以下的内容是我用:  hijckthis 扫描到的log

Logfile of HijackThis v1.99.1
Scan saved at 23:15:47, on 2005-10-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\System32\conime.exe
D:\program files\Thunder Network\Thunder\Thunder.exe
D:\program files\xppragram\winrar330\WinRAR.exe
D:\program files\xppragram\winrar330\WinRAR.exe
C:\DOCUME~1\yan\LOCALS~1\Temp\Rar$EX04.266\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\program files\Tencent\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\IEBAR2~1.DLL
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用超级解霸播放 - d:\Herosoft\HeroV9\MPURLGET.HTM
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\program files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\program files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - h:\Herosoft\HeroV8\MPURLGET.HTM
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\msasd.dll' missing
O11 - Options group: [!CNS] 网络实名
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{19AA250B-05E3-4F08-83AF-A8F8DA465933}: NameServer = 61.134.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{19AA250B-05E3-4F08-83AF-A8F8DA465933}: NameServer = 61.134.1.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{19AA250B-05E3-4F08-83AF-A8F8DA465933}: NameServer = 61.134.1.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{19AA250B-05E3-4F08-83AF-A8F8DA465933}: NameServer = 61.134.1.4
O23 - Service: Distributed File System Services (Distfsv) - Unknown owner - C:\WINDOWS\System32\Distfsv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

开始→控制面板→性能和维护→管理工具→服务→查找Distributed File System Services→右击→属性→启动类型→禁止→应用→停止→确定。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\IEBAR2~1.DLL
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\WINDOWS\System32\Distfsv.exe

下载Winsockxpfix修复010项
下载地址：http://free5.ys168.com/?jerryni