100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\RUNDLL32.EXE
100 - 安全 - Process: VM_STI.EXE [still image (sti) driver驱动程序，一般用于电脑摄像头。] - C:\WINDOWS\VM_STI.EXE
100 - 安全 - Process: SOUNDMAN.EXE [一个软声卡控制台软件。] - C:\WINDOWS\SOUNDMAN.EXE
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: iexplore.exe [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS\system32\conime.exe
100 - 安全 - Process: flashget.exe [一款下载软件，支持多线程下载和断点续传。] - C:\Program Files\FlashGet\flashget.exe
100 - 安全 - Process: 诊断报告工具.exe [ReportTool Microsoft 基础类应用程序] - C:\Documents and Settings\Administrator\桌面\CheckTool\诊断报告工具.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (Flashget Catch Url Class) - [网际快车，支持下载后的文件管理] - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O3 - 安全 - Toolbar: (快车(FlashGet)) - [FlashGet IE工具条。] - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - 安全 - Toolbar: (BitComet工具栏) - [bitcomet工具栏] - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O3 - 安全 - Toolbar: (Easy-WebPrint) - [佳能打印机网页打印软件相关插件。] - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - 安全 - HKLM\..\Run: [BigDogPath] [网眼摄像头驱动] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 安全 - HKLM\..\Run: [SoundMan] [Realtek声卡相关程序。] SOUNDMAN.EXE
O4 - 安全 - HKLM\..\Run: [SKYNET Personal FireWall] [天网个人防火墙] D:\Program Files\SkyNet\FireWall\PFW.exe
O4 - 安全 - HKLM\..\Run: [Easy-PrintToolBox] [佳能出品的相关软件。] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - 安全 - HKLM\..\Run: [AVP] [卡巴斯基杀毒软件相关程序。] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [bgswitch] [微软出品的自动换壁纸程序。] C:\WINDOWS\system32\bgswitch.exe
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: 卡巴斯基Web反病毒保护插件(HKLM) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe - (running)

=======================================

O40 - Explorer.EXE -  - C:\PROGRA~1\baidu\iexp\BDSrHook.dll - Baidu Search Companion - 3ecb0f50fcd3d7379ffd701db0a33f22
O40 - Explorer.EXE - Baidu.com, Inc. - C:\PROGRA~1\baidu\bar\baidubar.dll - BaiduBar Module - f082a992f1de45e8fd0eb1365f07cc4d
O40 - Explorer.EXE - www.flashget.com - C:\Program Files\FlashGet\fgmgr.dll - Flashget Manager  - 3c8ec93df9cba83062933a25bb47cec2
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll - Microsoft? C Runtime Library - 16d7ddf3b659f7cf1cb9f4dcff4219f0
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll - Microsoft? C++ Runtime Library - 2bc650257fb0867abd54fd460ec2bafc
O40 - Explorer.EXE - www.flashget.com - C:\Program Files\FlashGet\jccatch.dll - Flashget CatchUrl Module - 2d4a40c58861b448273e4c9b87b95c07
O40 - RUNDLL32.EXE -  - C:\PROGRA~1\baidu\iexp\BDSrHook.dll - Baidu Search Companion - 3ecb0f50fcd3d7379ffd701db0a33f22

=======================================

O41 - adsrsvc - Dynamic Link Library - C:\WINDOWS\system32\drivers\adsrsvc.SYS - (running) - Dynamic Link Library -  - d14bdc5d744a78b841684d78434ef1ea
O41 - BdGuard - BDGUARD Dynamic Link Library - C:\WINDOWS\system32\drivers\BDGuard.SYS - (running) - BDGUARD Dynamic Link Library -  - d8ad2f959208197455aa4a2a67be9f69
O41 - klif - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 6197b679ea867da4bd42d9a440cef663
O41 - SKNFW - SKNFW - C:\WINDOWS\system32\drivers\SKNFW.sys - (running) -  -  - 3d40ce47367347c16c5e0a47178ac677
O41 - ZSMC302 - Video streaming and Capture Device Driver - C:\WINDOWS\system32\drivers\usbVM31b.sys - (running) - Video streaming and Capture Device Driver - VM - f34e79ae663bfb36284cf2b4fa20b6f3
O41 - SkyProcs - SkyProcs - D:\Program Files\SkyNet\FireWall\SkyProcs.sys - (running) -  -  - d521f5c4007e185ea5575fedd3382798

=======================================

O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [bgswitch] [微软出品的自动换壁纸程序。] C:\WINDOWS\system32\bgswitch.exe
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: 卡巴斯基Web反病毒保护插件(HKLM) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe - (running)

=======================================

O40 - Explorer.EXE -  - C:\PROGRA~1\baidu\iexp\BDSrHook.dll - Baidu Search Companion - 3ecb0f50fcd3d7379ffd701db0a33f22
O40 - Explorer.EXE - Baidu.com, Inc. - C:\PROGRA~1\baidu\bar\baidubar.dll - BaiduBar Module - f082a992f1de45e8fd0eb1365f07cc4d
O40 - Explorer.EXE - www.flashget.com - C:\Program Files\FlashGet\fgmgr.dll - Flashget Manager  - 3c8ec93df9cba83062933a25bb47cec2
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll - Microsoft? C Runtime Library - 16d7ddf3b659f7cf1cb9f4dcff4219f0
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll - Microsoft? C++ Runtime Library - 2bc650257fb0867abd54fd460ec2bafc
O40 - Explorer.EXE - www.flashget.com - C:\Program Files\FlashGet\jccatch.dll - Flashget CatchUrl Module - 2d4a40c58861b448273e4c9b87b95c07
O40 - RUNDLL32.EXE -  - C:\PROGRA~1\baidu\iexp\BDSrHook.dll - Baidu Search Companion - 3ecb0f50fcd3d7379ffd701db0a33f22

=======================================

O41 - adsrsvc - Dynamic Link Library - C:\WINDOWS\system32\drivers\adsrsvc.SYS - (running) - Dynamic Link Library -  - d14bdc5d744a78b841684d78434ef1ea
O41 - BdGuard - BDGUARD Dynamic Link Library - C:\WINDOWS\system32\drivers\BDGuard.SYS - (running) - BDGUARD Dynamic Link Library -  - d8ad2f959208197455aa4a2a67be9f69
O41 - klif - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 6197b679ea867da4bd42d9a440cef663
O41 - SKNFW - SKNFW - C:\WINDOWS\system32\drivers\SKNFW.sys - (running) -  -  - 3d40ce47367347c16c5e0a47178ac677
O41 - ZSMC302 - Video streaming and Capture Device Driver - C:\WINDOWS\system32\drivers\usbVM31b.sys - (running) - Video streaming and Capture Device Driver - VM - f34e79ae663bfb36284cf2b4fa20b6f3
O41 - SkyProcs - SkyProcs - D:\Program Files\SkyNet\FireWall\SkyProcs.sys - (running) -  -  - d521f5c4007e185ea5575fedd3382798

=======================================