c:\windows\svchost.exe
注册表键值在power manager下
用瑞星杀完后没有，过一段时间后就出现，监控没有反映，
用手动杀才好使，说win32.hidrag病毒！
杀后把c:\windows\svchost.exe删除后，
过一段时间后又出现，找注册表把power manager下的svchost文件删除后也无效，一会又出现注册表如下imagepath键值是C:\WINDOWS\svchost.exe
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PowerManager]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
  5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,00,\
  00
"DisplayName"="Power Manager"
"ObjectName"="LocalSystem"
"Description"="Manages the power save features of the computer."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PowerManager\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PowerManager\Enum]
"0"="Root\\LEGACY_POWERMANAGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

文件位置不对，肯定不正常，断网去安全模式下查杀，并给系统打上补丁。

现在在安全模式杀那，可是想问下为什么它在PowerManager的子键下，删除后又自动出现那，我是安着监控装的软件，没有反应啊。