“任务管理器”打开闪一下就关闭，注册表、事件查看器、服务都不能打开。

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      14:10:12, 日期 2006-8-21
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\T2lsZ2FzLVdlYmhw\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\cpqteam.exe
C:\WINNT\system32\linksys.exe
C:\dfndrff_11a.exe
C:\kybrdff_11a.exe
C:\Program Files\Common Files\{142976AE-0BB8-2052-0816-050402050056}\Update.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\stonedrv.exe
C:\WINNT\system32\regedt32.exe
E:\hijack\HijackThis1991zww\HijackThis1991zww.exe

F2 - REG:system.ini: Shell=Explorer.exe msijavaup32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msijavaup32.exe
O1 - Hosts: 235.214.107.41 www.virustotal.com
O1 - Hosts: 33.3.169.44 virusscan.jotti.org
O1 - Hosts: 95.95.239.187 sandbox.norman.no
O1 - Hosts: 236.16.252.76 www.symantec.com
O1 - Hosts: 81.237.212.190 securityresponse.symantec.com
O1 - Hosts: 153.77.69.6 symantec.com
O1 - Hosts: 101.81.142.37 www.sophos.com
O1 - Hosts: 51.92.5.83 sophos.com
O1 - Hosts: 22.84.63.236 www.mcafee.com
O1 - Hosts: 204.205.34.167 mcafee.com
O1 - Hosts: 243.212.96.143 liveupdate.symantecliveupdate.com
O1 - Hosts: 61.96.74.78 www.viruslist.com
O1 - Hosts: 104.47.238.203 viruslist.com
O1 - Hosts: 109.147.117.22 f-secure.com
O1 - Hosts: 13.244.51.53 www.f-secure.com
O1 - Hosts: 57.5.230.76 kaspersky.com
O1 - Hosts: 17.115.16.33 www.avp.com
O1 - Hosts: 90.161.208.139 www.kaspersky.com
O1 - Hosts: 50.145.99.80 avp.com
O1 - Hosts: 233.168.246.216 www.networkassociates.com
O1 - Hosts: 64.114.128.249 www.ca.com
O1 - Hosts: 236.121.110.141 ca.com
O1 - Hosts: 54.114.43.161 mast.mcafee.com
O1 - Hosts: 118.182.103.146 my-etrust.com
O1 - Hosts: 221.234.42.53 www.my-etrust.com
O1 - Hosts: 78.49.5.243 download.mcafee.com
O1 - Hosts: 11.207.240.9 dispatch.mcafee.com
O1 - Hosts: 185.176.201.53 secure.nai.com
O1 - Hosts: 219.150.202.149 nai.com
O1 - Hosts: 192.252.18.2 www.nai.com
O1 - Hosts: 21.236.30.16 update.symantec.com
O1 - Hosts: 19.195.32.170 updates.symantec.com
O1 - Hosts: 130.65.67.206 us.mcafee.com
O1 - Hosts: 115.196.49.111 liveupdate.symantec.com
O1 - Hosts: 117.157.101.252 customer.symantec.com
O1 - Hosts: 183.213.47.157 rads.mcafee.com
O1 - Hosts: 68.79.239.155 trendmicro.com
O1 - Hosts: 211.47.228.251 www.trendmicro.com
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - 启动项HKLM\\Run: [AtiPTA] Atiptaxx.exe
O4 - 启动项HKLM\\Run: [CPQTEAM] cpqteam.exe
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - 启动项HKLM\\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - 启动项HKLM\\Run: [Linksys Modem Drivers] linksys.exe
O4 - 启动项HKLM\\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - 启动项HKLM\\RunServices: [Linksys Modem Drivers] linksys.exe
O4 - 启动项HKLM\\RunServices: [ntdll.dll] msijavaup32.exe
O4 - 启动项HKLM\\RunServices: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKCU\..\Run: [ntdll.dll] c:\winnt\system32\stonedrv.exe
O4 - 启动项HKCU\\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138151025687
O17 - HKLM\System\CCS\Services\Tcpip\..\{56922390-5EE0-4D52-9B9B-4C5DC570EC1F}: NameServer = 202.96.209.5,202.96.209.133,202.96.209.6,202.96.199.132,202.96.199.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6B90FA8-C2B0-4BAB-92E8-C24736387104}: NameServer = 202.96.209.6
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\qbgr.dll
O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\qbgr.dll
O23 - NT 服务: Command Service (cmdService) - Unknown owner - C:\WINNT\T2lsZ2FzLVdlYmhw\command.exe
O23 - NT 服务: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - NT 服务: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINNT\System32\CpqRcmc.exe
O23 - NT 服务: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - NT 服务: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - NT 服务: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - NT 服务: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - NT 服务: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - NT 服务: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)
O23 - NT 服务: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - NT 服务: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe

stonedrv.exe共有4个变种，大小在15K - 21K不等，FSG压缩，属于代理木马。运行后开启后门代理端口，为黑客进行远程攻击提供跳板.

怎么才能清除？

好象还有广告木马，获取并执行黑客命令。这些黑客命令可以是下载其他木马、设置IE主页搜索页等。

有什么办法吗？