求助，电脑中毒，各位大侠帮忙看看 bbs.ikaka.com

沉睡的蝎子 - 2007-10-16 9:41:00

========Title========

========Content========
========Title========
加急求助！
========Content========
小的电脑前2天中了毒，病毒在每个共享文件夹下生成和文件夹同名的EXE文件，用杀软杀了2次都没查出来。
附件是系统扫描日志，求各位大侠帮忙看看！！感激不尽！！~~

Logfile of HijackThis v1.99.1
Scan saved at 16:43:43, on 2007-10-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\TEMP\AD79D0.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Documents and Settings\Administrator.ZJGJY\桌面\tsc\hijackthis_199\hijackthis_199\HijackThis.exe

R3 - URLSearchHook: (no name) - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://172.16.0.2:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://172.16.0.2:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://172.16.0.2:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://172.16.0.2:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (防毒墙网络版管理控制台) - https://localhost:4343/officescan/console/html/AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://localhost:4343/officescan/console/html/AtxPie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ZJGJY.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{392A1AD8-879A-4E07-A7D0-0222A9FA9A81}: NameServer = 202.103.96.68,202.103.96.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{A549782D-9720-467A-BCB2-33C9DCFA329B}: NameServer = 172.16.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ZJGJY.COM
O17 - HKLM\System\CS1\Services\Tcpip\..\{392A1AD8-879A-4E07-A7D0-0222A9FA9A81}: NameServer = 202.103.96.68,202.103.96.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ZJGJY.COM
O17 - HKLM\System\CS2\Services\Tcpip\..\{392A1AD8-879A-4E07-A7D0-0222A9FA9A81}: NameServer = 202.103.96.68,202.103.96.112
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SpntSvc - Unknown owner - C:\SPROTECT\SpntSvc.exe (file missing)
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; MAXTHON 2.0)

附件: 8562902007101693018.txt

瑞星卡卡安全论坛