在C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
文件夹里有182635.exe，无论是直接删除，或者用hijackthis修复，删除该文件后，马上又会生成该文件（即182635.exe）。附上扫描结果：


HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:28:08, 日期 2006-11-4
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\conime.exe
C:\WINNT\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\regedit.exe
D:\SoftWare\网络安全\HijackThis1[1].99.1\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Shell - {14040C17-5421-4560-9C2C-359192EF31A5} - C:\WINNT\system32\mstask32.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5059.dll (file missing)
O2 - BHO: (no name) - {52CFADF9-6DBD-8C06-8452-21AEFBF10D93} - C:\WINNT\system32\ftmsdtcu.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - 启动项HKLM\\Run: [Acrobat Assistant 7.0] "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - 启动项HKLM\\Run: [DAEMON Tools] ; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [ProxyThorn] D:\ProxyThorn\ProxyThorn.exe
O4 - 启动项HKLM\\Run: [MSConfig] D:\SoftWare\sysytem-tools\msconfig.exe /auto
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: 182635.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = D:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: 182635.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - IE右键菜单中的新增项目: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - 浏览器额外的按钮: (no name) - {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} - (no file)
O9 - 浏览器额外的按钮: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - 浏览器额外的“工具”菜单项: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FA2CE7-019C-457C-90AE-B3F6A2763C8F}: NameServer = 202.112.0.35,202.112.20.131,202.114.0.242
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: CVS for NT (cvs) - GNU - C:\Program Files\CVS for NT\cvsservice.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server.exe (file missing)
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: MATLAB Server (matlabserver) - Unknown owner - D:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - NT 服务: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINNT\System32\nutsrv4.exe
O23 - NT 服务: Security Info (secinfo) - Unknown owner - C:\WINNT\security.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Clientbjh (ServiceBJH) - Unknown owner - C:\WINNT\BJH\server.exe (file missing)

谢谢！删除或修复后还是会出现。
用regmon监视，发现有
83295.35235882Explorer.EXE:1064OpenKeyHKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\182635.exeNOT FOUND
83305.35270643Explorer.EXE:1064QueryValueHKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\VersionSUCCESS0x133
83315.36069584svchost.exe:572SetValueHKLM\SYSTEM\CurrentControlSet\Services\BITS32\ErrorControlSUCCESS0x1
83325.36384916svchost.exe:572CloseKeyHKLM\SYSTEM\CurrentControlSet\Services\BITS32SUCCESS
83335.36692047svchost.exe:572CreateKeyHKLM\SYSTEM\CurrentControlSet\Services\BITS32SUCCESSAccess: 0x20006
83345.36711025svchost.exe:572SetValueHKLM\SYSTEM\CurrentControlSet\Services\BITS32\DisplayNameSUCCESS"Background Intelligent Transfer Services"

filemon监视有：
289915:23:16Explorer.EXE:1064CLOSEC:\Documents and Settings\All Users\「开始」菜单\程序\启动\182635.exeSUCCESS
290015:23:16Explorer.EXE:1064OPENC:\Documents and Settings\Administrator\「开始」菜单\程序\启动\182635.exeSUCCESSOptions: Open  Access: All
290115:23:16Explorer.EXE:1064QUERY INFORMATIONC:\Documents and Settings\Administrator\「开始」菜单\程序\启动\182635.exeSUCCESSAttributes: N
290215:23:16Explorer.EXE:1064CLOSEC:\Documents and Settings\Administrator\「开始」菜单\程序\启动\182635.exeSUCCESS

曾试过sreng，电脑打不开该软件，电脑可能有点问题，无论双击或右键打开，均无任何反应。

谢谢！可以了，为什么改为com就可以了？

2006-11-05,23:04:29

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><; 打矠>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <SiSPower><Rundll32.exe SiSPower.dll,ModeAgent>  [Silicon Integrated Systems Corporation]
    <Acrobat Assistant 7.0><"D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <MSConfig><D:\SoftWare\sysytem-tools\msconfig.exe /auto>  [Microsoft Corporation]
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <CnsMin><; Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32>  [N/A]
    <Desktop><; C:\WINNT\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  [N/A]
    <helper.dll><; C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <ProxyThorn><; D:\ProxyThorn\ProxyThorn.exe>  [Huazhong University of Science and Technology]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <wdfmgr32><; C:\WINNT\system32\wdfmgr32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{01963850-3850-1962-5019-850968501962}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll>  [N/A]
    <{90199623-6238-3862-5019-858509623819}><C:\Program Files\Common Files\SYSTEM\90186352.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\System32\NavLogon.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\System32\ss3dfo.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\MICROS~1\Office10\OSA.EXE [Microsoft Corporation]><N>
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINNT\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><N>
[182635]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\182635.exe -->  [N/A]><N>
[182635]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\182635.exe -->  [N/A]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AutoUpgrade / AutoUpgrade]
  <C:\WINNT\System32\svchost.exe -k AutoUpgrade-->C:\WINNT\system32\perfh009.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Kaspersky Anti-Virus 6.0 / AVP]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Background Intelligent Transfer Services / BITS32]
  <C:\WINNT\System32\svchost.exe -k BITS32-->c:\winnt\system32\fm2032.dll><N/A>
[CVS for NT / cvs]
  <C:\Program Files\CVS for NT\cvsservice.exe><GNU>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Gray_Pigeon_Server / GrayPigeonServer]
  <C:\WINNT\G_Server.exe><N/A>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Indexing Service / IndexingService]
  <><N/A>
[iPodService / iPodService]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[MATLAB Server / matlabserver]
  <D:\MATLAB6p5\webserver\bin\win32\matlabserver.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[NuTCRACKER Service / NuTCRACKERService]
  <C:\WINNT\System32\nutsrv4.exe><DataFocus, Inc.>
[DNS SystemServices / RpcSs32]
  <C:\WINNT\System32\svchost.exe -k RpcSs32-->c:\winnt\system32\javaprxy32.dll><N/A>
[Security Info / secinfo]
  <C:\WINNT\security.exe><N/A>
[Distributed Link Tracking Clientbjh / ServiceBJH]
  <C:\WINNT\BJH\server.exe><N/A>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge]
  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>

==================================
驱动程序
[129754447 / 129754447]
  <\SystemRoot\System32\drivers\129754447.sys><N/A>
[a0 / a0]
  <\SystemRoot\\SystemRoot\System32\drivers\129754447.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[DRPKIONT / DRPKIONT]
  <\SystemRoot\System32\drivers\drpkiont.sys><N/A>
[dtscsi / dtscsi]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[C6xxx EVM PCI Driver / EVM6X]
  <\SystemRoot\System32\drivers\evm6x.sys><Texas Instruments Incoporated>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\rising\Rav\ExpScan.sys><N/A>
[GEARAspiWDM / GEARAspiWDM]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HookCont / HookCont]
  <\??\C:\Program Files\rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg]
  <\??\C:\Program Files\rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys]
  <\??\C:\Program Files\rising\Rav\HookSys.sys><N/A>
[IPHOOK / IPHOOK]
  <\??\C:\Program Files\rising\rfw\2000\iphook.sys><Beijing Rising Technology Corporation Limited>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\rising\Rav\MEMSCAN.sys><N/A>
[New0 / New0]
  <\??\C:\WINNT\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[NPPTNT / NPPTNT]
  <\??\C:\WINNT\System32\npptNT.sys><INCA Internet Co., Ltd.>
[PCANDIS5 Protocol Driver / PCANDIS5]
  <\??\C:\WINNT\System32\PCANDIS5.SYS><N/A>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[PortTalk / PortTalk]
  <System32\Drivers\PortTalk.sys><Beyond Logic http://www.beyondlogic.org>
[StarForce Protection Environment Driver v6 / prodrv06]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R2A / R2A]
  <\??\C:\WINNT\system32a2.sys><N/A>
[RGWatch / RGWatch]
  <\SystemRoot\system32\DRIVERS\RGWatch.sys><N/A>
[SecDrv / SecDrv]
  <\??\C:\WINNT\System32\drivers\SECDRV.SYS><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03]
  <\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[SiS315 / SiS315]
  <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP]
  <\SystemRoot\System32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
  <System32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
  <System32\DRIVERS\sisnic.sys><SiS Corporation>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[TDIHOOK / TDIHOOK]
  <\??\C:\Program Files\rising\rfw\2000\tdihook.sys><Beijing Rising Technology Corporation Limited>
[USBAT Controller Driver / UPATC]
  <System32\DRIVERS\upatc.sys><SCM Microsystems Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Shell]
  {14040C17-5421-4560-9C2C-359192EF31A5} <C:\WINNT\system32\mstask32.dll, N/A>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5059.dll, N/A>
[]
  {52CFADF9-6DBD-8C06-8452-21AEFBF10D93} <C:\WINNT\system32\ftmsdtcu.dll, N/A>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FLASHGET\getflash.dll, N/A>
[Web Anti-Virus]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[NetAnts]
  {57E91B47-F40A-11D1-B792-444553540000} <C:\PROGRA~1\NETANTS\NetAnts.exe,  >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[&Download by NetAnts]
  <C:\PROGRA~1\NETANTS\NAGet.htm, N/A>
[Download &All by NetAnts]
  <C:\PROGRA~1\NETANTS\NAGetAll.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://D:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 220][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 248][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 268][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
    [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.336]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\WINNT\System32\NavLogon.dll]  [N/A, N/A]
[PID: 300][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 312][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
[PID: 516][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 540][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\System32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [D:\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  [N/A, N/A]
[PID: 580][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\perfh009.dll]  [N/A, N/A]
[PID: 592][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 600][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.336]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.1.336]
[PID: 620][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\fm2032.dll]  [N/A, N/A]
[PID: 648][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 680][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 796][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\javaprxy32.dll]  [N/A, N/A]
[PID: 820][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 900][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 932][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1056][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINNT\system32\mstask32.dll]  [N/A, N/A]
    [C:\WINNT\system32\ftmsdtcu.dll]  [N/A, N/A]
    [D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.1.336]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll]  [GlobalSCAPE Texas, LP., 50, 6, 3, 2]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [C:\WINNT\System\cmicnfg.cpl]  [C-Media Corporation, 1, 0, 0, 17]
    [C:\Program Files\UltraEdit\ue32ctmn.dll]  [, 1.0]
    [D:\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [D:\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.336]
    [C:\WINNT\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINNT\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.336]
    [D:\Adobe\Acrobat 7.0\Distillr\ADIST32.dll]  [Adobe Systems Incorporated., 7.0.0.0]
    [D:\Adobe\Acrobat 7.0\Distillr\ADIST32.chs]  [N/A, N/A]
    [D:\Adobe\Acrobat 7.0\esl\asneu.dll]  [Adobe Systems Inc., 1, 6, 0, 8]
[PID: 1228][D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe]  [Adobe Systems Inc., 6.0.1.2004121400]
    [D:\Adobe\Acrobat 7.0\Distillr\Acrotray.chs]  [Adobe Systems Inc., 6.0.0.0]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1248][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1016][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1080][C:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 160]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 3, 2, 1]
    [C:\Program Files\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\GroupLive.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\ShareFiles.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\SCCore.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\GroupConnection.dll]  [Tencent, 5, 0, 202, 170]
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\Tencent\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\Program Files\Tencent\QQ\QQUdpGetFileLib.dll]  [tencent, 0, 2, 2, 3]
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
    [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
    [C:\Program Files\Tencent\QQ\QQFileTransfer.dll]  [Tencent, 5, 0, 202, 180]
    [C:\Program Files\Tencent\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]

[PID: 348][C:\Program Files\rising\rfw\Rfw.exe]  [Beijing Rising Technology Corporation Limited, 2, 2, 0, 12]
    [C:\Program Files\rising\rfw\BmpFace.dll]  [Beijing Rising Technology Corporation Limited, 2, 1, 0, 0]
    [C:\Program Files\rising\rfw\rfw.dll]  [Beijing Rising Technology Corporation Limited, 2, 3, 0, 0]
    [C:\Program Files\rising\rfw\chn\rfw.lag]  [Beijing Rising Technology Corporation Limited, 2, 2, 0, 8]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1092][D:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 6, 42]
    [D:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\Program Files\Serv-U\ServUPerfCount.dll]  [N/A, N/A]
    [D:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.336]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.336]
    [D:\SoftWare\网络安全\sreng2\SREng\SREng.com]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Common Files\SYSTEM\90186352.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll]  [N/A, N/A]
    [C:\WINNT\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NuTCRACKER Unix domain sockets (STREAM)
    C:\WINNT\system32\nutafun4.dll(DataFocus, Inc., NuTCRACKER AF_UNIX WinSock2 provider)
NuTCRACKER Unix domain sockets (DGRAM)
    C:\WINNT\system32\nutafun4.dll(DataFocus, Inc., NuTCRACKER AF_UNIX WinSock2 provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 www1.tmdqq.net
127.0.0.1 www3.57185.com
127.0.0.1 www.im123.net
127.0.0.1 www.im133.com
9.9.9.9 skypetools.tom.com
9.9.9.9 download.3721.com

还有些网址省略了

在安全模式下无法删除以下文件：
C:\Program Files\Common Files\SYSTEM\90186352.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\38501962.dll
注册表相关项删除了又出现。

用killbox的替换删除搞定了。
但是启动 目录里的182635.exe 删除了 又出现。