DNS不起作用了，但用IP地址通讯没有任何问题。ping 网关，telnet IP地址都没任何问题。就是DNS不起作用了。如ping www.163.COM 就提示unkown host www.163.com
可能会有人说我的dns没有配置好，这点请放心，绝对没有错，而且DNS服务器是肯定好用的
通过sniffer抓包，发现，如果把netbios over ip 打开，dns不生效，却是通过在本子网广播来解析地址。关闭netbios，sniffer就没抓到任何的DNS请求数据包了。也就是说我的DNS系统已被摧毁！

hijackthis日志：

Logfile of HijackThis v1.99.1
Scan saved at 1:28:52, on 2006-6-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
d:\PROGRA~1\Ixia\Endpoint\endpoint.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINNT\system32\PRPCUI.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\TpShocks.exe
D:\flyenglish5\wabdc7\flyenglishspirit.exe
C:\WINNT\system32\internat.exe
D:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\TPHDEXLG.EXE
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\vmnetdhcp.exe
\192.168.1.88\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\inituser.exe,C:\WINNT\system32\netsend.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O2 - BHO: IEHlprObj Class - {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} - C:\Progra~1\Messenger\netshow.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TP4EX] ; tp4ex.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [JdsEnglishSpirit] D:\flyenglish5\wabdc7\flyenglishspirit.exe
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [racer] ;
O4 - HKCU\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
O4 - HKCU\..\Run: [caidiysetup] C:\Documents and Settings\Administrator\diynetsetupuni.exe
O4 - Startup: Wallpaper Calendar.lnk = D:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm
O8 - Extra context menu item:  添加到新浪点点通阅读器 - res://D:\Program Files\Sina\RssReader\rssreader.exe/RSSFEED.js
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - d:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - d:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 秦皇岛教育网 - D:\Program Files\edusoft\SWFBROWER\web\tj.htm
O9 - Extra button: 易得优播放器 - {009541A0-3B81-101C-92F3-040224009C04} - D:\Program Files\edusoft\SWFBROWER\swfbrowse.exe (file missing)
O9 - Extra 'Tools' menuitem: 易得优播放器 - {009541A0-3B81-101C-92F3-040224009C04} - D:\Program Files\edusoft\SWFBROWER\swfbrowse.exe (file missing)
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\msplus.dll' missing
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.9_20060425.cab
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - file://D:\Program Files\NAI\SnifferNT\Program\j2re-1_3_1_02-win.exe
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E17F2AE-F7C9-4C68-9B68-33F7382901D1}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6200194-BBC7-44A8-A151-2349A9BAFB16}: NameServer = 211.167.240.29
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: QConGina - C:\WINNT\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - d:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINNT\system32\S24EvMon.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - d:\Program Files\SyGate\SHN\sgserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

= =......没明白...

在是我的机器有netsend.exe 应该是gpigeon，但用前面前辈给出来的都杀不干净。我的机器现在上不了网了，因为DNS不好用，急啊！

引用:

【mopery的贴子】= =......没明白... ...........................

就是DNS不能解析地址了。
但其他通讯正常
如果正常的dns，肯定会发送dns解析请求的数据包，通过sniffer肯定能抓取到的。但我的
机器根本就不往外发dns请求。
就是下载了一个软件，macafee提示有木马，并做了删除后，出现该问题的

修复
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O2 - BHO: IEHlprObj Class - {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} - C:\Progra~1\Messenger\netshow.dll
O3 - Toolbar: (no name) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - (no file)
O4 - HKCU\..\Run: [racer] ;
O8 - Extra context menu item: >> 彩信发送 << - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O20 - AppInit_DLLs: APIHookDll.dll

删除
C:\Progra~1\Messenger\netshow.dll

http://www.crsky.com/soft/2924.html
下载超级兔子..用超级兔子清理王卸载流氓软件...
安全模式下...

DNS 服务器正常..

埃，照着操作了，还是不行？

这是现在的log
Logfile of HijackThis v1.99.1
Scan saved at 2:27:18, on 2006-6-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
d:\PROGRA~1\Ixia\Endpoint\endpoint.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\TPHDEXLG.EXE
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINNT\system32\PRPCUI.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\TpShocks.exe
C:\WINNT\system32\conime.exe
D:\flyenglish5\wabdc7\flyenglishspirit.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe
C:\WINNT\system32\internat.exe
D:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
\192.168.1.88\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\inituser.exe,C:\WINNT\system32\netsend.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TP4EX] ; tp4ex.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [JdsEnglishSpirit] D:\flyenglish5\wabdc7\flyenglishspirit.exe
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [racer] ;
O4 - HKCU\..\Run: [caidiysetup] C:\Documents and Settings\Administrator\diynetsetupuni.exe
O4 - Startup: Wallpaper Calendar.lnk = D:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item:  添加到新浪点点通阅读器 - res://D:\Program Files\Sina\RssReader\rssreader.exe/RSSFEED.js
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - d:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - d:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 秦皇岛教育网 - D:\Program Files\edusoft\SWFBROWER\web\tj.htm
O9 - Extra button: 易得优播放器 - {009541A0-3B81-101C-92F3-040224009C04} - D:\Program Files\edusoft\SWFBROWER\swfbrowse.exe (file missing)
O9 - Extra 'Tools' menuitem: 易得优播放器 - {009541A0-3B81-101C-92F3-040224009C04} - D:\Program Files\edusoft\SWFBROWER\swfbrowse.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\msplus.dll' missing
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.9_20060425.cab
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - file://D:\Program Files\NAI\SnifferNT\Program\j2re-1_3_1_02-win.exe
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E17F2AE-F7C9-4C68-9B68-33F7382901D1}: NameServer = 202.106.0.20,202.106.46.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6200194-BBC7-44A8-A151-2349A9BAFB16}: NameServer = 211.167.240.29
O20 - Winlogon Notify: QConGina - C:\WINNT\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - d:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINNT\system32\S24EvMon.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - d:\Program Files\SyGate\SHN\sgserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

修复
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\inituser.exe,C:\WINNT\system32\netsend.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
删除
C:\WINNT\system32\netsend.exe

【回复“arjant”的帖子】
修复
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\inituser.exe,C:\WINNT\system32\netsend.exe

删除
C:\WINNT\system32\inituser.exe
C:\WINNT\system32\netsend.exe

＝＝＝＝＝＝＝＝＝＝＝

http://www.winsockfix.nl/
下载WinsockFix
修复注册表