Akila22 - 2006-4-14 11:21:00
前几天开始电脑反映速度变慢了,鼠标时常会变成漏斗状。
前天拿“江民”扫了没报病毒,改用“瑞星”在线免费查毒,查出了Rootkiv.vanti.gen这个病毒。C:\Documents and Settings\Administrator\Local Settings\Temp\rw2m9md.dll
用了这里的高手提供的查杀软件查了,但是因为是新手,不敢乱删,请大家帮我看看哪几个是病毒能删除的。谢谢
附上Hijack扫描日志和Process扫描日志。
Ashampoo AntiSpyware扫描日志(报了190几个,据说误杀几率蛮高,不敢乱删)
麻烦大家了,谢谢!!
Akila22 - 2006-4-14 11:22:00
Hijack扫描日志
Logfile of HijackThis v1.99.1
Scan saved at 17:00:56, on 2006-04-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ZKSoftware\Biokey200\bin\DpHost.exe
D:\KV2004\KVSrvXp_1.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\KV2004\KVMonXp_1.kxp
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\littleIrene\TT\TTraveler.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\littleIrene\qq\QQ.exe
D:\littleIrene\qq\TIMPlatform.exe
C:\WINDOWS\System32\taskmg.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe
R3 - URLSearchHook: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\littleIrene\qq\QQIEHelper.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - D:\KV2004\KVShell_1.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\System32\imuiepls.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSN 搜索工具栏 Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - Toolbar: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - D:\KV2004\KVShell_1.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O3 - Toolbar: MSN 搜索工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [KvMonXP] D:\KV2004\KVMonXp_1.kxp /auto
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\taskmg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\littleIrene\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\littleIrene\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\littleIrene\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\littleIrene\qq\SendMMS.htm
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\POWERW~1\IEPlugin.dll (file missing)
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\POWERW~1\XDictExB.dll (file missing)
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\POWERW~1\IEPlugin.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\littleIrene\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\littleIrene\qq\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\littleIrene\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\littleIrene\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F96F7B71-0837-484C-8828-87595E49716F}: NameServer = 202.96.199.133
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\POWERW~1\XDictExB.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: User Authentication Manager (DpHost) - DigitalPersona, Inc. - C:\Program Files\ZKSoftware\Biokey200\bin\DpHost.exe
O23 - Service: KVSrvXp_1 - JiangMin Ltd. - D:\KV2004\KVSrvXp_1.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Akila22 - 2006-4-14 11:25:00
Process Explores扫描日志
Process PID CPU Description Company Name
System Idle Process 0 63.64
Interrupts n/a Hardware Interrupts
DPCs n/a 1.52 Deferred Procedure Calls
System 4
smss.exe 452 Windows NT Session Manager Microsoft Corporation
csrss.exe 500 1.52 Client Server Runtime Process Microsoft Corporation
winlogon.exe 524 Windows NT Logon Application Microsoft Corporation
services.exe 576 3.03 Services and Controller app Microsoft Corporation
svchost.exe 752 Generic Host Process for Win32 Services Microsoft Corporation
naPrdMgr.exe 1952 NAI Product Manager Network Associates, Inc.
svchost.exe 800 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 972 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1124 Spooler SubSystem App Microsoft Corporation
msdtc.exe 1556 MS DTC console program Microsoft Corporation
alg.exe 1656 Application Layer Gateway Service Microsoft Corporation
cisvc.exe 1672 Content Index service Microsoft Corporation
cidaemon.exe 2620 Indexing Service filter daemon Microsoft Corporation
DpHost.exe 1696 DPHOST Module DigitalPersona, Inc.
ewidoctrl.exe 1720 ewido control ewido networks
ewidoguard.exe 1732 guard ewido networks
KVSrvXp_1.exe 1784 KVSrvXP JiangMin Ltd.
FrameworkService.exe 1804 Framework Service Network Associates, Inc.
Mcshield.exe 1860 On-Access Scanner service Network Associates, Inc.
VsTskMgr.exe 1892 Task Manager : scheduling and OAS alerting service Network Associates, Inc.
sqlservr.exe 1940 1.52 SQL Server Windows NT Microsoft Corporation
svchost.exe 204 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 228 Windows User Mode Driver Manager Microsoft Corporation
lsass.exe 588 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1344 Windows Explorer Microsoft Corporation
rundll32.exe 1504 Run a DLL as an App Microsoft Corporation
shstat.exe 1240 On-access scanner statistics Network Associates, Inc.
AntiSpyWareGuard.exe 2124
AntiSpyWareControl.exe 2212 4.55
ctfmon.exe 2140 CTF Loader Microsoft Corporation
sqlmangr.exe 2148 SQL Server Service Manager Microsoft Corporation
3264
TTraveler.exe 2548 22.73 Tencent Traveler 腾讯公司
WinRAR.exe 300
procexp.exe 2684 1.52 Sysinternals Process Explorer Sysinternals
taskmg.exe 2292
小风22 - 2006-4-14 11:41:00
结束taskmg.exe进程
删除taskmg.exe
删除C:\Documents and Settings\Administrator\Local Settings\Temp\rw2m9md.dll
删除注册表所有taskmg.exe项目
重起
小风22 - 2006-4-14 11:45:00
那个taskmg.exe在winnt/system32根下
昨天已经回答过这个问题了,怎么帖子没有了?
让人失望的社区-_-.....................
© 2000 - 2026 Rising Corp. Ltd.