用HijackThis扫描的日志：
Logfile of HijackThis v1.99.1
Scan saved at 10:18:33, on 2006-10-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\KV2006\KVMonXP.kxp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\KV2006\TrojDie.kxp
C:\Program Files\KV2006\KRegEx.exe
C:\Program Files\KV2006\UIHost.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\HijackThis.exe\HijackThis.exe

O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - (no file)
O2 - BHO: DyBHOObj Class - {F2E837E2-CB1A-407d-84E0-FAFF58C19AC8} - (no file)
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2006\KvShell.dll
O4 - HKLM\..\Run: [KvMonXP] "C:\Program Files\KV2006\KVMonXP.kxp" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder\getAllurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160303916953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160303884953
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB784E31-D8DD-4573-8747-6AAAD2662B03}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EvnetSystem (COM+ Evnet System) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: KVWSC - Jiangmin Co.Ltd - C:\Program Files\KV2006\kvwsc.exe

SREng的扫描日志：
2006-10-09,12:22:56

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KvMonXP><"C:\Program Files\KV2006\KVMonXP.kxp" /auto>  [Jiangmin Co.Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [ATI Technologies Inc.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\PROGRA~1\KV2006\KVSCRK~1.SCR>  [Jiangmin Co.Ltd]

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[EvnetSystem / COM+ Evnet System]
  <C:\Program Files\EvnetSystem><N/A>
[KVWSC / KVWSC]
  <"C:\Program Files\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>

浏览器加载项
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <, N/A>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <, N/A>
[DyBHOObj Class]
  {F2E837E2-CB1A-407d-84E0-FAFF58C19AC8} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b}? <, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, 853 Lab>
[Nexon Package Manager Control]
  {2931566C-B8A6-46C5-BF4D-E6AB9251E953} <C:\WINDOWS\nxpm.ocx, (c) Nexon>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[CNxConnCtrl Object]
  {25142CCA-6788-434C-80BB-B9026F4273A1} <C:\WINDOWS\nxconn3.ocx, Nexon>
[Nexon Package Manager Control]
  {2931566C-B8A6-46C5-BF4D-E6AB9251E953} <C:\WINDOWS\nxpm.ocx, (c) Nexon>
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <, N/A>
[RestrictWordCtrl Class]
  {7B030E2F-E210-4A1D-9837-861E9CB3B42A} <C:\WINDOWS\restrictword.ocx, TODO: <?? ??>>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[DyBHOObj Class]
  {F2E837E2-CB1A-407D-84E0-FAFF58C19AC8} <, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 572][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4124>
[PID: 724][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 736][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>
[PID: 888][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4124>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2499>
[PID: 900][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>
[PID: 1064][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>
[PID: 1112][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>
[PID: 1444][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4124>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2499>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1500][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
    [C:\Program Files\KV2006\KvShell.dll]  <Jiangmin Co.Ltd><9, 0, 5, 830>
    [C:\Program Files\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 831>
    [C:\Program Files\KV2006\lang\Kvxp0804.lng]  <N/A><N/A>
    [C:\Program Files\KV2006\APIImpl.dll]  <JiangMin Ltd.><9.0.0.500>
    [C:\Program Files\KV2006\GUIExt.dll]  <Jiangmin Co.Ltd><9, 0, 5, 927>
    [C:\Program Files\KV2006\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\KV2006\KVMonXP.kxp]  <Jiangmin Co.Ltd><9, 2, 0, 60905>
    [C:\Program Files\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 831>
    [C:\Program Files\KV2006\lang\Kvxp0804.lng]  <N/A><N/A>
    [C:\Program Files\KV2006\GUIExt.dll]  <Jiangmin Co.Ltd><9, 0, 5, 927>
    [C:\Program Files\KV2006\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
    [C:\Program Files\KV2006\EngFace.dll]  <Jiangmin Co.Ltd><9.0.0.50809>
    [C:\Program Files\KV2006\KvMemory.dll]  <Jiangmin Co. Ltd.><9, 0, 6, 0214>
    [C:\Program Files\KV2006\KvOffice.dll]  <JiangMin New Tech.><9.0.0.1213>
    [C:\Program Files\KV2006\lang\KVOffice0804.lng]  <N/A><N/A>
    [C:\Program Files\KV2006\VirusUpload.dll]  <N/A><2, 16, 6, 7260>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
    [C:\Program Files\KV2006\PProtect.dll]  <Jiangmin Co. Ltd.><9.0.0.921>
[PID: 1708][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1852][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1928][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\KV2006\TrojDie.kxp]  <Jiangmin Co.Ltd><9.0.6.0413>
    [C:\Program Files\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 831>
    [C:\Program Files\KV2006\lang\TrojDie0804.lng]  <Jiangmin Co.Ltd><9.0.0.0813>
    [C:\Program Files\KV2006\GUIExt.dll]  <Jiangmin Co.Ltd><9, 0, 5, 927>
    [C:\Program Files\KV2006\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
    [C:\Program Files\KV2006\PProtect.dll]  <Jiangmin Co. Ltd.><9.0.0.921>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
    [C:\Program Files\KV2006\ComUIPS.dll]  <Jiangmin Ltd.><9. 5. 5. 20>
    [C:\Program Files\KV2006\KVWPSet.dll]  <Jiangmin Co.Ltd><9, 0, 0, 60220>
[PID: 444][C:\Program Files\KV2006\KRegEx.exe]  <Jiangmin Co.Ltd><9.0.6.210>
    [C:\Program Files\KV2006\KRegEx.dll]  <Jiangmin Co. Ltd.><9.0.6.0119>
    [C:\Program Files\KV2006\KRegTrust.dll]  <Jiangmin Co. Ltd.><9.0.0.825>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 356][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>
[PID: 1220][C:\Program Files\KV2006\UIHost.exe]  <Jiangmin Co. Ltd><9.2.0.50822>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
    [C:\Program Files\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 831>
    [C:\Program Files\KV2006\ComUI.dll]  <Jiangmin Ltd.><9. 0. 0.509>
    [C:\Program Files\KV2006\ComUIPS.dll]  <Jiangmin Ltd.><9. 5. 5. 20>
    [C:\Program Files\KV2006\GUIExt.dll]  <Jiangmin Co.Ltd><9, 0, 5, 927>
    [C:\Program Files\KV2006\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
[PID: 1536][D:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 6, 42>
    [D:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
    [C:\WINDOWS\system32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>
    [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\system32\CHENHU4.IME]  <chenhu><5.4>
[PID: 1644][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1980][D:\Program Files\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\KV2006\KVHookG.dll]  <Jiangmin Co.Ltd><9.0.0.1226>
    [C:\WINDOWS\system32\w2pxdrv.dll]  <Proxy Labs><3, 0, 0, 3>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者