前几天开始电脑反映速度变慢了，鼠标时常会变成漏斗状。

前天拿“江民”扫了没报病毒，改用“瑞星”在线免费查毒，查出了Rootkiv.vanti.gen这个病毒。C:\Documents and Settings\Administrator\Local Settings\Temp\rw2m9md.dll

用了这里的高手提供的查杀软件查了，但是因为是新手，不敢乱删，请大家帮我看看哪几个是病毒能删除的。谢谢

附上Hijack扫描日志和Process扫描日志。

Ashampoo AntiSpyware扫描日志（报了190几个，据说误杀几率蛮高，不敢乱删）

麻烦大家了，谢谢！！

Hijack扫描日志
Logfile of HijackThis v1.99.1
Scan saved at 17:00:56, on 2006-04-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ZKSoftware\Biokey200\bin\DpHost.exe
D:\KV2004\KVSrvXp_1.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\KV2004\KVMonXp_1.kxp
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\littleIrene\TT\TTraveler.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\littleIrene\qq\QQ.exe
D:\littleIrene\qq\TIMPlatform.exe
C:\WINDOWS\System32\taskmg.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\littleIrene\qq\QQIEHelper.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - D:\KV2004\KVShell_1.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\System32\imuiepls.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSN 搜索工具栏 Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - Toolbar: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - D:\KV2004\KVShell_1.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O3 - Toolbar: MSN 搜索工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [KvMonXP] D:\KV2004\KVMonXp_1.kxp /auto
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\taskmg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\littleIrene\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\littleIrene\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\littleIrene\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\littleIrene\qq\SendMMS.htm
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\POWERW~1\IEPlugin.dll (file missing)
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\POWERW~1\XDictExB.dll (file missing)
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\POWERW~1\IEPlugin.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\littleIrene\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\littleIrene\qq\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\littleIrene\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\littleIrene\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F96F7B71-0837-484C-8828-87595E49716F}: NameServer = 202.96.199.133
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\POWERW~1\XDictExB.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: User Authentication Manager (DpHost) - DigitalPersona, Inc. - C:\Program Files\ZKSoftware\Biokey200\bin\DpHost.exe
O23 - Service: KVSrvXp_1 - JiangMin Ltd. - D:\KV2004\KVSrvXp_1.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

Process Explores扫描日志

Process    PID    CPU    Description    Company Name
System Idle Process    0    63.64       
Interrupts    n/a        Hardware Interrupts   
DPCs    n/a    1.52    Deferred Procedure Calls   
System    4           
  smss.exe    452        Windows NT Session Manager    Microsoft Corporation
  csrss.exe    500    1.52    Client Server Runtime Process    Microsoft Corporation
  winlogon.exe    524        Windows NT Logon Application    Microsoft Corporation
    services.exe    576    3.03    Services and Controller app    Microsoft Corporation
    svchost.exe    752        Generic Host Process for Win32 Services    Microsoft Corporation
      naPrdMgr.exe    1952        NAI Product Manager    Network Associates, Inc.
    svchost.exe    800        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    948        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    972        Generic Host Process for Win32 Services    Microsoft Corporation
    spoolsv.exe    1124        Spooler SubSystem App    Microsoft Corporation
    msdtc.exe    1556        MS DTC console program    Microsoft Corporation
    alg.exe    1656        Application Layer Gateway Service    Microsoft Corporation
    cisvc.exe    1672        Content Index service    Microsoft Corporation
      cidaemon.exe    2620        Indexing Service filter daemon    Microsoft Corporation
    DpHost.exe    1696        DPHOST Module    DigitalPersona, Inc.
    ewidoctrl.exe    1720        ewido control    ewido networks
    ewidoguard.exe    1732        guard    ewido networks
    KVSrvXp_1.exe    1784        KVSrvXP    JiangMin Ltd.
    FrameworkService.exe    1804        Framework Service    Network Associates, Inc.
    Mcshield.exe    1860        On-Access Scanner service    Network Associates, Inc.
    VsTskMgr.exe    1892        Task Manager : scheduling and OAS alerting service    Network Associates, Inc.
    sqlservr.exe    1940    1.52    SQL Server Windows NT    Microsoft Corporation
    svchost.exe    204        Generic Host Process for Win32 Services    Microsoft Corporation
    wdfmgr.exe    228        Windows User Mode Driver Manager    Microsoft Corporation
    lsass.exe    588        LSA Shell (Export Version)    Microsoft Corporation
explorer.exe    1344        Windows Explorer    Microsoft Corporation
rundll32.exe    1504        Run a DLL as an App    Microsoft Corporation
shstat.exe    1240        On-access scanner statistics    Network Associates, Inc.
AntiSpyWareGuard.exe    2124           
  AntiSpyWareControl.exe    2212    4.55       
ctfmon.exe    2140        CTF Loader    Microsoft Corporation
sqlmangr.exe    2148        SQL Server Service Manager    Microsoft Corporation
    3264           
TTraveler.exe    2548    22.73    Tencent Traveler    腾讯公司
WinRAR.exe    300           
  procexp.exe    2684    1.52    Sysinternals Process Explorer    Sysinternals
taskmg.exe    2292