Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\PROGRA~1\KV2005\KVSrvXP.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\KV2005\KVMonXP.kxp
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\DuDu\DDDClient\dudupros.exe
C:\PROGRA~1\KV2005\TrojDie_2.kxp
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\KV2005\KRegEx.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\Documents and Settings\orient\桌面\426101200522225654\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O1 - Hosts: 218.5.77.189　　　localhost
O1 - Hosts: 218.5.77.189 assistant.3721,com
O1 - Hosts: 218.5.77.189 3656.net
O1 - Hosts: 218.5.77.189 www.3656.net
O1 - Hosts: 218.5.77.189 kk778.com
O1 - Hosts: 218.5.77.189 www.kk778.com
O1 - Hosts: 218.5.77.189 57666.com
O1 - Hosts: 218.5.77.189 www.57666.com
O1 - Hosts: 218.5.77.189 ok38.com
O1 - Hosts: 218.5.77.189 www.ok38.com
O1 - Hosts: 218.5.77.189 55665.com
O1 - Hosts: 218.5.77.189 www.55665.com
O1 - Hosts: 218.5.77.189 www.58558.net
O1 - Hosts: 218.5.77.189 5850.com
O1 - Hosts: 218.5.77.189 www.5850.com
O1 - Hosts: 218.5.77.189 www.998569.com
O1 - Hosts: 218.5.77.189 998569.com
O1 - Hosts: 218.5.77.189 www.k778.net
O1 - Hosts: 218.5.77.189 k778.net
O1 - Hosts: 218.5.77.189 www.tk12.com
O1 - Hosts: 218.5.77.189 tk12.com
O1 - Hosts: 218.5.77.189 www.5866.net
O1 - Hosts: 218.5.77.189 5866.net
O1 - Hosts: 218.5.77.189 www.k45678.com
O1 - Hosts: 218.5.77.189 k45678.com
O1 - Hosts: 218.5.77.189 www.559988.net
O1 - Hosts: 218.5.77.189 559988.net
O1 - Hosts: 218.5.77.189 www.338899.net
O1 - Hosts: 218.5.77.189 338899.net
O1 - Hosts: 218.5.77.189 www.23331.com
O1 - Hosts: 218.5.77.189 23331.com
O1 - Hosts: 218.5.77.189 www.tm996.com
O1 - Hosts: 218.5.77.189 tm996.com
O1 - Hosts: 218.5.77.189 www.373721.com
O1 - Hosts: 218.5.77.189 373721.com
O1 - Hosts: 218.5.77.189 www.lf118.net
O1 - Hosts: 218.5.77.189 lf118.net
O1 - Hosts: 218.5.77.189 www.tt388.com
O1 - Hosts: 218.5.77.189 tt388.com
O1 - Hosts: 218.5.77.189 www.66128.com
O1 - Hosts: 218.5.77.189 66128.com
O1 - Hosts: 218.5.77.189 www.556611.com
O1 - Hosts: 218.5.77.189 556611.com
O1 - Hosts: 218.5.77.189 www.tm886.com
O1 - Hosts: 218.5.77.189 tm886.com
O1 - Hosts: 218.5.77.189 www.pm118.com
O1 - Hosts: 218.5.77.189 pm118.com
O1 - Hosts: 218.5.77.189 www.1-49m.net
O1 - Hosts: 218.5.77.189 1-49m.net
O1 - Hosts: 218.5.77.189 www.te828.com
O1 - Hosts: 218.5.77.189 te828.com
O1 - Hosts: 218.5.77.189 www.77123.com
O1 - Hosts: 218.5.77.189 77123.com
O1 - Hosts: 218.5.77.189 www.89880.com
O1 - Hosts: 218.5.77.189 89880.com
O1 - Hosts: 218.5.77.189 www.hj888.com
O1 - Hosts: 218.5.77.189 hj888.com
O1 - Hosts: 218.5.77.189 www.fu18.net
O1 - Hosts: 218.5.77.189 fu18.net
O1 - Hosts: 218.5.77.189 www.aa899.com
O1 - Hosts: 218.5.77.189 aa899.com
O1 - Hosts: 218.5.77.189 www.xg6699.com
O1 - Hosts: 218.5.77.189 xg6699.com
O1 - Hosts: 218.5.77.189 www.334499.com
O1 - Hosts: 218.5.77.189 334499.com
O1 - Hosts: 218.5.77.189 www.94448.com
O1 - Hosts: 218.5.77.189 94448.com
O1 - Hosts: 218.5.77.189 www.98456.com
O1 - Hosts: 218.5.77.189 98456.com
O1 - Hosts: 218.5.77.189 www.lhc468.com
O1 - Hosts: 218.5.77.189 lhc468.com
O1 - Hosts: 218.5.77.189 www.5739.com
O1 - Hosts: 218.5.77.189 5739.com
O1 - Hosts: 218.5.77.189 www.zdr8.net
O1 - Hosts: 218.5.77.189 zdr8.net
O1 - Hosts: 218.5.77.189 www.3721,com
O1 - Hosts: 218.5.77.189 3721.com
O1 - Hosts: 218.5.77.189 www.sina.com.cn
O1 - Hosts: 218.5.77.189 sina.com.cn
O1 - Hosts: 218.5.77.189 www.sina.com
O1 - Hosts: 218.5.77.189 sina.com
O1 - Hosts: 218.5.77.189 www.sina.net
O1 - Hosts: 218.5.77.189 sina.net
O1 - Hosts: 218.5.77.189 www.163.net
O1 - Hosts: 218.5.77.189 163.net
O1 - Hosts: 218.5.77.189 sohu.net
O1 - Hosts: 218.5.77.189 www.sohu.net
O1 - Hosts: 218.5.77.189 55hh.com
O1 - Hosts: 218.5.77.189 www.55hh.com
O1 - Hosts: 218.5.77.189 hk6738.com
O1 - Hosts: 218.5.77.189 www.hk6738.com
O1 - Hosts: 218.5.77.189 tm779.com
O1 - Hosts: 218.5.77.189 www.tm779.com
O1 - Hosts: 218.5.77.189 k919.com
O1 - Hosts: 218.5.77.189 www.k919.com
O1 - Hosts: 218.5.77.189 34422.com
O1 - Hosts: 218.5.77.189 www.34422.com
O1 - Hosts: 218.5.77.189 kkkyyy.com
O1 - Hosts: 218.5.77.189 www.kkkyyy.com
O1 - Hosts: 218.5.77.189 hk96.com
O1 - Hosts: 218.5.77.189 www.hk96.com

O2 - BHO: DDDMon Class - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2005\KvShell_1.dll
O2 - BHO: ShowBarObject Class - {850B69E4-90DB-4F45-8621-891BF35A5B53} - c:\windows\system32\alitb\__new\bar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: KuroBar - {37DE7A73-1E01-47d6-BB9B-99BEDB7A22E2} - D:\sj01公用文件夹\zjon\srzp\yahoo\Kuro\KuroBar.dll (file missing)
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2005\KvShell_1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RavTimer] rem D:\Program Files\rising\rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] rem D:\Program Files\rising\rav\RavMon.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p hpLaserJet1300n -pn "hp LaserJet 1300n PCL 6" -n 0 -l 2052 -sl 120000
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KvMonXP] C:\PROGRA~1\KV2005\KVMonXP.kxp /auto
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KvXP] C:\PROGRA~1\KV2005\KvXP.kxp /ScanBoot /ScanSys
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microtek 扫描仪探测器.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: DuDu加速器.lnk = C:\Program Files\DuDu\DDDClient\DuDuAcc.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: Kuro搜索mp3 - res://D:\sj01公用文件夹\zjon\srzp\yahoo\Kuro\KuroBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\WINDOWS\Driver Cache\i386\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\WINDOWS\Driver Cache\i386\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\WINDOWS\Driver Cache\i386\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 铃声 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://huanghetv.sms.163.com (file missing)
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - c:\windows\system32\alitb\__new\bar.dll
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: ATS专业网络心理测评系统(588b.) - {6C154190-9BF2-499F-A3A7-7E9D258E7ECD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\Driver Cache\i386\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\Driver Cache\i386\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - E:\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - E:\FLASHD~1\iebt.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod 服务 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - C:\PROGRA~1\KV2005\KVSrvXP.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: pcAnywhere Install Service - Unknown owner - C:\Program Files\Symantec\pcAnywhere\pca_run.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe