网页一打开就弹出http://web.9983.com/

我的卡巴斯扫描有病毒c:winnt/system32/nt_plus_dll.dll

winlogon.exe\nt_plus_dll.dll一杀毒就死机

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      13:44:11, 日期 2005-10-15
操作系统：  Windows 2000 SP2 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
E:\HijackThis V1[1].99.1 完全汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - 启动项HKLM\\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - Startup: 腾讯qq.lnk = D:\Program Files\QQ2005\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{06EEF172-7A79-4E9E-81CF-85ACCB402983}: NameServer = 202.103.24.68,202.103.0.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{06EEF172-7A79-4E9E-81CF-85ACCB402983}: NameServer = 202.103.24.68,202.103.0.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{06EEF172-7A79-4E9E-81CF-85ACCB402983}: NameServer = 202.103.24.68,202.103.0.113
O23 - NT 服务: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Windows Audio Services (winAudSer) - Unknown owner - C:\WINNT\system32\Winms.exe

先修了这三项：
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

【回复“pustus”的帖子】
显示所有文件,找到C:\WINNT\system32\Winms.exe

请把此文件压缩加密为virus发到我的邮箱  rsvirus@163.com 并注明此贴地址，谢谢合作。

》》如何压缩加密？----http://forum.ikaka.com/topic.asp?board=67&artid=7241343

谢谢版主。

我按照您的要求发送过去了。

这是我的邮箱coosu.z@163.com

我现在的06项没有。但是问题还在！

这是我最新的hijackthis扫描

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      15:44:01, 日期 2005-10-15
操作系统：  Windows 2000 SP2 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\msiexec.exe
D:\Program Files\TTPlayer\TTPlayer.exe
E:\HijackThis V1[1].99.1 完全汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O4 - 启动项HKLM\\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - Startup: 腾讯qq.lnk = D:\Program Files\QQ2005\QQ.exe
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ2005\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{06EEF172-7A79-4E9E-81CF-85ACCB402983}: NameServer = 202.103.24.68,202.103.0.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{06EEF172-7A79-4E9E-81CF-85ACCB402983}: NameServer = 202.103.24.68,202.103.0.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{06EEF172-7A79-4E9E-81CF-85ACCB402983}: NameServer = 202.103.24.68,202.103.0.113
O23 - NT 服务: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Windows Audio Services (winAudSer) - Unknown owner - C:\WINNT\system32\Winms.exe

【回复“pustus”的帖子】
见:http://forum.ikaka.com/topic.asp?board=67&artid=7300311