启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <KavPFW><"C:\KAV2007\KPFW32.EXE" -startup>  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <SyGateManager><C:\Program Files\Sygate\SON\Sygate.exe>  [Sygate Technologies, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\UserInit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT> 

[(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft

Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[SyGateService / SaService][Running/Auto Start]
  <C:\Program Files\Sygate\SON\sgserv.exe><Sygate technologies Inc.>
[SSDP Discovery Center Service / SSDPCSR][Running/Auto Start]
  <"C:\WINNT\system32\ssdpsr.exe"><Microsoft Corporation>
[Routing and Remote Access RemoteAccessSaService / RemoteAccessSaService][Stopped/Auto Start]
  <C:\WINNT\system32\aty.exe srv><N/A>

驱动程序
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
  <system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KAVBootC / KAVBootC][Stopped/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINNT\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[NetDetect / NetDetect][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\netdtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[sysrest.sys / sysrest.sys][Running/Manual Start]
  <\??\C:\WINNT\system32\sysrest.sys><N/A>
[SyGate for NT, Wg1n / Wg1n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\Wg1n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wg2n / Wg2n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\Wg2n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg8n / wg8n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg8n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg9n / wg9n][Stopped/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg9n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wsdrv / Wsdrv][Running/Boot Start]
  <\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys><N/A>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>

正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 220][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 232][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
[PID: 432][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2007, 8, 13, 78]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corporation, 2007,11,26,169]
    [C:\KAV2007\KAVQuara.DLL]  [Kingsoft Corporation, 2007, 6, 15, 4]
[PID: 480][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 516][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\argomon.dll]  [N/A, ]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.1.2600.1147 (xpsp2.021108-1929)]
[PID: 552][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\system32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6699]
[PID: 576][C:\KAV2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2007, 8, 17, 39]
[PID: 620][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 656][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 688][C:\WINNT\system32\ssdpsr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 944][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.30.9926.0]
    [C:\WINNT\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 968][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 604][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2007, 6, 21, 29]
    [C:\WINNT\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 1180][C:\Program Files\Sygate\SON\sgserv.exe]  [Sygate technologies Inc., 4.0.0.1]
    [C:\Program Files\Sygate\SON\salic.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\sasrv.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\Netport.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\wsman.dll]  [SyberGen Networks, Inc., 2, 3, 3114, 0]
    [C:\Program Files\Sygate\SON\wgman.dll]  [SyberGen Networks, Inc., 1.01.1221]
    [C:\Program Files\Sygate\SON\natsrv.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\DhcpSrv.dll]  [N/A, ]
[PID: 1284][C:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 3, 6, 4, 3003]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1021]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.30.9926.0]
[PID: 1348][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 9, 28, 295]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 3, 20, 48]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2008,01,09,177]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1368][C:\Program Files\Sygate\SON\Sygate.exe]  [Sygate Technologies, Inc., 4,5,851,1]
    [C:\Program Files\Sygate\SON\SaSrvAd.dll]  [Sygate Technologies, Inc., 4,5,851,1]
    [C:\Program Files\Sygate\SON\Netport.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\wsman.dll]  [SyberGen Networks, Inc., 2, 3, 3114, 0]
    [C:\Program Files\Sygate\SON\wgman.dll]  [SyberGen Networks, Inc., 1.01.1221]
    [C:\Program Files\Sygate\SON\sasrv.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\natsrv.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\salic.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\DhcpSrv.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\CorpAd.dll]  [Sygate Technologies, Inc., 4,5,851,1]
    [C:\Program Files\Sygate\SON\AREdt.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Sygate\SON\EvtLogUI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Sygate\SON\EventLog.dll]  [N/A, ]
    [C:\Program Files\Sygate\SON\bwmedt.dll]  [Sybergen Networks, Inc., 1, 0, 0, 1]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1380][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]

[PID: 1076][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 10, 30, 737]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2008,01,09,177]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1200][C:\Program Files\Chinanet\VnetClient.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\KAV2007\Flash.OCX]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1256][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 8, 16, 967]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corporation, 2007,11,26,169]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1452][C:\WINNT\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINNT\system32\wucltui.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINNT\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINNT\system32\wucltui.dll.mui]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2296][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 2316][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.30.9926.0]
    [C:\WINNT\system32\appwizc.dll]  [N/A, ]
    [C:\WINNT\system32\arviewere.dll]  [N/A, ]
[PID: 2320][c:\d.exe]  [N/A, ]
[PID: 1476][C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\devenum.dll]  [, ]
    [C:\WINNT\system32\sgimgoleEx.dll]  [, 1, 0, 0, 1]
[PID: 2376][C:\KAV2007\KISLnchr.EXE]  [Kingsoft Corporation, 2007, 11, 28, 71]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2008,01,09,177]
[PID: 2496][C:\KAV2007\KRecycle.EXE]  [Kingsoft Corporation, 2007, 6, 15, 205]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1504][C:\Documents and Settings\yichun\桌面\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\KAV2007\KMailOEBand.DLL]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\Documents and Settings\yichun\桌面\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 576, C:\KAV2007\KPFWSVC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 688, C:\WINNT\SYSTEM32\SSDPSR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1180, C:\PROGRAM FILES\SYGATE\SON\SGSERV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1284, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1284, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1348, C:\KAV2007\KAVSTART.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1368, C:\PROGRAM FILES\SYGATE\SON\SYGATE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1076, C:\KAV2007\KPFW32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1200, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1256, C:\KAV2007\KMAILMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1256, C:\KAV2007\KMAILMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2320, C:\D.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2376, C:\KAV2007\KISLNCHR.EXE]

==================================
API HOOK
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: C:\KAV2007\KASocket.dll)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
    [440] C:\nethlpr.exe
    [1540] C:\WINNT\TEMP\winlogon.exe

冰刃用不了，改名字了也启动不起来，金山毒霸检测为W32.HACK。AGENT。PR。27440
请大家帮帮忙，如何解解，谢谢