任务管理器里面有两个winlogon.exe 禁不了啊
HijackThis_815汉化版扫描日志 V1.99.1
保存于 12:22:54, 日期 2006-8-22
操作系统: Windows XP SP1 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PeanutHull3\PhCore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\winvnc\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\CCProxy\CCProxy.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\WINLOGON.EXE
C:\Program Files\PeanutHull3\Phmain.exe
C:\WINDOWS\System32\rundll32.exe
E:\Hijackthis1991zww\HijackThis1991zww.exe
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: BHO Class - {04DCC17E-35E1-417A-ABCF-41623FA2ACE7} - D:\move2\Garden33\gbho.dll (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\bt6\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: msiefvp - {10247252-C163-09AF-25FD-1DE95906BAA1} - C:\WINDOWS\System32\msiefvp.dll (file missing)
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~2.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IE HELP - {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - C:\WINDOWS\System32\IMULiver.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: XBTB01232 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\LOOKSM~1\toolbar.dll
O2 - BHO: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [Peanut Hull Client] C:\Program Files\PeanutHull\PHNT.exe -sa
O4 - 启动项HKLM\\Run: [WinVNC] "C:\Program Files\winvnc\winvnc.exe" -servicehelper
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\rising\Rav\RavMon.exe -system
O4 - 启动项HKLM\\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - 启动项HKLM\\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [intranet] C:\WINDOWS\System32\intranet.exe
O4 - 启动项HKLM\\Run: [88IPClient] ; C:\Program Files\CasinTech\88IP V5.1\88IP.exe
O4 - 启动项HKLM\\Run: [avserve.exe] ; C:\WINDOWS\avserve.exe
O4 - 启动项HKLM\\Run: [avserve2.exe] ; C:\WINDOWS\avserve2.exe
O4 - 启动项HKLM\\Run: [BIE] ; Rundll32.exe C:\WINDOWS\DOWNLO~1\BDSrHook.dll,Rundll32
O4 - 启动项HKLM\\Run: [File System Service] ; wmiprvsc.exe
O4 - 启动项HKLM\\Run: [helper.dll] ; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [hzs] ; zyl
O4 - 启动项HKLM\\Run: [MGFOLDER.EXE] ; C:\Program Files\MgFolder\MgFolder.exe
O4 - 启动项HKLM\\Run: [Microsoft Update] ; msawindows.exe
O4 - 启动项HKLM\\Run: [Msrv32] ; Msrv32.exe
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] ; C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [Registry] ; C:\WINDOWS\System32\Registry.exe
O4 - 启动项HKLM\\Run: [skynetave.exe] ; C:\WINDOWS\skynetave.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - 启动项HKLM\\Run: [System Log Event] ; csrss32.exe
O4 - 启动项HKLM\\Run: [随便聊聊] ; C:\Program Files\IMU\MiniChat\chatatwill_59.exe
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhMain] C:\Program Files\PeanutHull3\Phmain.exe
O4 - HKCU\..\Run: [CyberIP] ; D:\综合文件夹\域名解析\CyberIP.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampe.exe
O8 - IE右键菜单中的新增项目: Download with &Shareaza - res://C:\Program Files\bt6\Plugins\RazaWebHook.dll/3000
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe (file missing)
O9 - 浏览器额外的按钮: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - 浏览器额外的“工具”菜单项: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - 浏览器额外的按钮: (no name) - {C403FBA0-3889-11D8-9F0E-0080C6E9A383} - (no file)
O9 - 浏览器额外的按钮: (no name) - {C403FBA0-3889-11D8-9F0E-0080C6E9A384} - (no file)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {09F59435-7814-48ED-A73A-96FF861A91EB} - http://download.china.alibaba.com/search/alibaba/2/bar.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} -
file://c:\ied_s7.cab
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:
file://c:\bebe.mht!http://www.beachtrash.com/tx.chm::/ai.exe
O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA66543-0140-4B48-B122-506D60AF94A6}: NameServer = 10.41.36.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E17AD2D-85C1-467A-B122-AAF778FF2147}: NameServer = 202.96.104.16 202.96.104.26
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O23 - NT 服务: PeanuthullCore - 广东网域 - C:\Program Files\PeanutHull3\PhCore.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: VNC Server (winvnc) - Unknown owner - C:\Program Files\winvnc\winvnc.exe" -service (file missing)
