Logfile of HijackThis v1.99.1
Scan saved at 11:49:46, on 2005-11-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\KAV6\KAVSvc.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\rzx\Net110\RzxSevce.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Octopus\Server.exe
C:\KAV6\KPopMon.exe
C:\WINNT\system32\rundll32.exe
C:\KAV6\MailMon.EXE
C:\KAV6\KAVPlus.EXE
E:\Octopus\rzxsurename.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVRun] C:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] C:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [internat.exe] C:\WINDOWS\SYSTEM\internat.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ssServ] E:\Octopus\Server.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE55A046-3581-4CAB-A5F0-4C44A3F582B5}: NameServer = 202.102.199.68,202.102.192.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - Service: File Replication Services (NtFrs32) - Unknown owner - C:\WINNT\system32\NtFrs32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: RzxSevce - 深圳任子行网络技术有限公司 - C:\Program Files\rzx\Net110\RzxSevce.exe

修复后的

【回复“华非凡”的帖子】



“开始”，“控制面板”，“性能和维护”，“管理工具”，双击“服务”图标，右击所要停用的服务NtFrs32，点击“停用”。
另外，怀疑C:\WINDOWS\SYSTEM\internat.exe是个木马，请整合两份多引擎扫描报告后贴上来，只扫描这个C:\WINDOWS\SYSTEM\internat.exe即可。

This is a report processed by VirusTotal on 11/14/2005 at 04:57:11 (CET) after scanning the file "internat.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.11.2005 no virus found
Avast 4.6.695.0 11.11.2005 no virus found
AVG 718 11.11.2005 no virus found
Avira 6.32.0.6 11.11.2005 no virus found
BitDefender 7.2 11.13.2005 no virus found
CAT-QuickHeal 8.00 11.12.2005 no virus found
ClamAV devel-20051108 11.11.2005 no virus found
DrWeb 4.33 11.13.2005 no virus found
eTrust-Iris 7.1.194.0 11.13.2005 no virus found
eTrust-Vet 11.9.1.0 11.11.2005 no virus found
Fortinet 2.48.0.0 11.10.2005 no virus found
F-Prot 3.16c 11.10.2005 no virus found
Ikarus 0.2.59.0 11.13.2005 no virus found
Kaspersky 4.0.2.24 11.14.2005 no virus found
McAfee 4626 11.11.2005 no virus found
NOD32v2 1.1284 11.11.2005 no virus found
Norman 5.70.10 11.13.2005 no virus found
Panda 8.02.00 11.13.2005 no virus found
Sophos 3.99.0 11.13.2005 no virus found
Symantec 8.0 11.13.2005 no virus found
TheHacker 5.9.1.034 11.14.2005 no virus found
VBA32 3.10.4 11.12.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com

Service load:  0%        100% 

File:  internat.exe 
Status:  OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5  2061f6ff47f6938d95c18e3a1a8cf7e2 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
Disclaimer 
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all! 
 
Last file scanned at least one scanner reported something about: DAP_Premium_Patch_por_Mar1an0.exe, detected by:

Scanner  Malware name 
AntiVir  X 
ArcaVir  X 
Avast  X 
AVG Antivirus  X 
BitDefender  X 
ClamAV  X 
Dr.Web  X 
F-Prot Antivirus  X 
Fortinet  X 
Kaspersky Anti-Virus  not-a-virus:Monitor.Win32.Ardamax.20 
NOD32  X 
Norman Virus Control  X 
UNA  I-Worm.Yanz.b 
VBA32  X 


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

“开始”，“控制面板”，“性能和维护”，“管理工具”，双击“服务”图标，右击所要停用的服务NtFrs32，点击“停用”。


没有找到服务NtFrs32哦!现在打开mp3.baidu.com不出现垃圾网站了!不知道那个定时弹出来的垃圾网站个能弹出来了!等等瞧!

谢谢谢谢谢谢!!!