这就是你说的用Autoruns保存的日志
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.e:\瑞星2006\rising\rfw\rfwmain.exe
+ SVCHOTc:\windows\system32\svchot.exe
+ Thundere:\迅雷\thundershell.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
C:\Documents and Settings\sane\「开始」菜单\程序\启动
+ 腾讯QQ.lnkQQTENCENTe:\qq\qq.exe
HKLM\System\CurrentControlSet\Services
+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.e:\瑞星2006\rising\rfw\rfwsrv.exe
+ StyleXPServiceStyleXPService Modulec:\program files\tgtsoft\stylexp\stylexpservice.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ WinRAR shell extensione:\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
+ QQBrowserHelper
Object ClassQQIEHelper Module深圳市腾讯计算机系统有限公司e:\qq\qqiehelper.dll
+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll
+ 上网助手CoolBar3721c:\program files\3721\assist\asbar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ coolbarCoolBar3721c:\program files\3721\assist\asbar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 上网助手CoolBar3721c:\program files\3721\assist\asbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864c:\windows\web\related.htm
+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1
+ 豪杰超级解霸9Hero Super Player 9herosofte:\播放器\豪杰超级解霸\sthsdvd.exe
+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns
+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 手机短信File not found: http://sms.3721.com/ie/index.htm
+ 腾讯QQQQTENCENTe:\qq\qq.exe
+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns
+ 寻宝乐趣多File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138
+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns
Task Scheduler
+ DDD_Install_Program.jobremotesetupduduc:\documents and settings\sane\local settings\temp\remotesetup.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ wbsys.dllWindowBlindsStardock.Net, Incc:\windows\system32\wbsys.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll
+ WBfLoadStardocke:\安装程序\新建文件夹\windowblinds5beta2_pconline\base\fastload.dll
+ WBSrvWBSrv.dllStardocke:\安装程序\新建文件夹\windowblinds5beta2_pconline\base\wbsrv.dll
