瑞星卡卡安全论坛

这是我机器的扫描日志，请高手指点下，看看有没有问题
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:16:15 AM, 日期 1/1/2000
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
d:\KAV6\KAVSvc.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
d:\KAV6\KWatchUI.EXE
D:\KAV6\KpopMon.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
d:\KAV6\MailMon.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
d:\KAV6\KAVPlus.EXE
C:\WINNT\system32\CAPRPCSK.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\下载中心\2535952005811174944\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: InsIII - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINNT\system32\obdc16tg.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: ?eé???°? - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - d:\KAV6\KAIEPlus.DLL
O3 - IE工具栏增项: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [CAPON] rem C:\WINNT\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] rem nwiz.exe /install
O4 - 启动项HKLM\\Run: [PinnacleDriverCheck] rem C:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - 启动项HKLM\\Run: [LoadQM] rem loadqm.exe
O4 - 启动项HKLM\\Run: [KAVRun] d:\KAV6\KAVRun.EXE
O4 - 启动项HKLM\\Run: [Kulansyn] d:\KAV6\Kulansyn.EXE
O4 - 启动项HKLM\\Run: [KpopMon] d:\KAV6\KpopMon.EXE
O4 - 启动项HKLM\\Run: [helper.dll] rem C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [Microsoft NetMeeting Associates, Inc.] NetMeeting.exe
O4 - 启动项HKLM\\Run: [Protected Storage] rem RUNDLL32.EXE MSSIGN30.DLL  ondll_reg
O4 - 启动项HKLM\\Run: [CnsMin] rem Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Hardware Profile] rem C:\WINNT\system32\hxdef.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] rem C:\WINNT\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [YDTMain.exe] rem C:\PROGRA~1\YDT\YDTMain.exe
O4 - 启动项HKLM\\Run: [ISUSPM Startup] rem C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler] rem "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - 启动项HKLM\\RunServices: [SystemTra] C:\WINNT\SysTra.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - 浏览器额外的按钮: ê??ú?ìD? - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_3721_assist (file missing)
O9 - 浏览器额外的按钮: Yahoo 1Gμ?óê - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: ?°±|à?è¤?à - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: é?í??úê? - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: ?eé?×??? - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - url:http://www.joyo.com (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: ?eé???°?í??? - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - url:http://www.duba.net (file missing)
O9 - 浏览器额外的按钮: ?é?°á?ìì - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: DT?′?ˉàà?÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: ?ú??2é?? - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - d:\KAV6\kavie.HTM
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: ??àíé?í????? - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  í???êμ??
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D617C995-EE68-4D1E-8990-B8F2774252C4}: NameServer = 202.96.75.68,202.96.64.68
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - d:\KAV6\KAVSvc.EXE
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Windows Management NetWork Service Extensions - Unknown owner - NetManager.exe (file missing)
O23 - NT 服务: Windows Management Protocol v.0 (experimental) - Unknown owner - Rundll32.exe (file missing)
O23 - NT 服务: _reg - Unknown owner - Rundll32.exe (file missing)

发现病毒在： C:\WINNT\eraseme_35025.exe
病毒名：Win32.Hack.SdBot.aa.64512
病毒类型： 其他病毒
处理结果： 删除

O23 - NT 服务: Windows Management NetWork Service Extensions - Unknown owner - NetManager.exe (file missing)
O23 - NT 服务: Windows Management Protocol v.0 (experimental) - Unknown owner - Rundll32.exe (file missing)
O23 - NT 服务: _reg - Unknown owner - Rundll32.exe (file missing)
修复这三项.

引用:

【美仪的贴子】 发现病毒在： C:\WINNT\eraseme_35025.exe 病毒名：Win32.Hack.SdBot.aa.64512 病毒类型： 其他病毒 处理结果： 删除 ...........................

O4 - 启动项HKLM\\RunServices: [SystemTra] C:\WINNT\SysTra.EXE
修复这项，并删除C:\WINNT\SysTra.EXE
参阅下面这个网页看看，，是否有与之相符的地方~~
http://news.xinhuanet.com/it/2004-07/11/content_1590668.htm

O23 - NT 服务: Windows Management NetWork Service Extensions - Unknown owner - NetManager.exe (file missing)
O23 - NT 服务: Windows Management Protocol v.0 (experimental) - Unknown owner - Rundll32.exe (file missing)
O23 - NT 服务: _reg - Unknown owner - Rundll32.exe (file missing)
修复上面几项，
再进入注册表（可能没有了~~）
打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \

SERVICES分支，删除左栏中的服务名Windows Management NetWork Service Extensions 和experimental和_reg
打开 我的电脑》工具》文件夹选项》查看》显示所有文件，显示系统文件》确定
删除
C:\WINNT\eraseme_35025.exe