喜欢再这里加载，如果有东西那你就要小心了

blueskyy

谢谢拉，辛苦你达。