icesword的ssdt(system service discriptor table)里看到几个红色项目，服务函数所在模块分别为filem.sys、rfwbase.sys以及一个未知（未知项目的函数名称ntcreatethread)，搜索filem.sys说是毒，设法把启动项和文件filem.sys删除了，不知道还会不会出问题？rfwbase是瑞星防护墙吗？我看了一下路径倒是没有错。那个未知项目可能是什么呢？怎么处理？用sreng2扫描了，高手帮我看看吧，谢谢！
2006-10-21,01:49:39

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINXP\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"D:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><D:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <IntelliPoint><"D:\Program Files\Microsoft IntelliPoint\point32.exe">  [Microsoft Corporation]
    <BigDog303><D:\WINXP\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <ShStatEXE><"D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <McAfeeUpdaterUI><"D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>  [Network Associates, Inc.]
    <Network Associates Error Reporting Service><"D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe">  [Network Associates, Inc.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><D:\WINXP\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{5ABC9058-B89D-4DE8-A161-A586EA168798}><D:\WINXP\system32\msqbbvymk.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMSCMIG40W><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; D:\WINXP\rundl132.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MS-4011 Memory Patch><; D:\Documents and Settings\adam\桌面\RavSasser.exe -Patch>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NVMixerTray><; >  [N/A]
    <Openwares LiveUpdate><; C:\Program Files\LiveUpdate\LiveUpdate.exe>  [N/A]
    <Tray><; D:\WINXP\command\rundll32.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
  <D:\WINXP\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <D:\WINXP\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <D:\WINXP\system32\ati2sgag.exe><>
[BlueSoleil Hid Service / BlueSoleil Hid Service]
  <E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[Human Interface Device Access / HidServ]
  <D:\WINXP\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
  <D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[McAfee Framework 服务 / McAfeeFramework]
  <D:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
  <"D:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
  <"D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[SyGateService / SaService]
  <e:\Program Files\SyGate\SHN\sgserv.exe><Sygate technologies Inc.>
[Ulead Burning Helper / UleadBurningHelper]
  <D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Aspi32 / Aspi32]
  <System32\drivers\aspi32.sys><Adaptec>
[ati2mtag / ati2mtag]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATITool / ATITool]
  <\??\e:\Program Files\ATITool\atitool.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Bluetooth Audio Service / BlueletAudio]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth SCO Audio Service / BlueletSCOAudio]
  <system32\DRIVERS\BlueletSCOAudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[蓝牙音频设备 / btaudio]
  <system32\drivers\btaudio.sys><N/A>
[Bluetooth USB For Bluetooth Service / Btcsrusb]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[蓝牙虚拟通信驱动程序 / BTDriver]
  <system32\DRIVERS\btport.sys><N/A>
[Bluetooth HID Enumerator / BTHidEnum]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[蓝牙总线枚举器 / BTKRNL]
  <system32\DRIVERS\btkrnl.sys><N/A>
[btwhid / btwhid]
  <system32\DRIVERS\btwhid.sys><N/A>
[WIDCOMM USB Bluetooth Driver / BTWUSB]
  <System32\Drivers\btwusb.sys><N/A>
[cdrbsdrv / cdrbsdrv]
  <D:\WINXP\SYSTEM32\DRIVERS\cdrbsdrv.SYS><B.H.A Corporation>
[d343bus / d343bus]
  <\SystemRoot\System32\DRIVERS\d343bus.sys><>
[d343port / d343port]
  <\SystemRoot\System32\DRIVERS\d343port.sys><>
[enodpl / enodpl]
  <System32\drivers\enodpl.sys><N/A>
[USB Flash / Epiusb]
  <System32\Drivers\Epiusb.sys><Ericsson Mobile Communications AB>
[ExpScaner / ExpScaner]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[FILEMON / FILEMON]
  <\SystemRoot\system32\drivers\filem.sys><Sysinternals - www.sysinternals.com>
[BETOP C036 / GAFilter]
  <System32\DRIVERS\B036.sys><N/A>
[Sony Ericsson USB Flash Driver / ggsemc]
  <System32\DRIVERS\ggsemc.sys><Sony Ericsson Mobile Communications>
[HookCont / HookCont]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><N/A>
[HookUrl / HookUrl]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Sony Ericsson 750 driver (WDM) / k750bus]
  <System32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl]
  <System32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm]
  <System32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt]
  <System32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex]
  <System32\DRIVERS\k750obex.sys><MCCI>
[kmsinput / kmsinput]
  <\??\D:\WINXP\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><N/A>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NaiAvFilter1 / NaiAvFilter1]
  <system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1]
  <system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[NetworkX / NetworkX]
  <\SystemRoot\system32\ckldrv.sys><N/A>
[New0 / New0]
  <\??\D:\WINXP\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\E:\Program Files\QQ2004\npkcrypt.sys><INCA Internet Co., Ltd.>
[nvatabus / nvatabus]
  <\SystemRoot\System32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET]
  <System32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp]
  <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[OrangeWare USB 2.0 Root Hub Support / ousb2hub]
  <System32\DRIVERS\ousb2hub.sys><OrangeWare Corporation>
[NEC PCI to USB Enhanced Host Controller / ousbehci]
  <System32\Drivers\ousbehci.sys><OrangeWare Corporation>
[PCTINDIS5 NDIS Protocol Driver / PCTINDIS5]
  <\??\D:\WINXP\System32\PCTINDIS5.SYS><N/A>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Star Force copy protection driver v4 / prodrv04]
  <\SystemRoot\System32\drivers\prodrv04.sys><Protection Technology Co.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Radeon Probe Driver / RadProbe]
  <System32\DRIVERS\RadProbe.sys><N/A>
[RivaTuner / RivaTuner]
  <\??\E:\Program Files\RivaTuner\RivaTuner.sys><N/A>
[RsFwDrv / RsFwDrv]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><N/A>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[tandpl / tandpl]
  <System32\drivers\tandpl.sys><N/A>
[Virtual Serial port driver / VComm]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[Bluetooth HID Device Service / VHidMinidrv]
  <system32\drivers\VHIDMini.sys><IVT Corporation>
[Sony Ericsson W550 driver (WDM) / w550bus]
  <System32\DRIVERS\w550bus.sys><N/A>
[Sony Ericsson W550 USB WMC Modem Filter / w550mdfl]
  <System32\DRIVERS\w550mdfl.sys><N/A>
[Sony Ericsson W550 USB WMC Modem Drivers / w550mdm]
  <System32\DRIVERS\w550mdm.sys><N/A>
[Sony Ericsson W550 USB WMC OBEX Interface Drivers / w550obex]
  <System32\DRIVERS\w550obex.sys><N/A>
[SyGate for NT, WG1N / WG1N]
  <\SystemRoot\SYSTEM32\Drivers\WG1N.sys><Sygate Technologies, Inc.>
[SyGate for NT, WG2N / WG2N]
  <\SystemRoot\SYSTEM32\Drivers\WG2N.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n]
  <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n]
  <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n]
  <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wsdrv / Wsdrv]
  <\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[PC Camera CAMCAN / ZSMC301b]
  <System32\Drivers\usbVM31b.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303]
  <System32\Drivers\usbVM303.sys><VM>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <E:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <E:\PROGRA~1\FlashGet\getflash.dll, N/A>
[MSN Shell 4]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <e:\Program Files\MSNShell\Bin\MSNShell.exe, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ2004\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <E:\Program Files\QQ2004\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINXP\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <D:\WINXP\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <D:\WINXP\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINXP\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\WINXP\system32\msjava.dll, Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <E:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINXP\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINXP\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <E:\PROGRA~1\FlashGet\getflash.dll, N/A>
[上传到QQ网络硬盘]
  <E:\Program Files\QQ2004\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <E:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <E:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\QQ2004\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\QQ2004\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\QQ2004\SendMMS.htm, N/A>
[设为 Messenger Live 头像]
  <E:\Program Files\MSNShell\BIN\SetMSNDP.htm, N/A>

==================================
正在运行的进程
[PID: 496][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][\??\D:\WINXP\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][\??\D:\WINXP\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4115]
[PID: 960][D:\WINXP\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 972][D:\WINXP\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1128][D:\WINXP\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4115]
    [D:\WINXP\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1160][D:\WINXP\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1216][D:\WINXP\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1332][D:\WINXP\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1512][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1648][E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe]  [N/A, N/A]
[PID: 1792][D:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\nailog.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\naXML.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\applib.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\Logging.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\InternetManager.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\naInet.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\UserSpace.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\Management.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\cmalib.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\PsApi.dll]  [Microsoft Corporation, 4.00]
    [D:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\Scheduler.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\TCSubSys.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [D:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  [Network Associates, Inc., 3.5.0.412]
[PID: 1836][D:\Program Files\Network Associates\VirusScan\Mcshield.exe]  [Network Associates, Inc., 8.0.0.251]
    [D:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL]  [Network Associates, Inc., 8.0.0.251]
    [D:\Program Files\Network Associates\VirusScan\FTL.Dll]  [Network Associates, Inc., 8.0.0.135]
    [D:\Program Files\Network Associates\VirusScan\naiann.dll]  [Network Associates, Inc., 8.0.0.306]
    [D:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.306]
    [D:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\VirusScan\NaEventU.DLL]  [Network Associates, Inc., 8.0.0.342]
    [D:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll]  [Network Associates, Inc., 8.0.0.342]
    [D:\Program Files\Network Associates\VirusScan\VSIDSvr.dll]  [Network Associates, Inc., 8.0.0.251]
    [D:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL]  [McAfee, Inc., 4.4.00]
    [D:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\VirusScan\EntSrv.Dll]  [Network Associates, Inc, 8.0.0.277]
    [D:\WINXP\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9818.0]

[PID: 1852][D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.989]
    [D:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\naicondl.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\MIDUtil.Dll]  [McAfee, Inc., 8.0.0.152]
    [D:\Program Files\Network Associates\VirusScan\BBCpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\coptcpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\EmCfgCpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\SEmalRes.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\Product.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\nvpcpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\ftcfg.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.306]
    [D:\Program Files\Network Associates\VirusScan\Res04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [D:\Program Files\Network Associates\VirusScan\OASCpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\vsodscpl.dll]  [Network Associates, Inc., 8.0.0.989]
    [D:\Program Files\Network Associates\VirusScan\ftl.dll]  [Network Associates, Inc., 8.0.0.135]
    [D:\Program Files\Network Associates\VirusScan\vsupdcpl.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 1908][D:\WINXP\System32\snmp.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Network Associates\VirusScan\MCVSSNMP.DLL]  [Network Associates, Inc., 8.0.0.342]
[PID: 1956][D:\WINXP\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 2020][D:\WINXP\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 196][D:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe]  [Network Associates, Inc., 3.5.0.412]
    [D:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\VirusScan\VsPlugin.dll]  [Network Associates, Inc., 8.0.0.989]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1268][D:\WINXP\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][D:\WINXP\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4115]
    [D:\WINXP\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 516][D:\WINXP\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [D:\WINXP\System32\mp3infp.dll]  [win32lab.com, 2.50.5.0]
    [e:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Program Files\Network Associates\VirusScan\shext.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\winxp\system32\contmenu.dll]  [N/A, N/A]
    [E:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
[PID: 1988][D:\Program Files\Microsoft IntelliPoint\point32.exe]  [Microsoft Corporation, 5.40.633.0]
    [D:\Program Files\Microsoft IntelliPoint\point32.dll]  [Microsoft Corporation, 5.40.633.0]
    [D:\Program Files\Microsoft IntelliPoint\dpgmkb.dll]  [Microsoft Corporation, 5.40.633.0]
    [D:\Program Files\Microsoft IntelliPoint\dpgcmd.dll]  [Microsoft Corporation, 5.40.633.0]
    [D:\Program Files\Microsoft IntelliPoint\srres.dll]  [Microsoft Corporation, 5.40.633.0]
    [D:\Program Files\Microsoft IntelliPoint\ipres.dll]  [Microsoft Corporation, 5.40.633.0]
[PID: 1996][D:\WINXP\VM303_STI.EXE]  [Vimicro, 4, 2, 1124, 6]
    [D:\WINXP\system32\msdmo.dll]  [N/A, N/A]
    [D:\WINXP\system32\VM303Prp.Ax]  [Vimicro, 1.00.01.00]
[PID: 2004][D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.989]
    [D:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\shstat.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\Product.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\RES04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [D:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll]  [Network Associates, Inc., 8.0.0.912]
    [D:\Program Files\Network Associates\VirusScan\Graphics.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 2028][D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\nailog.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\naXML.dll]  [Network Associates, Inc., 3.5.0.474]
    [D:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [D:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.5.0.412]
[PID: 2052][D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe]  [Network Associates, Inc., 2.0.275.0]
[PID: 2064][D:\Program Files\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [D:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [D:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2104][D:\WINXP\system32\Ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2696][D:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINXP\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [D:\WINXP\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 0, 9]
    [E:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
    [E:\PROGRA~1\FlashGet\getflash.dll]  [N/A, 1, 0, 0, 1]
[PID: 4028][D:\Documents and Settings\adam\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [D:\Documents and Settings\adam\桌面\sreng2\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINXP\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      www.powernum123.com
127.0.0.1      www.chebl.com
127.0.0.1      www.chebuluo.com
127.0.0.1      www.chebl.com.cn
127.0.0.1      www.chebuluo.com.cn
127.0.0.1      powernum123.com
127.0.0.1      chebuluo.com.cn
127.0.0.1      chebl.com.cn
127.0.0.1      chebuluo.com
127.0.0.1      chebl.com

==================================

高手说句话啊，谢谢啦