昨晚情况：安全模式下启用360、瑞星等系列杀毒软件及专杀软件，曾出现图标被篡改，图标混乱的情况。用360反复清理木马，却依然有木马存在，例如winsys.exe。QQ、优化大师不能运行也不能卸载。
今天情况：C盘下的winsys.exe等相关程序无法手动根除，360安全卫士在带网络连接的安全模式和正常模式情况下无法根除许多木马。不断弹出检测到winsys.exe的提示。进程由往常的二三十个增加到四十个，CUP使用不断上升。

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-03-03  22:22:09
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1023.30MB - 当前可用内存:731.83MB

100 - 未知 - Process: 360compkill.exe [] - E:\360\顽固木马专杀大全\360compkill.exe -
100 - 未知 - Process: KillerSet.exe [] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\KillerSet.exe - 34393363366338333137626431313337
100 - 未知 - Process: 360Safe.exe [360安全卫士] - E:\360\360safe\360safe.exe /safemode - 424dcc7f71dbc6a90961af1a5a3d709e
100 - 未知 - Process: 360tray.exe [360安全卫士实时保护模块] - E:\360\360safe\safemon\360Tray.exe - 2deae3d22551f308b9f11b20c5a47fe7
100 - 未知 - Process: killer_dummycom.exe [] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\killer_dummycom.exe - 39306231643236646465623536663461
100 - 未知 - Process: cmdCheckTools.exe [] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\check\cmdCheckTools.exe - 31343765396335396635303734336664
O4 - 未知 - HKLM\..\RunServices: [Supplicant] [] d:\ruijie网络\8021x.exe -Boot
O4 - 未知 - Startup folder: [AtiSrv.exe] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AtiSrv.exe
O4 - 未知 - Startup folder: [Display3D.exe] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Display3D.exe
O11 - 未知 - Options Group: Java (Sun)
O16 - 未知 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - 未知 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - 未知 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl) - https://img.alipay.com/download/1101/aliedit.cab
O16 - 未知 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab
O16 - 未知 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sanna406.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - 未知 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy) - http://dl_dir.qq.com/dlcenter/vqqsdl.cab
O16 - 未知 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - 未知 - DPF: {CA234A53-E68D-44D5-A07C-481C051D0C7B} (KVFileUpdate) - http://online1.jiangmin.com/kvonline/OLDown.cab
O16 - 未知 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
O18 - 未知 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 未知 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - 未知 - AppInit DLLs: msosmhfp00.dll

O23 - 未知 - Service: KPfwSvc [金山网镖网络实时监控服务程序] - "C:\KAV2007\KPfwSvc.EXE" - (not running)
O23 - 未知 - Service: RfwProxySrv [Rising Personal Proxy Service] - E:\360\Rising\Rising\Rfw\RfwProxy.exe - (not running)
O23 - 未知 - Service: RfwService [Rising Personal Firewall Service] - E:\360\Rising\Rising\Rfw\rfwsrv.exe - (not running)
O23 - 未知 - Service: RsCCenter [Rising Process Communication Center] - "E:\360\Rising\Rav\CCenter.exe" - (not running)
O23 - 未知 - Service: RsRavMon [Rising RealTime Monitor] - "E:\360\RISING\RAV\Ravmond.exe" - (not running)
O23 - 未知 - Service: Supplicant Service [Supplicant Service] - C:\WINDOWS\system32\SuService.exe - (not running)
O23 - 未知 - Service: usnjsvc [Messenger 上安装的启用共享情况的服务] - "C:\Program Files\MSN Messenger\usnsvc.exe" - (not running)
O23 - 未知 - Service: WinCOM [管理基于Windows对象模型 (COM+) 的组件的配置和跟踪。如果禁用此服务，显式依赖此服务的其他服务将无法启动。] - C:\WINDOWS\system32\wincom.exe - (not running)
O23 - 未知 - Service: WLSetupSvc [Windows Live Setup Service] - "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" - (not running)
O23 - 未知 - Service: 自动 LiveUpdate 调度程序 [管理对自动 LiveUpdate 会话的调度] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - (not running)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe - 32d5d8666e082f567923db579b5390fc
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base - 3502114e4cb83e491a80fc361c1dc7b7
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe - a5153e6b7b02545f789af2fcd27fb325
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe - 9cabf264ce1177cafbbba4b910a44c79
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe - 891600e79c38249028f1bacc1c6cc5d2
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch - a22d7b3594c381efb3395a072725fe95
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss - a22d7b3594c381efb3395a072725fe95
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k netsvcs - a22d7b3594c381efb3395a072725fe95
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService - a22d7b3594c381efb3395a072725fe95
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService - a22d7b3594c381efb3395a072725fe95
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE - 0b55963e2c8129d9d2504a3c291447e0
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\rundll32.exe - 65a70ec4649499399b50ac75d911a501
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe - 4cc6277445d2d388a4cd827086a5f5f0
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS\system32\conime.exe - 30162ff3b6fe72a9799dfb496111fe02
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 安全 - HKLM\..\Run: [PHIME2002ASync] [输入法软件相关程序。] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 安全 - HKLM\..\Run: [PHIME2002A] [输入法软件相关程序。] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 安全 - HKLM\..\Run: [SynTPEnh] [新思手写板，多用于各种笔记本触摸板驱动程序设置] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 安全 - HKLM\..\Run: [KavStart] [金山出品的金山毒霸杀毒软件。] "C:\KAV2007\KAVStart.exe" -startup
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] E:\360\360safe\safemon\360tray.exe /start
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "E:\360\Rising\Rav\RavTask.exe" -system
O4 - 安全 - HKLM\..\Run: [RfwMain] [瑞星防火墙程序，抵御黑客攻击。] "E:\360\Rising\Rising\Rfw\rfwmain.exe" -Startup
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [KavPFW] [金山出品的防火墙软件。] C:\KAV2007\KPFW.EXE
O16 - 安全 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN照片上传插件) - http://sanna406.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe - (not running)
O23 - 安全 - Service: KWatchSvc [金山毒霸反病毒软件相关程序。] - C:\KAV2007\KWatch.EXE - (not running)
O23 - 安全 - Service: LiveUpdate [诺顿2006相关服务] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" - (not running)
O23 - 安全 - Service: Pml Driver HPZ12 [是惠普PSC 2100、2200、4100和6100系列打印机驱动服务。] - C:\WINDOWS\system32\HPZipm12.exe - (not running)

=======================================

这次附上SRE日志

CODE]

2008-03-04,11:19:30

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KavPFW><C:\KAV2007\KPFW.EXE>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Windows Live><C:\Program Files\Mui\igfxext.exe>  [Microsoft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <Cpqset><rem ; C:\Program Files\HPQ\Default Settings\cpqset.exe>  [N/A]
    <ATIPTA><rem ; "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [N/A]
    <HControl><rem ; C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Publisher]
    <RemoteControl><rem ; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe>  [N/A]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [N/A]
    <360Safetray><E:\360\360safe\safemon\360tray.exe /start>  [奇虎网]
    <RavTask><"E:\360\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RfwMain><"E:\360\Rising\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Supplicant><d:\ruijie网络\8021x.exe -Boot>  [锐捷网络]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
    <lyoxjclbf><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{5FA4F93D-71B5-2C60-3D82-D71B61B50A4F}><C:\WINDOWS\system32\LHEAHD.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[AtiSrv]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AtiSrv.exe -->  [N/A]><N>
[Display3D]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Display3D.exe -->  [N/A]><N>
[Update]
  <C:\Documents and Settings\User\「开始」菜单\程序\启动\Update.LNK --> C:\PROGRA~1\Mui\UNINST~1.EXE [Microsoft]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
  <><N/A>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <E:\360\Rising\Rising\Rfw\RfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <E:\360\Rising\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\360\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\360\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Supplicant Service / Supplicant Service][Running/Auto Start]
  <C:\WINDOWS\system32\SuService.exe><N/A>
[COM+ Windows System / WinCOM][Stopped/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
[自动 LiveUpdate 调度程序 / 自动 LiveUpdate 调度程序][Running/Auto Start]
  <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>

==================================
驱动程序
[001fc1b3 / 001fc1b3][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\001fc1b3.sys><N/A>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\User\LOCALS~1\Temp\tmp1C.tmp><N/A>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS><EnTech Taiwan>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\360\Rising\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[iCafe Manager / iCafe Manager][Stopped/Manual Start]
  <\??\C:\DOCUME~1\User\LOCALS~1\Temp\usbhcid.sys><N/A>
[KAVBootC / KAVBootC][Stopped/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Stopped/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><N/A>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[mhfp / mhfp][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\F:\QQ06\新建文件夹\新建文件夹\新建文件夹\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\F:\QQ06\新建文件夹\新建文件夹\新建文件夹\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[rimsptsk / rimsptsk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\rimsptsk.sys><REDC>
[risdptsk / risdptsk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\risdptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\rixdptsk.sys><REDC>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\E:\360\Rising\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Sc Manager / Sc Manager][Stopped/Manual Start]
  <\??\C:\DOCUME~1\User\LOCALS~1\Temp\usbcams3.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel][Stopped/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[SMC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMC>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TOSHIBA Bluetooth HID port driver / toshidpt][Stopped/Manual Start]
  <system32\drivers\Toshidpt.sys><TOSHIBA Corporation.>
[Bluetooth Port Driver from Toshiba / tosporte][Running/Manual Start]
  <system32\DRIVERS\tosporte.sys><TOSHIBA Corporation>
[Bluetooth RFBUS from TOSHIBA / Tosrfbd][Stopped/Manual Start]
  <System32\Drivers\tosrfbd.sys><TOSHIBA CORPORATION>
[Bluetooth RFBNEP from TOSHIBA / Tosrfbnp][Stopped/Manual Start]
  <System32\Drivers\tosrfbnp.sys><TOSHIBA Corporation>
[Bluetooth RFCOMM from TOSHIBA / Tosrfcom][Running/System Start]
  <System32\Drivers\tosrfcom.sys><TOSHIBA Corporation>
[Bluetooth RFHID from TOSHIBA / Tosrfhid][Stopped/Manual Start]
  <system32\DRIVERS\Tosrfhid.sys><TOSHIBA Corporation.>
[Bluetooth Personal Area Network from TOSHIBA / tosrfnds][Stopped/Manual Start]
  <system32\DRIVERS\tosrfnds.sys><TOSHIBA Corporation.>
[Bluetooth Audio Device (WDM) from TOSHIBA / TosRfSnd][Stopped/Manual Start]
  <system32\drivers\TosRfSnd.sys><TOSHIBA Corporation>
[Bluetooth USB Controller / Tosrfusb][Stopped/Manual Start]
  <System32\Drivers\tosrfusb.sys><TOSHIBA CORPORATION>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

==================================
浏览器加载项
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[CMCBooter Object]
  {53AF6E02-F18F-4228-AC13-3E79773FBE50} <C:\WINDOWS\system32\Booter.ocx, 北京高维视讯科技有限公司>
[Windows Live Photo Upload Control]
  {7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, Microsoft? Corporation>
[Java Plug-in 1.5.0_04]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <F:\QQ06\新建文件夹\新建文件夹\07\控件\vqqsdl10.dll, N/A>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[KVFileUpdate Class]
  {CA234A53-E68D-44D5-A07C-481C051D0C7B} <C:\WINDOWS\Downloaded Program Files\OLDown.dll, Jiangmin Co.,Ltd>
[Java Plug-in 1.5.0_04]
  {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\360\360safe\live.dll, 360safe.com>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 952 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1032 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1124 / SYSTEM][E:\360\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1188 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1368 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1392 / SYSTEM][E:\360\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.51]
    [E:\360\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.3]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\360\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\360\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [E:\360\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.25]
    [E:\360\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\360\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [E:\360\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [E:\360\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 6]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [E:\360\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [E:\360\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [E:\360\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [E:\360\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [E:\360\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [E:\360\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [E:\360\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.31]
    [E:\360\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [E:\360\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\360\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [E:\360\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [E:\360\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [E:\360\Rising\Rav\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [E:\360\Rising\Rav\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\360\Rising\Rav\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [E:\360\Rising\Rav\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [E:\360\Rising\Rav\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [E:\360\Rising\Rav\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
    [E:\360\Rising\Rav\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
    [E:\360\Rising\Rav\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [E:\360\Rising\Rav\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [E:\360\Rising\Rav\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
    [E:\360\Rising\Rav\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [E:\360\Rising\Rav\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [E:\360\Rising\Rav\extole.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[PID: 1436 / SYSTEM][E:\360\Rising\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.65]

[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\360\Rising\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\360\Rising\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\360\Rising\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\360\Rising\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [E:\360\Rising\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [E:\360\Rising\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [E:\360\Rising\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [E:\360\Rising\Rising\Rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [E:\360\Rising\Rising\Rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [E:\360\Rising\Rising\Rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\360\Rising\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1712 / User][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [F:\拼音输入法\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [F:\拼音输入法\SogouInput\ZipLib.dll]  [N/A, ]
    [E:\360\Rising\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\360\Rising\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\LHEAHD.dll]  [N/A, ]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [E:\360\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [E:\360\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll]  [Adobe Systems Incorporated, 7.0.8.2006051600]
    [C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll]  [Adobe Systems Incorporated, 4.14.46]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll]  [Adobe Systems Incorporated, 5.01.43]
    [C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll]  [Adobe Systems Incorporated, 1.1.18]
    [C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll]  [Adobe Systems Incorporated, 2.07.28]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.14]