不小心点了一个链接www.98f.net,然后主页被修改，我到没有着急，因为不是第一次了，但是尝试一下后，才发现不一样。修改注册表，一些主页修复软件，全都失败，查毒发现病毒，是一种恶意脚本病毒，已经杀死了。无论何种方法都是失败。跪求帮助，另外，貌似只对IE修改，我用Touchnet Browser，并未发现篡改情况。再次跪求解决方法，不然过年都不安心啊！！

Logfile of HijackThis v1.99.1
Scan saved at 19:57:16, on 2006-1-29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
F:\rising\Rav\CCenter.exe
F:\rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
F:\rising\Rav\RavStub.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
C:\WINNT\SOUNDMAN.EXE
F:\SKYNET\FIREWALL\PFW.exe
F:\rising\Rav\RavTask.exe
C:\WINNT\system32\internat.exe
F:\rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Glacier\桌面\248783200522382732\HijackThis.exe

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINNT\DOWNLO~1\BDSrHook.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\userint.exe
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\System32\kakatool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-winpoet-service] ; C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [Super Rabbit Desktop Set] ; F:\MagicSet\DS.EXE /Load
O4 - HKLM\..\Run: [internat.exe] ; internat.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] F:\SKYNET\FIREWALL\PFW.exe
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] ; point32.exe
O4 - HKLM\..\Run: [RavTask] "F:\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = F:\qq\QQ.exe
O4 - Startup: ADSL超频奇兵 V3.06.lnk = ?
O4 - Global Startup: ImageFox.lnk = C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) - http://61.138.178.22/system_c/fc2boot.cab
O16 - DPF: {C0C13879-6A17-429E-80F1-60B23FC1F720} (FcBoot Class) - http://61.135.133.213/game/system/activex/fcboot.cab
O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://igame.sina.com.cn/cab/nmchatx.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} (KATScan Control) - http://db.17173.com/tscan/KATScan.CAB
O16 - DPF: {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} (SHLaunch Control) - http://61.155.9.9/SHLaunch_0935.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01106B6B-024B-4809-8AEF-45B4EFAE0796}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{01106B6B-024B-4809-8AEF-45B4EFAE0796}: NameServer = 202.99.96.68 202.99.64.69
O20 - AppInit_DLLs: apihookdll.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Net Login Helper (netlog) - Unknown owner - C:\WINNT\system32\SCardSer.exe (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\rising\Rav\Ravmond.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET\WrOS.EXE

另外，有一个userinit.exe 很可疑，是我一个软件探测的，总是修改注册表

老大，如果这么简单就能解决的话，我何必费这么大劲。跪求高人指点啊。尝试方法已经无数了:(

连版主都这么说难道真的无解？www.98f.net,没事都是这个而且链接很多其他网页，除非结束任务。难道要重装系统5555555555555555555

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <a-winpoet-service><; C:\Program Files\WinPoET\WinPPPoverEthernet.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Super Rabbit Desktop Set><; F:\MagicSet\DS.EXE /Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <internat.exe><; internat.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SKYNET Personal FireWall><F:\SKYNET\FIREWALL\PFW.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <POINTER><; point32.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"F:\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,C:\WINNT\system32\userint.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><apihookdll.dll>

==================================
启动文件夹
[ImageFox]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ImageFox.lnk><H>
[Adobe Gamma Loader.exe]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.exe.lnk><H>
[腾讯QQ]
  <C:\Documents and Settings\Glacier\「开始」菜单\程序\启动\腾讯QQ.lnk><H>
[ADSL超频奇兵 V3.06]
  <C:\Documents and Settings\Glacier\「开始」菜单\程序\启动\ADSL超频奇兵 V3.06.lnk><H>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINNT\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Net Login Helper / netlog]
  <C:\WINNT\system32\SCardSer.exe ><N/A>
[Rising Process Communication Center / RsCCenter]
  <"F:\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"F:\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Smart Card Helper / SCardDrv]
  <C:\WINNT\system32\SCardSer.exe ><N/A>

==================================
浏览器加载项
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <F:\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <F:\FLASHGET\flashget.exe, Amaze Soft>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <F:\FLASHGET\fgiebar.dll, Amaze Soft>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Fc2Boot Class]
  {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} <C:\WINNT\DOWNLO~1\fc2boot.dll, ±±??????í¨?????a·￠óD?T1???>
[FcBoot Class]
  {C0C13879-6A17-429E-80F1-60B23FC1F720} <C:\WINNT\Downloaded Program Files\fcboot.dll, XXT>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[NMChatX Control]
  {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} <C:\WINNT\DOWNLO~1\NMChatX.ocx, Netmarble>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[KATScan Control]
  {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} <C:\WINNT\System32\kingsoft\KATScan\KATScan.OCX, Kingsoft>
[SHLaunch Control]
  {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} <C:\WINNT\System32\SHLaunch.ocx, >
[&Google Search]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[使用网际快车下载]
  <F:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <F:\FlashGet\jc_all.htm, N/A>
[反向链接]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[类似网页]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>

正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6714>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4114>
[PID: 244][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 256][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6695>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 364][C:\WINNT\System32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4114>
    [C:\WINNT\System32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\System32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 448][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 476][F:\rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 492][F:\rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 6>
    [F:\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [F:\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [F:\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [F:\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [F:\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [F:\rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [F:\rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [F:\rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [F:\rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [F:\rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [F:\rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [F:\rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [F:\rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [F:\rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [F:\rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [F:\rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [F:\rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 4>
    [F:\rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [F:\rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [F:\rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [F:\rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [F:\rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [F:\rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [F:\rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [F:\rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [F:\rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 536][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 584][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\System32\apihookdll.dll]  <N/A><N/A>
[PID: 628][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 732][F:\rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [F:\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [F:\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 820][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 832][C:\Program Files\WinPoET\WrOS.EXE]  <iVasion, a Routerware Company><1, 1, 2, 0>
    [C:\Program Files\WinPoET\WrOSControl.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrFCUtil.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrEventLog.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrRTUtil.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrInterfaceManager.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrConfig.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrNetworkDriver.dll]  <N/A><N/A>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\Program Files\WinPoET\Wr_Mac_Frames.DLL]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrPoetDriver.DLL]  <N/A><N/A>
    [C:\Program Files\WinPoET\WrPacketSock.dll]  <N/A><N/A>
[PID: 864][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
[PID: 1088][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [F:\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 1112][C:\WINNT\system32\Rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
[PID: 1196][C:\WINNT\SOUNDMAN.EXE]  <Avance Logic, Inc.><5.0.02>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
[PID: 1200][F:\SKYNET\FIREWALL\PFW.exe]  <sky.net.cn><2.7.0.1>
    [F:\SKYNET\FIREWALL\IMSEC.DLL]  <N/A><N/A>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
[PID: 1220][F:\rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [F:\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [F:\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [F:\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [F:\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
[PID: 1228][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
[PID: 1236][F:\rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 99>
    [F:\rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [F:\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [F:\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [F:\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [F:\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [F:\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [F:\rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
[PID: 1036][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>
    [c:\program files\google\googletoolbar1.dll]  <Google Inc.><2, 0, 114, 10>
    [F:\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINNT\System32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,14,0>
[PID: 1172][C:\Documents and Settings\Glacier\桌面\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINNT\system32\apihookdll.dll]  <N/A><N/A>
    [C:\WINNT\DOWNLO~1\BDPlugin.dll]  <><1, 0, 1, 1>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

另外 还有2点可疑的地方 在使用System Repair Engineer的过程中，提示我 userinit.exe, APPInit_DLLS这2个被修改，另外每次开机的时候IE总是随机启动.

非常感谢，月下积雪，和版主的版主。问题已经基本解决了。但是我没有找到C:\WINNT\system32\SCardSer.exe这个文件。只有个scardsvr.exe。rising也查毒了，没有发现。另System Repair Engineer还在提醒我AppInit_DLLs被修改为非正常值，疑似病毒.我28日查毒发现：Worm.SCardSer ，Worm.SCardSer.b，Backdoor.Gpigeon.vad，Trojan.VBS.StartPage ，Exploit.Html.Mht.ck ，Harm.Reg.WebImport.i  。那个SCardSer.exe貌似已经杀死了啊，为什么还有呢？AppInit_DLLs被修改为非正常值，如何解决.再次感谢!

版主你太伟大了，万分感谢^_^，新年快乐^_^.