大侠帮俺看一下,谢谢! bbs.ikaka.com

马好木马坏 - 2006-10-21 14:29:00

icesword的ssdt(system service discriptor table)里看到几个红色项目，服务函数所在模块分别为filem.sys、rfwbase.sys以及一个未知（未知项目的函数名称ntcreatethread)，搜索filem.sys说是毒，设法把启动项和文件filem.sys删除了，不知道还会不会出问题？rfwbase是瑞星防护墙吗？我看了一下路径倒是没有错。那个未知项目可能是什么呢？怎么处理？用sreng2扫描了，高手帮我看看吧，谢谢！
2006-10-21,01:49:39

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINXP\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"D:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><D:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<IntelliPoint><"D:\Program Files\Microsoft IntelliPoint\point32.exe"> [Microsoft Corporation]
<BigDog303><D:\WINXP\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<ShStatEXE><"D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<McAfeeUpdaterUI><"D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINXP\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5ABC9058-B89D-4DE8-A161-A586EA168798}><D:\WINXP\system32\msqbbvymk.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMSCMIG40W><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; D:\WINXP\rundl132.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MS-4011 Memory Patch><; D:\Documents and Settings\adam\桌面\RavSasser.exe -Patch> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NVMixerTray><; > [N/A]
<Openwares LiveUpdate><; C:\Program Files\LiveUpdate\LiveUpdate.exe> [N/A]
<Tray><; D:\WINXP\command\rundll32.exe> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
<D:\WINXP\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINXP\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<D:\WINXP\system32\ati2sgag.exe><>
[BlueSoleil Hid Service / BlueSoleil Hid Service]
<E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
[Crypkey License / Crypkey License]
<crypserv.exe><Kenonic Controls Ltd.>
[Human Interface Device Access / HidServ]
<D:\WINXP\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[McAfee Framework 服务 / McAfeeFramework]
<D:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"D:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[SyGateService / SaService]
<e:\Program Files\SyGate\SHN\sgserv.exe><Sygate technologies Inc.>
[Ulead Burning Helper / UleadBurningHelper]
<D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

马好木马坏 - 2006-10-21 14:30:00

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Aspi32 / Aspi32]
<System32\drivers\aspi32.sys><Adaptec>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATITool / ATITool]
<\??\e:\Program Files\ATITool\atitool.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Bluetooth Audio Service / BlueletAudio]
<system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth SCO Audio Service / BlueletSCOAudio]
<system32\DRIVERS\BlueletSCOAudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT]
<system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[蓝牙音频设备 / btaudio]
<system32\drivers\btaudio.sys><N/A>
[Bluetooth USB For Bluetooth Service / Btcsrusb]
<System32\Drivers\btcusb.sys><IVT Corporation>
[蓝牙虚拟通信驱动程序 / BTDriver]
<system32\DRIVERS\btport.sys><N/A>
[Bluetooth HID Enumerator / BTHidEnum]
<system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr]
<\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[蓝牙总线枚举器 / BTKRNL]
<system32\DRIVERS\btkrnl.sys><N/A>
[btwhid / btwhid]
<system32\DRIVERS\btwhid.sys><N/A>
[WIDCOMM USB Bluetooth Driver / BTWUSB]
<System32\Drivers\btwusb.sys><N/A>
[cdrbsdrv / cdrbsdrv]
<D:\WINXP\SYSTEM32\DRIVERS\cdrbsdrv.SYS><B.H.A Corporation>
[d343bus / d343bus]
<\SystemRoot\System32\DRIVERS\d343bus.sys><>
[d343port / d343port]
<\SystemRoot\System32\DRIVERS\d343port.sys><>
[enodpl / enodpl]
<System32\drivers\enodpl.sys><N/A>
[USB Flash / Epiusb]
<System32\Drivers\Epiusb.sys><Ericsson Mobile Communications AB>
[ExpScaner / ExpScaner]
<\??\D:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[FILEMON / FILEMON]
<\SystemRoot\system32\drivers\filem.sys><Sysinternals - www.sysinternals.com>
[BETOP C036 / GAFilter]
<System32\DRIVERS\B036.sys><N/A>
[Sony Ericsson USB Flash Driver / ggsemc]
<System32\DRIVERS\ggsemc.sys><Sony Ericsson Mobile Communications>
[HookCont / HookCont]
<\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg]
<\??\D:\Program Files\Rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys]
<\??\D:\Program Files\Rising\Rav\HookSys.sys><N/A>
[HookUrl / HookUrl]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Sony Ericsson 750 driver (WDM) / k750bus]
<System32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl]
<System32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm]
<System32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt]
<System32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex]
<System32\DRIVERS\k750obex.sys><MCCI>
[kmsinput / kmsinput]
<\??\D:\WINXP\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><N/A>
[mProcRs / mProcRs]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NaiAvFilter1 / NaiAvFilter1]
<system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1]
<system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[NetworkX / NetworkX]
<\SystemRoot\system32\ckldrv.sys><N/A>
[New0 / New0]
<\??\D:\WINXP\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
<\??\E:\Program Files\QQ2004\npkcrypt.sys><INCA Internet Co., Ltd.>
[nvatabus / nvatabus]
<\SystemRoot\System32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
<system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET]
<System32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
<system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp]
<\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[OrangeWare USB 2.0 Root Hub Support / ousb2hub]
<System32\DRIVERS\ousb2hub.sys><OrangeWare Corporation>
[NEC PCI to USB Enhanced Host Controller / ousbehci]
<System32\Drivers\ousbehci.sys><OrangeWare Corporation>
[PCTINDIS5 NDIS Protocol Driver / PCTINDIS5]
<\??\D:\WINXP\System32\PCTINDIS5.SYS><N/A>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Star Force copy protection driver v4 / prodrv04]
<\SystemRoot\System32\drivers\prodrv04.sys><Protection Technology Co.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Radeon Probe Driver / RadProbe]
<System32\DRIVERS\RadProbe.sys><N/A>
[RivaTuner / RivaTuner]
<\??\E:\Program Files\RivaTuner\RivaTuner.sys><N/A>
[RsFwDrv / RsFwDrv]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><N/A>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[tandpl / tandpl]
<System32\drivers\tandpl.sys><N/A>
[Virtual Serial port driver / VComm]
<system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr]
<System32\Drivers\VcommMgr.sys><IVT Corporation>
[Bluetooth HID Device Service / VHidMinidrv]
<system32\drivers\VHIDMini.sys><IVT Corporation>
[Sony Ericsson W550 driver (WDM) / w550bus]
<System32\DRIVERS\w550bus.sys><N/A>
[Sony Ericsson W550 USB WMC Modem Filter / w550mdfl]
<System32\DRIVERS\w550mdfl.sys><N/A>
[Sony Ericsson W550 USB WMC Modem Drivers / w550mdm]
<System32\DRIVERS\w550mdm.sys><N/A>
[Sony Ericsson W550 USB WMC OBEX Interface Drivers / w550obex]
<System32\DRIVERS\w550obex.sys><N/A>
[SyGate for NT, WG1N / WG1N]
<\SystemRoot\SYSTEM32\Drivers\WG1N.sys><Sygate Technologies, Inc.>
[SyGate for NT, WG2N / WG2N]
<\SystemRoot\SYSTEM32\Drivers\WG2N.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n]
<\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n]
<\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n]
<\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wsdrv / Wsdrv]
<\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[PC Camera CAMCAN / ZSMC301b]
<System32\Drivers\usbVM31b.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303]
<System32\Drivers\usbVM303.sys><VM>

马好木马坏 - 2006-10-21 14:31:00

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[]
{53707962-6F74-2D53-2644-206D7942484F} <E:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <E:\PROGRA~1\FlashGet\getflash.dll, N/A>
[MSN Shell 4]
{0713E8D2-850A-101B-AFC0-4210102A8DA7} <e:\Program Files\MSNShell\Bin\MSNShell.exe, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ2004\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <E:\Program Files\QQ2004\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINXP\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <D:\WINXP\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <D:\WINXP\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINXP\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\WINXP\system32\msjava.dll, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <E:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINXP\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINXP\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <E:\PROGRA~1\FlashGet\getflash.dll, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\QQ2004\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<E:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<E:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<E:\Program Files\QQ2004\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\QQ2004\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\QQ2004\SendMMS.htm, N/A>
[设为 Messenger Live 头像]
<E:\Program Files\MSNShell\BIN\SetMSNDP.htm, N/A>

马好木马坏 - 2006-10-21 14:35:00

==================================
正在运行的进程
[PID: 496][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][\??\D:\WINXP\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][\??\D:\WINXP\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4115]
[PID: 960][D:\WINXP\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 972][D:\WINXP\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1128][D:\WINXP\System32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4115]
[D:\WINXP\System32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1160][D:\WINXP\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1216][D:\WINXP\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1332][D:\WINXP\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1512][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[d:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[d:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1648][E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe] [N/A, N/A]
[PID: 1792][D:\Program Files\Network Associates\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\applib.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\Logging.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\naInet.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\Management.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\cmalib.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\PsApi.dll] [Microsoft Corporation, 4.00]
[D:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\TCSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[D:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412]
[PID: 1836][D:\Program Files\Network Associates\VirusScan\Mcshield.exe] [Network Associates, Inc., 8.0.0.251]
[D:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251]
[D:\Program Files\Network Associates\VirusScan\FTL.Dll] [Network Associates, Inc., 8.0.0.135]
[D:\Program Files\Network Associates\VirusScan\naiann.dll] [Network Associates, Inc., 8.0.0.306]
[D:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.306]
[D:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\VirusScan\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342]
[D:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342]
[D:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251]
[D:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] [McAfee, Inc., 4.4.00]
[D:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\VirusScan\EntSrv.Dll] [Network Associates, Inc, 8.0.0.277]
[D:\WINXP\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]

马好木马坏 - 2006-10-21 14:36:00

[PID: 1852][D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.989]
[D:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\naicondl.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] [McAfee, Inc., 8.0.0.152]
[D:\Program Files\Network Associates\VirusScan\BBCpl.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\coptcpl.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\EmCfgCpl.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\SEmalRes.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\nvpcpl.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\ftcfg.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.306]
[D:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[D:\Program Files\Network Associates\VirusScan\OASCpl.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\vsodscpl.dll] [Network Associates, Inc., 8.0.0.989]
[D:\Program Files\Network Associates\VirusScan\ftl.dll] [Network Associates, Inc., 8.0.0.135]
[D:\Program Files\Network Associates\VirusScan\vsupdcpl.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 1908][D:\WINXP\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Network Associates\VirusScan\MCVSSNMP.DLL] [Network Associates, Inc., 8.0.0.342]
[PID: 1956][D:\WINXP\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 2020][D:\WINXP\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 196][D:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] [Network Associates, Inc., 3.5.0.412]
[D:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[D:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[D:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[D:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\VirusScan\VsPlugin.dll] [Network Associates, Inc., 8.0.0.989]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1268][D:\WINXP\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][D:\WINXP\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4115]
[D:\WINXP\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 516][D:\WINXP\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[D:\WINXP\System32\mp3infp.dll] [win32lab.com, 2.50.5.0]
[e:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912]
[D:\winxp\system32\contmenu.dll] [N/A, N/A]
[E:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[PID: 1988][D:\Program Files\Microsoft IntelliPoint\point32.exe] [Microsoft Corporation, 5.40.633.0]
[D:\Program Files\Microsoft IntelliPoint\point32.dll] [Microsoft Corporation, 5.40.633.0]
[D:\Program Files\Microsoft IntelliPoint\dpgmkb.dll] [Microsoft Corporation, 5.40.633.0]
[D:\Program Files\Microsoft IntelliPoint\dpgcmd.dll] [Microsoft Corporation, 5.40.633.0]
[D:\Program Files\Microsoft IntelliPoint\srres.dll] [Microsoft Corporation, 5.40.633.0]
[D:\Program Files\Microsoft IntelliPoint\ipres.dll] [Microsoft Corporation, 5.40.633.0]
[PID: 1996][D:\WINXP\VM303_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[D:\WINXP\system32\msdmo.dll] [N/A, N/A]
[D:\WINXP\system32\VM303Prp.Ax] [Vimicro, 1.00.01.00]
[PID: 2004][D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.989]
[D:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[D:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912]
[D:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 2028][D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[D:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[D:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[PID: 2052][D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0]
[PID: 2064][D:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[D:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[D:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2104][D:\WINXP\system32\Ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2696][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINXP\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[D:\WINXP\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 0, 9]
[E:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[E:\PROGRA~1\FlashGet\getflash.dll] [N/A, 1, 0, 0, 1]
[PID: 4028][D:\Documents and Settings\adam\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[D:\Documents and Settings\adam\桌面\sreng2\SREng\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]

瑞星卡卡安全论坛