我的每个磁盘的根目录都有一个叫做setup.exe的小文件，删不掉，瑞星查不出，重装系统仍在。无奈，上次系统崩溃前查出过很多backdoor还有木马，这次重装后发现这个setup程序会要求上网，我用瑞星阻止，可能有点用处，现在还没给我怎么发作过。下面是HijackThis的日志，希望大侠们帮我看看什么毛病，谢谢了
Logfile of HijackThis v1.99.1
Scan saved at 07:36:56 上午, on 2006-6-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\绿色软件\网际快车(FlashGet) v1.65 美化特别版\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\绿色软件\网际快车(FlashGet) v1.65 美化特别版\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: JUJU猫 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.jujumao.net (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

就是那个蓝色的小程序，怎么也删不掉

请使用多引擎病毒扫描服务扫描这个setup.exe并贴出报告：
http://www.virustotal.com/flash/index_en.html
http://virusscan.jotti.org/

修复
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
那个文件打包..发到bin59420@yahoo.com.cn

经常出现这样的东东的..

结束它的进程和启动项试试.

先打包发给我...

Service load:  0%        100% 

File:  Setup.exe 
Status:  OK 
MD5  c70f32720d7d9f55d399cb96c256120d 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing
 
STATUS: FINISHEDComplete scanning result of "Setup.exe", received in VirusTotal at 06.21.2006, 03:54:57 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.13 06.20.2006  no virus found
Authentium 4.93.8 06.20.2006  no virus found
Avast 4.7.844.0 06.20.2006  no virus found
AVG 386 06.20.2006  no virus found
BitDefender 7.2 06.21.2006  no virus found
CAT-QuickHeal 8.00 06.20.2006  no virus found
ClamAV devel-20060426 06.21.2006  no virus found
DrWeb 4.33 06.20.2006  no virus found
eTrust-InoculateIT 23.72.43 06.20.2006  no virus found
eTrust-Vet 12.6.2267 06.21.2006  no virus found
Ewido 3.5 06.20.2006  no virus found
Fortinet 2.77.0.0 06.21.2006  no virus found
F-Prot 3.16f 06.21.2006  no virus found
Ikarus 0.2.65.0 06.20.2006  no virus found
Kaspersky 4.0.2.24 06.21.2006  no virus found
McAfee 4789 06.21.2006  no virus found
Microsoft 1.1481 06.21.2006  no virus found
NOD32v2 1.1611 06.20.2006  no virus found
Norman 5.90.21 06.20.2006  no virus found
Panda 9.0.0.4 06.20.2006 Suspicious file
Sophos 4.06.0 06.20.2006  no virus found
Symantec 8.0 06.21.2006  no virus found
TheHacker 5.9.8.162 06.20.2006

http://www.virustotal.com/flash/index_en.html
http://virusscan.jotti.org/
上面是这两个的结果，基本全正常
只有这条Panda 9.0.0.4 06.20.2006 Suspicious file

安全模式删除setup.exe