当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
E:\rising\Rav\CCenter.exe
E:\rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
E:\rising\Rav\RavStub.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\winhelp\smss.exe
E:\rising\Rav\RavTask.exe
E:\rising\Rav\Ravmon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\system32\taskmgr.exe
D:\scan\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\winhelp\smss.exe
O1 - Hosts: 128.200.59.170 www.symantec.com
O1 - Hosts: 128.200.59.170 symantec.com
O1 - Hosts: 120.153.250.219 securityresponse.symantec.com
O1 - Hosts: 120.153.250.219 symantecstore.com
O1 - Hosts: 120.153.250.219 www.symantecstore.com
O1 - Hosts: 120.153.250.219 service1.symantec.com
O1 - Hosts: 77.248.224.17 sarc.com
O1 - Hosts: 77.248.224.17 www.sarc.com
O1 - Hosts: 77.248.224.17 www.sophos.com
O1 - Hosts: 34.88.199.69 sophos.com
O1 - Hosts: 34.88.199.69 www.mcafee.com
O1 - Hosts: 34.88.199.69 mcafee.com
O1 - Hosts: 26.41.135.118 customer.symantec.com
O1 - Hosts: 26.41.135.118 liveupdate.symantec.com
O1 - Hosts: 26.41.135.118 liveupdate.symantecliveupdate.com
O1 - Hosts: 26.41.135.118 www.viruslist.com
O1 - Hosts: 111.136.236.170 viruslist.com
O1 - Hosts: 111.136.236.170 f-secure.com
O1 - Hosts: 111.136.236.170 www.f-secure.com
O1 - Hosts: 111.136.236.170 f-prot.com
O1 - Hosts: 102.90.45.219 www.f-prot.com
O1 - Hosts: 102.90.45.219 kaspersky.com
O1 - Hosts: 102.90.45.219 kaspersky-labs.com
O1 - Hosts: 102.90.45.219 www.avp.com
O1 - Hosts: 59.57.147.16 avp.com
O1 - Hosts: 59.57.147.16 www.kaspersky.com
O1 - Hosts: 59.57.147.16 www.networkassociates.com
O1 - Hosts: 59.57.147.16 networkassociates.com
O1 - Hosts: 16.152.121.69 www.ca.com
O1 - Hosts: 16.152.121.69 www3.ca.com
O1 - Hosts: 16.152.121.69 ca.com
O1 - Hosts: 16.152.121.69 mast.mcafee.com
O1 - Hosts: 8.106.57.118 my-etrust.com
O1 - Hosts: 8.106.57.118 www.my-etrust.com
O1 - Hosts: 8.106.57.118 dispatch.mcafee.com
O1 - Hosts: 8.106.57.118 secure.nai.com
O1 - Hosts: 220.200.32.170 nai.com
O1 - Hosts: 220.200.32.170 www.nai.com
O1 - Hosts: 220.200.32.170 vil.nai.com
O1 - Hosts: 220.200.32.170 update.symantec.com
O1 - Hosts: 50.40.6.222 updates.symantec.com
O1 - Hosts: 50.40.6.222 us.mcafee.com
O1 - Hosts: 50.40.6.222 mcafee.net
O1 - Hosts: 50.40.6.222 rads.mcafee.com
O1 - Hosts: 42.249.198.16 download.mcafee.com
O1 - Hosts: 42.249.198.16 trendmicro.com
O1 - Hosts: 42.249.198.16 www.trendmicro.com
O1 - Hosts: 42.249.198.16 housecall.trendmicro.com
O1 - Hosts: 254.88.44.68 pandasoftware.com
O1 - Hosts: 254.88.44.68 www.pandasoftware.com
O1 - Hosts: 254.88.44.68 www.trendmicro.com
O1 - Hosts: 254.88.44.68 free.grisoft.com
O1 - Hosts: 245.42.108.117 www.grisoft.com
O1 - Hosts: 245.42.108.117 grisoft.com
O1 - Hosts: 245.42.108.117 clamav.net
O1 - Hosts: 245.42.108.117 www.clamav.net
O1 - Hosts: 202.137.210.41 free-av.com
O1 - Hosts: 202.137.210.41 www.free-av.com
O1 - Hosts: 202.137.210.41 www.avast.com
O1 - Hosts: 202.137.210.41 avast.com
O1 - Hosts: 160.105.184.94 cert.org
O1 - Hosts: 160.105.184.94 www.cert.org
O1 - Hosts: 160.105.184.94 www.microsoft.com
O1 - Hosts: 160.105.184.94 microsoft.com
O1 - Hosts: 151.185.120.143 www.virustotal.com
O1 - Hosts: 151.185.120.143 virustotal.com
O1 - Hosts: 151.185.120.143 www.teamanti-virus.org
O1 - Hosts: 236.153.95.195 teamanti-virus.org
O1 - Hosts: 236.153.95.195 www.drsolomon.com
O1 - Hosts: 236.153.95.195 drsolomon.com
O1 - Hosts: 236.153.95.195 www.virusbtn.com
O1 - Hosts: 193.248.69.247 virusbtn.com
O1 - Hosts: 193.248.69.247 update.microsoft.com
O1 - Hosts: 193.248.69.247 windowsupdate.microsoft.com
O1 - Hosts: 185.201.5.41 www.avgbulgaria.com
O1 - Hosts: 185.201.5.41 avgbulgaria.com
O1 - Hosts: 185.201.5.41 www.vet.com.au
O1 - Hosts: 185.201.5.41 vet.com.au
O1 - Hosts: 142.41.107.93 antivirus.about.com
O1 - Hosts: 142.41.107.93 www.avg-antivirus.net
O1 - Hosts: 134.249.171.142 avg-antivirus.net
O1 - Hosts: 134.249.171.142 nod32.com
O1 - Hosts: 134.249.171.142 www.nod32.com
O1 - Hosts: 134.249.171.142 virus-radar.com
O1 - Hosts: 91.89.17.195 www.virus-radar.com
O1 - Hosts: 91.89.17.195 bitdefender.com
O1 - Hosts: 91.89.17.195 www.bitdefender.com
O1 - Hosts: 91.89.17.195 www.freebyte.com
O1 - Hosts: 176.57.247.247 freebyte.com
O1 - Hosts: 176.57.247.247 www.zonelabs.com
O1 - Hosts: 176.57.247.247 zonelabs.com
O1 - Hosts: 176.57.247.247 download.zonelabs.com
O1 - Hosts: 167.138.183.41 smb.sygate.com
O1 - Hosts: 167.138.183.41 www.agnitum.com
O1 - Hosts: 167.138.183.41 agnitum.com
O1 - Hosts: 167.138.183.41 kasperskyusa.com
O1 - Hosts: 124.105.158.93 www.kasperskyusa.com
O1 - Hosts: 124.105.158.93 www.kaspersky.com.au
O1 - Hosts: 124.105.158.93 kaspersky.com.au
O1 - Hosts: 124.105.158.93 www.kaspersky.co.uk
O1 - Hosts: 81.200.132.145 kaspersky.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: YOK广告拦截插件 - {972566B2-93BF-41AA-B06D-5F81DB7E38E1} - C:\WINNT\system32\yokhad.dll (file missing)
O2 - BHO: T2BHO Class - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\barhelp22.0.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\drivers\inf\bands.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - IE工具栏增项: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [Intrenat] C:\WINNT\intrenat.exe
O4 - 启动项HKLM\\Run: [RavTask] "E:\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\RunServices: [Intrenat] C:\WINNT\intrenat.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PK Guard 32] C:\WINNT\system32\winhelp\smss.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - 启动项HKCU\\RunServices: [PK Guard 32] C:\WINNT\system32\winhelp\smss.exe
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - IE右键菜单中的新增项目: YOK搜索(&Y) - C:\WINNT\system32\yoksch.htm
O8 - IE右键菜单中的新增项目: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\My Documents\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\My Documents\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\My Documents\qq\SendMMS.htm
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8112118A-F51A-44C5-B448-C9151EA6D74B}: NameServer = 192.168.1.28,202.96.134.133,202.96.128.68,202.96.154.15,202.96.154.6
O20 - AppInit_DLLs: C:\WINNT\system32\SoDAHK.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\rising\Rav\Ravmond.exe
O23 - NT 服务: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)

【回复“weihenry”的帖子】



建议卸载“天下搜索”。
清空IE临时文件，暂时关闭系统还原。重新启动至安全模式，关闭所有不必要的窗口，使用HijackThis扫描后修复（在需要修复的项目前面打对勾，然后按“Fix checked”或“修复”，修复前会询问您是否需要备份，请选择“Yes”或“是”）：
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\winhelp\smss.exe
O1 - Hosts: 128.200.59.170 www.symantec.com
O1 - Hosts: 128.200.59.170 symantec.com
O1 - Hosts: 120.153.250.219 securityresponse.symantec.com
O1 - Hosts: 120.153.250.219 symantecstore.com
O1 - Hosts: 120.153.250.219 www.symantecstore.com
O1 - Hosts: 120.153.250.219 service1.symantec.com
O1 - Hosts: 77.248.224.17 sarc.com
O1 - Hosts: 77.248.224.17 www.sarc.com
O1 - Hosts: 77.248.224.17 www.sophos.com
O1 - Hosts: 34.88.199.69 sophos.com
O1 - Hosts: 34.88.199.69 www.mcafee.com
O1 - Hosts: 34.88.199.69 mcafee.com
O1 - Hosts: 26.41.135.118 customer.symantec.com
O1 - Hosts: 26.41.135.118 liveupdate.symantec.com
O1 - Hosts: 26.41.135.118 liveupdate.symantecliveupdate.com
O1 - Hosts: 26.41.135.118 www.viruslist.com
O1 - Hosts: 111.136.236.170 viruslist.com
O1 - Hosts: 111.136.236.170 f-secure.com
O1 - Hosts: 111.136.236.170 www.f-secure.com
O1 - Hosts: 111.136.236.170 f-prot.com
O1 - Hosts: 102.90.45.219 www.f-prot.com
O1 - Hosts: 102.90.45.219 kaspersky.com
O1 - Hosts: 102.90.45.219 kaspersky-labs.com
O1 - Hosts: 102.90.45.219 www.avp.com
O1 - Hosts: 59.57.147.16 avp.com
O1 - Hosts: 59.57.147.16 www.kaspersky.com
O1 - Hosts: 59.57.147.16 www.networkassociates.com
O1 - Hosts: 59.57.147.16 networkassociates.com
O1 - Hosts: 16.152.121.69 www.ca.com
O1 - Hosts: 16.152.121.69 www3.ca.com
O1 - Hosts: 16.152.121.69 ca.com
O1 - Hosts: 16.152.121.69 mast.mcafee.com
O1 - Hosts: 8.106.57.118 my-etrust.com
O1 - Hosts: 8.106.57.118 www.my-etrust.com
O1 - Hosts: 8.106.57.118 dispatch.mcafee.com
O1 - Hosts: 8.106.57.118 secure.nai.com
O1 - Hosts: 220.200.32.170 nai.com
O1 - Hosts: 220.200.32.170 www.nai.com
O1 - Hosts: 220.200.32.170 vil.nai.com
O1 - Hosts: 220.200.32.170 update.symantec.com
O1 - Hosts: 50.40.6.222 updates.symantec.com
O1 - Hosts: 50.40.6.222 us.mcafee.com
O1 - Hosts: 50.40.6.222 mcafee.net
O1 - Hosts: 50.40.6.222 rads.mcafee.com
O1 - Hosts: 42.249.198.16 download.mcafee.com
O1 - Hosts: 42.249.198.16 trendmicro.com
O1 - Hosts: 42.249.198.16 www.trendmicro.com
O1 - Hosts: 42.249.198.16 housecall.trendmicro.com
O1 - Hosts: 254.88.44.68 pandasoftware.com
O1 - Hosts: 254.88.44.68 www.pandasoftware.com
O1 - Hosts: 254.88.44.68 www.trendmicro.com
O1 - Hosts: 254.88.44.68 free.grisoft.com
O1 - Hosts: 245.42.108.117 www.grisoft.com
O1 - Hosts: 245.42.108.117 grisoft.com
O1 - Hosts: 245.42.108.117 clamav.net
O1 - Hosts: 245.42.108.117 www.clamav.net
O1 - Hosts: 202.137.210.41 free-av.com
O1 - Hosts: 202.137.210.41 www.free-av.com
O1 - Hosts: 202.137.210.41 www.avast.com
O1 - Hosts: 202.137.210.41 avast.com
O1 - Hosts: 160.105.184.94 cert.org
O1 - Hosts: 160.105.184.94 www.cert.org
O1 - Hosts: 160.105.184.94 www.microsoft.com
O1 - Hosts: 160.105.184.94 microsoft.com
O1 - Hosts: 151.185.120.143 www.virustotal.com
O1 - Hosts: 151.185.120.143 virustotal.com
O1 - Hosts: 151.185.120.143 www.teamanti-virus.org
O1 - Hosts: 236.153.95.195 teamanti-virus.org
O1 - Hosts: 236.153.95.195 www.drsolomon.com
O1 - Hosts: 236.153.95.195 drsolomon.com
O1 - Hosts: 236.153.95.195 www.virusbtn.com
O1 - Hosts: 193.248.69.247 virusbtn.com
O1 - Hosts: 193.248.69.247 update.microsoft.com
O1 - Hosts: 193.248.69.247 windowsupdate.microsoft.com
O1 - Hosts: 185.201.5.41 www.avgbulgaria.com
O1 - Hosts: 185.201.5.41 avgbulgaria.com
O1 - Hosts: 185.201.5.41 www.vet.com.au
O1 - Hosts: 185.201.5.41 vet.com.au
O1 - Hosts: 142.41.107.93 antivirus.about.com
O1 - Hosts: 142.41.107.93 www.avg-antivirus.net
O1 - Hosts: 134.249.171.142 avg-antivirus.net
O1 - Hosts: 134.249.171.142 nod32.com
O1 - Hosts: 134.249.171.142 www.nod32.com
O1 - Hosts: 134.249.171.142 virus-radar.com
O1 - Hosts: 91.89.17.195 www.virus-radar.com
O1 - Hosts: 91.89.17.195 bitdefender.com
O1 - Hosts: 91.89.17.195 www.bitdefender.com
O1 - Hosts: 91.89.17.195 www.freebyte.com
O1 - Hosts: 176.57.247.247 freebyte.com
O1 - Hosts: 176.57.247.247 www.zonelabs.com
O1 - Hosts: 176.57.247.247 zonelabs.com
O1 - Hosts: 176.57.247.247 download.zonelabs.com
O1 - Hosts: 167.138.183.41 smb.sygate.com
O1 - Hosts: 167.138.183.41 www.agnitum.com
O1 - Hosts: 167.138.183.41 agnitum.com
O1 - Hosts: 167.138.183.41 kasperskyusa.com
O1 - Hosts: 124.105.158.93 www.kasperskyusa.com
O1 - Hosts: 124.105.158.93 www.kaspersky.com.au
O1 - Hosts: 124.105.158.93 kaspersky.com.au
O1 - Hosts: 124.105.158.93 www.kaspersky.co.uk
O1 - Hosts: 81.200.132.145 kaspersky.co.uk
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\drivers\inf\bands.dll
O4 - 启动项HKLM\\Run: [Intrenat] C:\WINNT\intrenat.exe
O4 - HKCU\..\Run: [PK Guard 32] C:\WINNT\system32\winhelp\smss.exe
O4 - 启动项HKCU\\RunServices: [PK Guard 32] C:\WINNT\system32\winhelp\smss.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8112118A-F51A-44C5-B448-C9151EA6D74B}: NameServer = 192.168.1.28,202.96.134.133,202.96.128.68,202.96.154.15,202.96.154.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = atc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = atc.com
重新启动计算机，显示隐藏文件和系统文件，删除（如果存在的话）：
C:\WINNT\system32\winhelp文件夹
C:\WINNT\intrenat.exe
C:\WINNT\system32\drivers\inf文件夹
待修复完成，如果问题依旧，请继续跟帖说明情况。
以上建议仅供参考，如果您认识其中的一些设置抑或是您的手动设置，就不必执行。

【回复“weihenry”的帖子】



建议下载并使用ewido：

http://www.ewido.net/en/download/



图1、下载ewido
安装时，请注意以下几点问题：
1、安装时，为了方便您阅读相关细则，请注意调整安装时的语言选项（德语和英语）；



图2、语言选项
2、当安装进行到Additional Options时，请按图3所示的要求操作。



图3、安装进行到Additional Options的注意事项
安装完毕后，开始进行扫描工作：
1、打开ewido，点击主界面上的“更新”按钮，进行更新工作；
2、更新完毕后，点击主界面上的“扫描器”按钮，然后点击“Scan Settings”，按照图4所示的要求操作，设定完成后，按“确定”；



图4、Scan Settings
3、开始扫描。



图5、进行扫描
4、当ewido发现威胁存在时会发出警报，请选择处理方式，然后按“确定”；
5、ewido会根据用户的选择处理这些威胁，当清理失败时（一般该文件在临时文件夹中），ewido会询问您是否删除整个文件夹，请选择“否”；
6、以上工作全部完成后，请保存日志并贴上来。

【回复“天使之剑”的帖子】

用第一种方法已经解决问题！
谢谢:)