电脑时不时弹出来要安装office的小窗口,点一下取消没反映要点好几下就消失了!消失是消失了,跟着后面就弹出好一大串垃圾网站.
还有就是上一下网站,不如说mp3.baidu.com搜索MP3结果出来的是垃圾网站,显示的网址还是mp3.baidu.com..郁闷!
我又是杀毒又是杀木马,又是修复IE修复注册表!!就是搞不好!请高手指教一下!谢谢!

Logfile of HijackThis v1.99.1
Scan saved at 10:34:34, on 2005-11-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\KAV6\KAVSvc.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\rzx\Net110\RzxSevce.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\KAV6\KPopMon.exe
C:\WINNT\system32\rundll32.exe
C:\KAV6\MailMon.EXE
C:\KAV6\KAVPlus.EXE
E:\Octopus\Server.exe
E:\Octopus\rzxsurename.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\HijackThis\HijackThis.exe\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVRun] C:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] C:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [internat.exe] C:\WINDOWS\SYSTEM\internat.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ssServ] E:\Octopus\Server.exe
O4 - HKLM\..\Run: [internet.exe] C:/WINDOWS/system.hta
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {B83FC273-3522-4CC6-92EC-75CC86678DA4} - http://download.3721.com/download/CnsMin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE55A046-3581-4CAB-A5F0-4C44A3F582B5}: NameServer = 202.102.199.68,202.102.192.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - Service: File Replication Services (NtFrs32) - Unknown owner - C:\WINNT\system32\NtFrs32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: RzxSevce - 深圳任子行网络技术有限公司 - C:\Program Files\rzx\Net110\RzxSevce.exe

This is a report processed by VirusTotal on 11/14/2005 at 04:04:13 (CET) after scanning the file "internat.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.11.2005 no virus found
Avast 4.6.695.0 11.11.2005 no virus found
AVG 718 11.11.2005 no virus found
Avira 6.32.0.6 11.11.2005 no virus found
BitDefender 7.2 11.13.2005 no virus found
CAT-QuickHeal 8.00 11.12.2005 no virus found
ClamAV devel-20051108 11.11.2005 no virus found
DrWeb 4.33 11.13.2005 no virus found
eTrust-Iris 7.1.194.0 11.13.2005 no virus found
eTrust-Vet 11.9.1.0 11.11.2005 no virus found
Fortinet 2.48.0.0 11.10.2005 no virus found
F-Prot 3.16c 11.10.2005 no virus found
Ikarus 0.2.59.0 11.13.2005 no virus found
Kaspersky 4.0.2.24 11.14.2005 no virus found
McAfee 4626 11.11.2005 no virus found
NOD32v2 1.1284 11.11.2005 no virus found
Norman 5.70.10 11.13.2005 no virus found
Panda 8.02.00 11.13.2005 no virus found
Sophos 3.99.0 11.13.2005 no virus found
Symantec 8.0 11.13.2005 no virus found
TheHacker 5.9.1.033 11.11.2005 no virus found
VBA32 3.10.4 11.12.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com
第一个查第一个的

下面一个是第二个查第二个的
Service load:  0%        100% 

File:  internat.exe 
Status:  OK 
MD5  2061f6ff47f6938d95c18e3a1a8cf7e2 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing



--------------------------------
Last file scanned at least one scanner reported something about: Winamp34.exe, detected by:

Scanner  Malware name 
AntiVir  Trojan/Flood.D 
ArcaVir  Trojan.Group.A_(690688) 
Avast  Win32:Trojan-gen. {VB} 
AVG Antivirus  X 
BitDefender  Trojan.Devil.1.3.D 
ClamAV  Trojan.W32.Flood.B 
Dr.Web  BackDoor.Devil.13 
F-Prot Antivirus  destructive program 
Fortinet  W32/IFlood.D-tr 
Kaspersky Anti-Virus  Trojan.Win32.Flood.d 
NOD32  Win32/Flood.D 
Norman Virus Control  W32/ICQFlood.D 
UNA  X 
VBA32  Trojan.Win_Genocide 

Service load:  0%        100% 

File:  internat.exe 
Status:  OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5  2061f6ff47f6938d95c18e3a1a8cf7e2 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
Last file scanned at least one scanner reported something about: rep.exe, detected by:

Scanner  Malware name 
AntiVir  Packer/MEW 
ArcaVir  X 
Avast  X 
AVG Antivirus  X 
BitDefender  Backdoor.SDBot.D7651E05 
ClamAV  Worm.Mytob.GH 
Dr.Web  Win32.HLLW.MyBot.based 
F-Prot Antivirus  X 
Fortinet  X 
Kaspersky Anti-Virus  Backdoor.Win32.SdBot.aad 
NOD32  a variant of IRC/SdBot 
Norman Virus Control  W32/Suspicious_M.gen 
UNA  X 
VBA32  X 
第二个查第一个的

File size can't be more than 10 Megabytes.
You can't try compressing it.
Thanks you.

<< Go back

不行啊

Logfile of HijackThis v1.99.1
Scan saved at 11:49:46, on 2005-11-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\KAV6\KAVSvc.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\rzx\Net110\RzxSevce.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Octopus\Server.exe
C:\KAV6\KPopMon.exe
C:\WINNT\system32\rundll32.exe
C:\KAV6\MailMon.EXE
C:\KAV6\KAVPlus.EXE
E:\Octopus\rzxsurename.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVRun] C:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] C:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [internat.exe] C:\WINDOWS\SYSTEM\internat.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ssServ] E:\Octopus\Server.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE55A046-3581-4CAB-A5F0-4C44A3F582B5}: NameServer = 202.102.199.68,202.102.192.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - Service: File Replication Services (NtFrs32) - Unknown owner - C:\WINNT\system32\NtFrs32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: RzxSevce - 深圳任子行网络技术有限公司 - C:\Program Files\rzx\Net110\RzxSevce.exe

修复后的

This is a report processed by VirusTotal on 11/14/2005 at 04:57:11 (CET) after scanning the file "internat.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.11.2005 no virus found
Avast 4.6.695.0 11.11.2005 no virus found
AVG 718 11.11.2005 no virus found
Avira 6.32.0.6 11.11.2005 no virus found
BitDefender 7.2 11.13.2005 no virus found
CAT-QuickHeal 8.00 11.12.2005 no virus found
ClamAV devel-20051108 11.11.2005 no virus found
DrWeb 4.33 11.13.2005 no virus found
eTrust-Iris 7.1.194.0 11.13.2005 no virus found
eTrust-Vet 11.9.1.0 11.11.2005 no virus found
Fortinet 2.48.0.0 11.10.2005 no virus found
F-Prot 3.16c 11.10.2005 no virus found
Ikarus 0.2.59.0 11.13.2005 no virus found
Kaspersky 4.0.2.24 11.14.2005 no virus found
McAfee 4626 11.11.2005 no virus found
NOD32v2 1.1284 11.11.2005 no virus found
Norman 5.70.10 11.13.2005 no virus found
Panda 8.02.00 11.13.2005 no virus found
Sophos 3.99.0 11.13.2005 no virus found
Symantec 8.0 11.13.2005 no virus found
TheHacker 5.9.1.034 11.14.2005 no virus found
VBA32 3.10.4 11.12.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com

Service load:  0%        100% 

File:  internat.exe 
Status:  OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5  2061f6ff47f6938d95c18e3a1a8cf7e2 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
Disclaimer 
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all! 
 
Last file scanned at least one scanner reported something about: DAP_Premium_Patch_por_Mar1an0.exe, detected by:

Scanner  Malware name 
AntiVir  X 
ArcaVir  X 
Avast  X 
AVG Antivirus  X 
BitDefender  X 
ClamAV  X 
Dr.Web  X 
F-Prot Antivirus  X 
Fortinet  X 
Kaspersky Anti-Virus  not-a-virus:Monitor.Win32.Ardamax.20 
NOD32  X 
Norman Virus Control  X 
UNA  I-Worm.Yanz.b 
VBA32  X 


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

“开始”，“控制面板”，“性能和维护”，“管理工具”，双击“服务”图标，右击所要停用的服务NtFrs32，点击“停用”。


没有找到服务NtFrs32哦!现在打开mp3.baidu.com不出现垃圾网站了!不知道那个定时弹出来的垃圾网站个能弹出来了!等等瞧!

谢谢谢谢谢谢!!!