贴日志
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [(Verified)Skype Technologies SA]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <KVMON><C:\Program Files\JiangMin\AntiVirus\KVMonXP_2.kxp>  [Jiangmin Co.Ltd]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <High Definition Audio Property Page Shortcut><; HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <HornetMonitor><; C:\Program Files\Common Files\Hornet\MntrHrnt.exe>  [Alcor Micro, Corp.]
    <RemoteControl><; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <f3><C:\WINDOWS\system32\PX.dll>  [N/A]
    <prodigy1><newsystem25.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)

启动文件夹
[蓝牙控制盘]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\蓝牙控制盘.lnk --> C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Broadcom Corporation.]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
  <"C:\Program Files\JiangMin\AntiVirus\KVWSC_1.exe"><Jiangmin Co.,Ltd>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Running/Manual Start]
  <System32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[BsDeamon / BsDeamon][Running/System Start]
  <\??\C:\PROGRA~1\JiangMin\ANTIVI~1\BsDeamon.sys><Jiangmin Co.,Ltd.>
[蓝牙虚拟通信驱动程序 / BTDriver][Running/Manual Start]
  <system32\DRIVERS\btport.sys><Broadcom Corporation.>
[蓝牙总线枚举器 / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.>
[蓝牙调制解调器 / btwmodem][Running/Manual Start]
  <system32\DRIVERS\btwmodem.sys><Broadcom Corporation.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys><Broadcom Corporation.>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\Chip_usb.sys><>
[GKeyUSB / GKeyUSB][Stopped/Manual Start]
  <System32\Drivers\GKeyUSB.sys><Gemplus>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[HUAWEI Mobile Connect - 3G Modem / hwcdcmdm0][Stopped/Manual Start]
  <system32\DRIVERS\ewusbmdm.sys><QUALCOMM Incorporated>
[HUAWEI Mobile Connect - 3G Application Interface / hwusbser][Stopped/Manual Start]
  <system32\DRIVERS\ewusbser.sys><QUALCOMM Incorporated>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[KAnalyser / KAnalyser][Stopped/System Start]
  <\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KANALY~1.SYS><Jiangmin Co.,Ltd.>
[KPGuard / KPGuard][Running/System Start]
  <\??\C:\Program Files\JiangMin\AntiVirus\KPGuard.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/System Start]
  <\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software / KSysCall][Running/System Start]
  <\??\C:\PROGRA~1\JiangMin\common\KSysCall.sys><Jiangmin Co.,  Ltd.>
[KSysFilter / KSysFilter][Running/Boot Start]
  <\SystemRoot\System32\Drivers\KSysFilt.sys><Jiangmin Co. Ltd.>
[KSysMon / KSysMon][Running/System Start]
  <\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KSysMon.sys><Jiangmin Co. Ltd.>
[KVDP / KVDP][Running/Manual Start]
  <\??\C:\Program Files\JiangMin\AntiVirus\KVDP.sys><Jiangmin Co., Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
  <\??\C:\Program Files\JiangMin\AntiVirus\KVREDIR.sys><Jiangmin Co., Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MMT MUX FILTER1 / MMTUsb][Stopped/Manual Start]
  <system32\DRIVERS\MMTUsb.sys><Mobile Media Tech Co.>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Vtion-V1810 Wireless Modem / qccdcmdm1][Stopped/Manual Start]
  <system32\DRIVERS\qcusbmdm.sys><QUALCOMM Incorporated>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[rimmptsk / rimmptsk][Running/Manual Start]
  <System32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <System32\DRIVERS\rimsptsk.sys><REDC>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Software Flow Control Driver / softctrl][Stopped/Manual Start]
  <system32\DRIVERS\softctrl.sys><Alcor Micro Corp.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><Conexant Systems, Inc>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\system32\GDREAD~1.DLL, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <c:\windows\system32\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\system32\GDREAD~1.DLL, >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[CSetLET Class]
  {C35D7AE1-0865-4A30-BF07-29FA29324155} <C:\WINDOWS\system32\GDSetLET.dll, >
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[safeInput Class]
  {ECCBA956-80E5-11D3-9285-0080ADB811C9} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[&Windows Live Search]
  <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
  <http://favorites.live.com/quickadd.aspx, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[发送到 Bluetooth(&B)]
  <C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm, N/A>
[在新的前台选项卡中打开]
  <res://C:\Program Files\Windows Live Toolbar\Components\zh-cn\msntabres.dll.mui/230?d8f7b35bc7e24390ba859ffc7bd10155, N/A>
[在新的后台选项卡中打开]
  <res://C:\Program Files\Windows Live Toolbar\Components\zh-cn\msntabres.dll.mui/229?d8f7b35bc7e24390ba859ffc7bd10155, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

正在运行的进程
[PID: 632 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4132]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4132]
    [C:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 960 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1280 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1580 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\ZLhp1018.DLL]  [Zenographics, Inc., 5, 53, 3726, 0]
    [C:\WINDOWS\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
[PID: 1644 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1992 / user][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4132]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 184 / user][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\JiangMin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 1, 0, 7, 806]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [C:\Program Files\JiangMin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [C:\Program Files\JiangMin\common\GUIEXT.DLL]  [Jiangmin Co.Ltd, 1, 0, 7, 626]
    [C:\Program Files\JiangMin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 392 / user][C:\WINDOWS\system32\SafeSignCertReg.exe]  [A.E.T. Europe B.V., 2.0.0.2]
[PID: 492 / user][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516 / SYSTEM][C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]  [Broadcom Corporation., 4.0.1.3500]
[PID: 604 / SYSTEM][C:\Program Files\JiangMin\AntiVirus\KVWSC_1.exe]  [Jiangmin Co.,Ltd, 1, 0, 7, 131]
    [C:\Program Files\JiangMin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 815]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
[PID: 364 / user][C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\btwhidcs.DLL]  [Broadcom Corporation., 4.0.1.3500]
    [C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
    [C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
[PID: 640 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 2088 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2456 / user][C:\WINDOWS\system32\DllHost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\JiangMin\common\ComUI.dll]  [Jiangmin Co,.Ltd, 1, 0, 7, 112]
    [C:\Program Files\JiangMin\common\ComUIPS.dll]  [Jiangmin Co.Ltd, 1.0.0.808]
[PID: 2936 / user][C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\btins.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\BtAudioHelper.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 4.0.1.3500]
    [C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
[PID: 608 / user][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
[PID: 1188 / user][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3048 / user][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\Program Files\JiangMin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 1, 0, 7, 806]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [C:\Program Files\JiangMin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [C:\Program Files\JiangMin\common\GUIEXT.DLL]  [Jiangmin Co.Ltd, 1, 0, 7, 626]
    [C:\Program Files\JiangMin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\Windows Live Toolbar\msntb.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\zh-cn\mtbres.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\mtbres.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Tem.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\zh-cn\searchboxRes.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\searchboxRes.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Components\zh-cn\wlscres.dll.mui]  [Microsoft Corporation, 1.0.0001.1]
    [C:\Program Files\Windows Live Toolbar\zh-cn\CMRes.dll.mui]  [Microsoft Corporation, 03.00.0001.2032]
    [C:\Program Files\Windows Live Toolbar\CMRes.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\zh-cn\obres.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\obres.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Favorites\wlfext.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\Components\zh-cn\RssFinderRes.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll]  [Microsoft Corporation, 03.01.0000.0073]
    [C:\Program Files\Windows Live Toolbar\zh-cn\msn_slrs.DLL.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\msn_slrs.DLL]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Components\zh-cn\msntabres.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\Components\msntabres.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\Components\zh-cn\pgres.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\Components\pgres.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\Components\zh-cn\MSNExtensionRes.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\Components\zh-cn\SmaMenRes.dll.mui]  [Microsoft Corporation。, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll]  [Microsoft Corporation., 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\zh-cn\CBRes.dll.mui]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\CBRes.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Components\rssFinder.dll]  [Microsoft Corporation, 03.01.0000.0073]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Windows Live Toolbar\searchbox.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\stmain.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Components\wlsctb.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\cm.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\msn_slps.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Components\msntab.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\Components\smamen.dll]  [Microsoft Corporation., 03.01.0000.0072]
    [C:\Program Files\Windows Live Toolbar\CB.dll]  [Microsoft Corporation, 03.01.0000.0068]
    [C:\Program Files\Windows Live Toolbar\Components\msntbfltr.dll]  [Microsoft Corporation, 4.0.6620.0]
    [C:\Program Files\Windows Live Favorites\WLFExtRes.dll]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Favorites\TBIDCRL.dll]  [Microsoft Corporation, 03.01.0000.0072]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll]  [Microsoft Corporation., 03.01.0000.0072]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3157 (xpsp_sp2_gdr.070614-0013)]
[PID: 3356 / user][C:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 1, 50]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2588 / user][D:\tools\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\tools\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 392, C:\WINDOWS\SYSTEM32\SAFESIGNCERTREG.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 516, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 364, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2936, C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3356, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
    [385] C:\Program Files\JiangMin\AntiVirus\KVMonXP_2.kxp
    [557] C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe

==================================


[/CODE]

高手帮忙看看啦，谢谢