我的电脑F盘的每个文件夹中的都有_desktop.ini.我把它们全都删除了，但还是不正常，鼠标不动或移动过程中都显示是后台的状态。每次我打开网站下载小文件，我没有用迅雷下载，但是它也会自动弹出，我把迅雷卸载后，一开机就死机了，我现在只有进安全模式才不会死机，这是怎么回事？我用了hijackthis扫描了，日志如下（这些都是卸载迅雷之前的）：Logfile of HijackThis v1.99.1
Scan saved at 20:43:39, on 2006-8-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NTdhcp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
D:\Maxthon\Max.exe
C:\WINDOWS\system32\wuauclt.exe
D:\金山毒霸\HijackThis\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: isObject Class - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\tbcast.dll (file missing)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [NTdhcp] C:\WINDOWS\system32\NTdhcp.exe
O4 - HKCU\..\Run: [Microsoft TAP] C:\WINDOWS\system32\AppEvent.exe
O4 - Global Startup: iMop.lnk = ?ProgramFiles%\Mop\iMop\iMop.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Tencent\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\QQ2005\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\QQ2005\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\浩方优化版\HFGameOPT\GameClient.exe
O9 - Extra button: iMop游戏频道 - {0A95CD2E-6C1E-4ef1-8396-2124118D9B5F} - http://i.mop.com/game/game.htm (file missing)
O9 - Extra 'Tools' menuitem: iMop游戏频道 - {0A95CD2E-6C1E-4ef1-8396-2124118D9B5F} - http://i.mop.com/game/game.htm (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: JUJU猫宽带宝藏论坛 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.jujumao.net (file missing)
O9 - Extra button: iMop - {9A9F10A2-23C7-4be6-A566-230EDAFB5474} - C:\Program Files\Mop\iMop\iMopStart.exe (file missing)
O9 - Extra 'Tools' menuitem: iMop - {9A9F10A2-23C7-4be6-A566-230EDAFB5474} - C:\Program Files\Mop\iMop\iMopStart.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [CDNCLIENT]  中文上网
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112018624531
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Net Working Service (LoginService) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ray_Pigeon_s (rayPigeon) - Unknown owner - C:\WINDOWS\fitrs.exe (file missing)
其中最后两项中的(file missing)是什么意思？是不是我删错了这两项？怎么恢复？关于SREng日志，我马上传上来

这是SREng的日志：
2006-08-16,22:03:09

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Microsoft TAP><C:\WINDOWS\system32\AppEvent.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <KB83072651><C:\WINDOWS\system32\AppEvent.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0\bin\jusched.exe>  []
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <SOUNDM><winsmd.exe>  []
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <NTdhcp><C:\WINDOWS\system32\NTdhcp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\real\realplayer\svihnkra.dll>  []
    <{F3F54390-D513-4D99-A5DA-476EA9DC6022}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program files\Internet Explorer\PLUGINS\new123.sys>  []
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DLMon><C:\WINDOWS\system32\DLMain.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  []

启动文件夹
[iMop]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iMop.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[Net Working Service / LoginService]
  <C:\WINDOWS\svchost.exe><N/A>
[ray_Pigeon_s / rayPigeon]
  <C:\WINDOWS\fitrs.exe><N/A>
[VKTServ / VKTServ]
  <C:\WINDOWS\system32\VKTServ.exe><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\tbcast.dll, N/A>
[AdSwpr]
  {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[Java Plug-in 1.5.0]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方优化版\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[JUJU猫宽带宝藏论坛]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.net, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[&IE修复专家]
  {123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.5.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.5.0]
  {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\tbcast.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[AdSwpr]
  {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <D:\Tencent\QQ2005\AddToNetDisk.htm, N/A>
[反向链接]
  <res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
  <D:\Tencent\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tencent\QQ2005\SendMMS.htm, N/A>
[类似网页]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://c:\program files\google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
  <res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html, N/A>

正在运行的进程
[PID: 576][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <N/A><N/A>
[PID: 716][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 728][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 892][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1064][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1180][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1336][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1488][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1804][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
    [C:\Program files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system2.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
[PID: 1848][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Internet Explorer\PLUGINS\system2.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [C:\Program files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\WINDOWS\system32\DLMon.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1948][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
    [C:\Program files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system2.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
[PID: 1964][C:\WINDOWS\system32\NTdhcp.exe]  <N/A><N/A>
[PID: 516][D:\金山毒霸\SREng\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system2.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
[PID: 112][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1308][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1728][D:\Maxthon\Max.exe]  <Maxthon International Ltd.><1, 5, 3, 18>
    [D:\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [C:\Program files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system2.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>
    [D:\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 344][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1324][D:\金山毒霸\SREng\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system2.sys]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

以上是全部的，我刚才有SREng修复了注册表中的AppInit_DLLs才能正常起动。内面的数据是KB399952M.LOG,而默认值是除去所有数据

还有，我一开QQ，IE会自动开起一个网站

好了，以下就是日志：

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0\bin\jusched.exe>  []
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <SOUNDM><winsmd.exe>  []
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\real\realplayer\svihnkra.dll>  []
    <{F3F54390-D513-4D99-A5DA-476EA9DC6022}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program files\Internet Explorer\PLUGINS\new123.sys>  []
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DLMon><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  []

==================================
启动文件夹
[iMop]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iMop.lnk><H>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[Net Working Service / LoginService]
  <C:\WINDOWS\svchost.exe><N/A>
[ray_Pigeon_s / rayPigeon]
  <C:\WINDOWS\fitrs.exe><N/A>
[VKTServ / VKTServ]
  <C:\WINDOWS\system32\VKTServ.exe><N/A>

浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\tbcast.dll, N/A>
[AdSwpr]
  {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[Java Plug-in 1.5.0]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方优化版\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[JUJU猫宽带宝藏论坛]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.net, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[&IE修复专家]
  {123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.5.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.5.0]
  {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\tbcast.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[AdSwpr]
  {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <D:\Tencent\QQ2005\AddToNetDisk.htm, N/A>
[反向链接]
  <res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
  <D:\Tencent\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tencent\QQ2005\SendMMS.htm, N/A>
[类似网页]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://c:\program files\google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
  <res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html, N/A>

正在运行的进程
[PID: 568][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <N/A><N/A>
[PID: 708][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 868][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 884][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 964][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1136][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1320][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1484][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1812][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 1856][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1932][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
[PID: 368][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1080][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1624][D:\Maxthon\Max.exe]  <Maxthon International Ltd.><1, 5, 3, 18>
    [D:\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [D:\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 204][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1160][D:\金山毒霸\SREng\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

这几个没有找到C:\WINDOWS\svchost.exe，C:\WINDOWS\system32\VKTServ.exe，C:\WINDOWS\fitrs.exe 我已经做了这步：双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名。但还是没有找到，
这项C:\WINDOWS\system32\DLMain.dll是我用RSE扫描日志后找到删除了，但它是日期是我中毒前就有了