ntpi32.exe这个病毒怎么清除呀!!删了重起又有了!
用橙色八月专用提取清除工具,杀了也不行。重起又来了!
Logfile of HijackThis v1.99.1
Scan saved at 16:57:16, on 2006-9-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\KV2005\KVSrvXP.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\msasvc.exe
C:\WINNT\system32\ntpi32.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\Rundll32.exe
C:\Documents and Settings\Administrator\桌面\TenyQQ1\TenyQQ\TenyQQ.EXE
C:\PROGRA~1\KV2005\KVMonXP.kxp
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\DllHost.exe
E:\Program Files\BitComet\BitComet.exe
E:\Program Files\QQ2006\QQ.exe
E:\Program Files\QQ2006\TIMPlatform.exe
C:\Documents and Settings\Administrator\桌面\QQPetNurse0918(2.17SP2)\QQPetNurse.exe
C:\WINNT\system32\ping.exe
C:\PROGRA~1\KV2005\KvXP.kxp
C:\WINNT\system32\DllHost.exe
F:\Ftp_soft\垃圾文件清理软件\ha_hijackthis_1991\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe ntpi32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ntpi32.exe
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2005\KvShell_1.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\cnshook.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2005\KvShell_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [9D48A45B1AF13CFD7690D3781A166300] C:\Documents and Settings\Administrator\桌面\TenyQQ1\TenyQQ\TenyQQ.EXE
O4 - HKLM\..\Run: [KvMonXP] "C:\PROGRA~1\KV2005\KVMonXP.kxp" /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunServices: [Windows Kernel System Service] ntpi32.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 - HKCU\..\RunServices: [Windows Kernel System Service] ntpi32.exe
O4 - Global Startup: Rupsmon Daemon.lnk = C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Thunder Network\ThunderMini\Program\GetUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O11 - Options group: [!CNS] 中文上网
O16 - DPF: {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA} (NetViewX Control) - http://szysx.vicp.net:84/NetViewX.cab
O16 - DPF: {1603C912-C9A2-43C6-A366-9CB74E8FB7A6} (OnlinePlayer Control) - http://visiondigi.eicp.net/im.cab
O16 - DPF: {18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} - http://active.micr0media.com/swflash.CAB
O16 - DPF: {479B29EF-9A2C-11D0-B696-00A0C903487A} (AtlFireCtl Class) - http://saer.oicp.net/webview.dll
O16 - DPF: {4F7D0375-47F5-4007-9BA1-6972A13D7B90} (WebOcx Control) - http://192.168.0.227/WebOcx.ocx
O16 - DPF: {830DF3DB-C895-42AB-B2D0-918F4D772861} (TM NetView Control) - http://2006060905.vicp.net/tm9kocx.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://qz-photo.qq.com/qzone3/QzoneMediaTools.cab
O16 - DPF: {B42FA82A-B13A-483D-8F78-8D4F8FA411F1} (ChengDu FlyDragon vision WebView) - http://shrelong.kmip.net/long.cab
O16 - DPF: {B8E5F8A2-E81C-45E0-A8E8-112C91E79206} (NVMPEG4 Control) - http://www.gtk114.com.cn/Software/NVMPEG4.CAB
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl
Object) - https://account.qq.com/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ypclk.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D4E8E7C-01D8-4DA4-B8B3-8FF9C51E596C}: NameServer = 202.98.160.68,202.98.161.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ypclk.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D4E8E7C-01D8-4DA4-B8B3-8FF9C51E596C}: NameServer = 202.98.160.68,202.98.161.68
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ypclk.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D4E8E7C-01D8-4DA4-B8B3-8FF9C51E596C}: NameServer = 202.98.160.68,202.98.161.68
O23 - Service: Adobe LT Service (ALTS) - Unknown owner - C:\WINNT\system32\msasvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - C:\PROGRA~1\KV2005\KVSrvXP.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
