狙剑(V2008)-系统体检记录 狙剑下载地址:http://www.ZhuLinFeng.com/ ====================================================== 操作系统:Windows 2003 版本号:5.2.3790.2 (Service Pack 1) ====================================================== SSDT-HOOK: 序号:12 函数:NtAdjustPrivilegesToken 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:18 函数:NtAllocateVirtualMemory 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:21 函数:NtAssignProcessToJobObject 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:27 函数:NtClose 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:43 函数:NtCreateKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:45 函数:NtCreateMutant 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:49 函数:NtCreateProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:50 函数:NtCreateProcessEx 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:52 函数:NtCreateSection 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:55 函数:NtCreateThread 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:59 函数:NtDebugActiveProcess 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:66 函数:NtDeleteKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:68 函数:NtDeleteValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:69 函数:NtDeviceIoControlFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:101 函数:NtLoadDriver 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:108 函数:NtLockVirtualMemory 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:125 函数:NtOpenKey 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:128 函数:NtOpenProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:131 函数:NtOpenSection 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:143 函数:NtProtectVirtualMemory 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:151 函数:NtQueryDirectoryFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:185 函数:NtQueryValueKey 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:188 函数:NtQueueApcThread 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:194 函数:NtReadVirtualMemory 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:200 函数:NtRenameKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:208 函数:NtRequestWaitReplyPort 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:212 函数:NtRestoreKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:221 函数:NtSetContextThread 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:246 函数:NtSetSecurityObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:249 函数:NtSetSystemInformation 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:251 函数:NtSetSystemTime 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:256 函数:NtSetValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:262 函数:NtSuspendProcess 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:263 函数:NtSuspendThread 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:264 函数:NtSystemDebugControl 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:266 函数:NtTerminateProcess 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys HOOK类型:HOOK 序号:267 函数:NtTerminateThread 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK 序号:277 函数:NtUnmapViewOfSection 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:287 函数:NtWriteVirtualMemory 模块:\SystemRoot\system32\drivers\RsPtect.sys HOOK类型:HOOK ====================================================== FSD-HOOK: 序号:0 IRP:IRP_MJ_CREATE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:2 IRP:IRP_MJ_CLOSE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:4 IRP:IRP_MJ_WRITE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:6 IRP:IRP_MJ_SET_INFORMATION HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:13 IRP:IRP_MJ_FILE_SYSTEM_CONTROL HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:18 IRP:IRP_MJ_CLEANUP HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:21 IRP:IRP_MJ_SET_SECURITY HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: ====================================================== 文件过滤系统驱动: 文件系统:\FileSystem\FltMgr 文件:system32\DRIVERS\fltMgr.sys 文件系统:\FileSystem\Ntfs 文件:H:\WINDOWS\system32\drivers\Ntfs.sys ====================================================== 内核Inline-HOOK: 跳转模块:\SystemRoot\system32\drivers\RsPtect.sys Inline-函数:ZwYieldExecution + 0xB90 跳转模块:\SystemRoot\system32\drivers\RsPtect.sys Inline-函数:KeUserModeCallback ====================================================== API-HOOK: 无 ====================================================== 无微软签名进程: 进程:D:\TDDOWNLOAD\sreng2(2)\SREngLdr.EXE 进程:D:\TDDOWNLOAD\sreng2(2)\SRE567fa659.EXE 进程:H:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 进程:H:\WINDOWS\JEALQU9B.exe 进程:i:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe 进程:H:\Documents and Settings\Administrator\桌面\20080305SnipeSword\SnipeSword.exe 进程:system ====================================================== 无微软签名模块 进程:H:\Program Files\Internet Explorer\IEXPLORE.EXE 模块:H:\WINDOWS\system32\uxtheme.dll 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\WINDOWS\system32\conime.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:D:\TDDOWNLOAD\sreng2(2)\SRE567fa659.EXE 模块:D:\TDDOWNLOAD\sreng2(2)\Upload\3rdUpd.DLL 模块:H:\WINDOWS\system32\UxTheme.dll 进程:H:\WINDOWS\system32\wbem\wmiprvse.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\Program Files\Rising\AntiSpyware\knownsvr.exe 模块:H:\Program Files\Rising\AntiSpyware\comx3.dll 模块:H:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:H:\WINDOWS\system32\kmon.dll 模块:H:\Program Files\Rising\AntiSpyware\NComm.dll 进程:H:\WINDOWS\system32\wbem\wmiprvse.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 模块:H:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll 模块:H:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll 模块:H:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll 模块:H:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll 模块:H:\WINDOWS\system32\kmon.dll 模块:H:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll 进程:H:\WINDOWS\system32\ctfmon.exe 模块:H:\WINDOWS\system32\uxtheme.dll 模块:H:\WINDOWS\system32\kmon.dll 进程:L:\360safe\360se\360SE.exe 模块:H:\WINDOWS\system32\SOGOUPY.IME 模块:H:\WINDOWS\system32\Macromed\Flash\Flash8.ocx 模块:H:\WINDOWS\system32\UxTheme.dll 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\WINDOWS\system32\inetsrv\inetinfo.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\WINDOWS\JEALQU9B.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:I:\Program Files\Rising\Rav\rssafety.exe 模块:H:\WINDOWS\system32\UxTheme.dll 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\WINDOWS\Explorer.EXE 模块:i:\Program Files\UltraISO\lang\lang_cn.dll 模块:F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll 模块:F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll 模块:F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll 模块:H:\WINDOWS\system32\RavExt.dll 模块:i:\Program Files\UltraISO\isoshell.dll 模块:H:\Program Files\WinRAR\rarext.dll 模块:H:\WINDOWS\system32\kmon.dll 模块:H:\WINDOWS\system32\UxTheme.dll 进程:H:\WINDOWS\system32\msdtc.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:i:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\SQLFTQRY.DLL 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL 模块:H:\WINDOWS\system32\kmon.dll 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL 模块:i:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL 进程:i:\Program Files\Rising\Rav\ScanFrm.exe 模块:i:\Program Files\Rising\Rav\ScanAdd.dll 模块:i:\Program Files\Rising\Rav\ScanStub.dll 模块:i:\Program Files\Rising\Rav\ScanRavT.dll 模块:i:\Program Files\Rising\Rav\ScanBT.dll 模块:i:\Program Files\Rising\Rav\comx3.dll 模块:i:\Program Files\Rising\Rav\Syslay.dll 模块:i:\Program Files\Rising\Rav\ScanSrv.dll 模块:i:\Program Files\Rising\Rav\proccomm.dll 模块:i:\Program Files\Rising\Rav\scansrvp.dll 模块:i:\Program Files\Rising\Rav\moncomm.dll 模块:i:\Program Files\Rising\Rav\combase.dll 模块:H:\WINDOWS\system32\MSVCP71.dll 进程:i:\Program Files\Rising\Rav\RavMonD.exe 模块:i:\Program Files\Rising\Rav\ur001.dat 模块:i:\Program Files\Rising\Rav\scansct.dll 模块:i:\Program Files\Rising\Rav\extmail.dll 模块:i:\Program Files\Rising\Rav\posttrt.dll 模块:i:\Program Files\Rising\Rav\ur027.dat 模块:i:\Program Files\Rising\Rav\urutils.dll 模块:i:\Program Files\Rising\Rav\revm.dll 模块:i:\Program Files\Rising\Rav\ur000.dat 模块:i:\Program Files\Rising\Rav\scanpe.dll 模块:i:\Program Files\Rising\Rav\pearc.dll 模块:i:\Program Files\Rising\Rav\scanex.dll 模块:i:\Program Files\Rising\Rav\unexe.dll 模块:i:\Program Files\Rising\Rav\scanexec.dll 模块:i:\Program Files\Rising\Rav\nvfile.dll 模块:i:\Program Files\Rising\Rav\ffr.dll 模块:i:\Program Files\Rising\Rav\extfile.dll 模块:i:\Program Files\Rising\Rav\relibldr.dll 模块:i:\Program Files\Rising\Rav\viruslib.dll 模块:i:\Program Files\Rising\Rav\Scanner.dll 模块:i:\Program Files\Rising\Rav\ScanAdd.dll 模块:i:\Program Files\Rising\Rav\RSStore.dll 模块:i:\Program Files\Rising\Rav\refs.dll 模块:i:\Program Files\Rising\Rav\recomp.dll 模块:i:\Program Files\Rising\Rav\BACore.dll 模块:i:\Program Files\Rising\Rav\rsnetsvr.dll 模块:i:\Program Files\Rising\Rav\HookCont.dll 模块:i:\Program Files\Rising\Rav\ProcCom.dll 模块:i:\Program Files\Rising\Rav\RsCommX2.dll 模块:i:\Program Files\Rising\Rav\Hooksys.dll 模块:i:\Program Files\Rising\Rav\comx3.dll 模块:i:\Program Files\Rising\Rav\Syslay.dll 模块:i:\Program Files\Rising\Rav\CfgDll.dll 模块:i:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:i:\Program Files\Rising\Rav\proccomm.dll 模块:i:\Program Files\Rising\Rav\HookWeb.dll 模块:i:\Program Files\Rising\Rav\MailMon.dll 模块:i:\Program Files\Rising\Rav\FileMon.dll 模块:i:\Program Files\Rising\Rav\MonRule.dll 模块:i:\Program Files\Rising\Rav\moncom08.dll 模块:i:\Program Files\Rising\Rav\defmon.dll 模块:i:\Program Files\Rising\Rav\mondrv.dll 模块:i:\Program Files\Rising\Rav\Rslog.dll 模块:i:\Program Files\Rising\Rav\MonBase.dll 模块:i:\Program Files\Rising\Rav\moncomm.dll 模块:H:\WINDOWS\system32\MSVCP71.dll 模块:H:\WINDOWS\system32\kmon.dll 模块:i:\Program Files\Rising\Rav\combase.dll 进程:G:\Program Files\Tencent\QQ\QQ.exe 模块:G:\Program Files\Tencent\QQ\QQSysMsgMng.dll 模块:G:\Program Files\Tencent\QQ\AddrSearch.dll 模块:G:\Program Files\Tencent\QQ\GroupConnection.dll 模块:G:\Program Files\Tencent\QQ\qqgroupdisk.dll 模块:G:\Program Files\Tencent\QQ\QQAddr.dll 模块:G:\Program Files\Tencent\QQ\CommercesMng.dll 模块:H:\WINDOWS\system32\SOGOUPY.IME 模块:G:\Program Files\Tencent\QQ\QQLiveQMng.dll 模块:G:\Program Files\Tencent\QQ\QQSceneMng.dll 模块:G:\Program Files\Tencent\QQ\ImageOle.dll 模块:G:\Program Files\Tencent\QQ\QQMagicFace.dll 模块:G:\Program Files\Tencent\QQ\PersonalDesktop.dll 模块:G:\Program Files\Tencent\QQ\BQQApplication.dll 模块:G:\Program Files\Tencent\QQ\DialerAllinOne.dll 模块:G:\Program Files\Tencent\QQ\PhoneAPI.dll 模块:G:\Program Files\Tencent\QQ\LongConnection.dll 模块:G:\Program Files\Tencent\QQ\QQCustomFace.dll 模块:G:\Program Files\Tencent\QQ\QQConfigPlugin.dll 模块:G:\Program Files\Tencent\QQ\QRingMng.dll 模块:G:\Program Files\Tencent\QQ\QQPet.dll 模块:G:\Program Files\Tencent\QQ\QQGroupMng.dll 模块:G:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll 模块:G:\Program Files\Tencent\QQ\OEMApplication.dll 模块:G:\Program Files\Tencent\QQ\QQAvatar.dll 模块:G:\Program Files\Tencent\QQ\msdmo.dll 模块:H:\WINDOWS\system32\Macromed\Flash\Flash8.ocx 模块:G:\Program Files\Tencent\QQ\vbscript.dll 模块:G:\Program Files\Tencent\QQ\QQPlugin.dll 模块:G:\Program Files\Tencent\QQ\UserDefinedHead.dll 模块:G:\Program Files\Tencent\QQ\QQSpace.dll 模块:G:\Program Files\Tencent\QQ\MailSummary.dll 模块:G:\Program Files\Tencent\QQ\NewSkin.dll 模块:G:\Program Files\Tencent\QQ\FlashAvatarDll.dll 模块:G:\Program Files\Tencent\QQ\CQQApplication.dll 模块:G:\Program Files\Tencent\QQ\QQAllInOne.dll 模块:G:\Program Files\Tencent\QQ\CameraDll.dll 模块:G:\Program Files\Tencent\QQ\SCCore.dll 模块:G:\Program Files\Tencent\QQ\UnReadMsgMgr.dll 模块:G:\Program Files\Tencent\QQ\QQMainFrame.dll 模块:G:\Program Files\Tencent\QQ\gdiplus.dll 模块:G:\Program Files\Tencent\QQ\QQRes.dll 模块:G:\Program Files\Tencent\QQ\LoginCtrlRes.dll 模块:G:\Program Files\Tencent\QQ\LoginCtrl.dll 模块:G:\Program Files\Tencent\QQ\QQAPI.dll 模块:G:\Program Files\Tencent\QQ\RICHED32.DLL 模块:G:\Program Files\Tencent\QQ\RICHED20.dll 模块:H:\WINDOWS\system32\UxTheme.dll 模块:G:\Program Files\Tencent\QQ\QQBaseClassInDll.dll 模块:G:\Program Files\Tencent\QQ\QQHelperDll.dll 模块:G:\Program Files\Tencent\QQ\BasicCtrlDll.dll 模块:G:\Program Files\Tencent\QQ\MFC42.DLL 进程:i:\Program Files\Rising\Rav\CCENTER.EXE 模块:i:\Program Files\Rising\Rav\cnt08.dll 模块:i:\Program Files\Rising\Rav\cnt09.dll 模块:H:\WINDOWS\system32\kmon.dll 模块:i:\Program Files\Rising\Rav\combase.dll 进程:H:\WINDOWS\System32\svchost.exe 模块:H:\WINDOWS\System32\UxTheme.dll 进程:G:\Program Files\Tencent\QQ\TXPlatform.exe 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\Documents and Settings\Administrator\桌面\20080305SnipeSword\SnipeSword.exe 模块:H:\WINDOWS\system32\UxTheme.dll 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\Program Files\Outlook Express\msimn.exe 模块:H:\WINDOWS\system32\uxtheme.dll 模块:H:\WINDOWS\system32\kmon.dll 进程:H:\WINDOWS\system32\winlogon.exe 模块:H:\WINDOWS\system32\uxtheme.dll 进程:H:\Program Files\Internet Explorer\IEXPLORE.EXE 模块:H:\WINDOWS\system32\kmon.dll 进程:i:\Program Files\Rising\Rav\RsTray.exe 模块:i:\Program Files\Rising\Rav\rsmginfo.dll 模块:i:\Program Files\Rising\Rav\ScanPrxy.dll 模块:i:\Program Files\Rising\Rav\RavITray.dll 模块:i:\Program Files\Rising\Rav\PngDll.dll 模块:H:\WINDOWS\system32\UxTheme.dll 模块:i:\Program Files\Rising\Rav\MonTray.dll 模块:i:\Program Files\Rising\Rav\mruleui.dll 模块:i:\Program Files\Rising\Rav\ravbintl.dll 模块:i:\Program Files\Rising\Rav\rspalvd.dll 模块:i:\Program Files\Rising\Rav\CfgDll.dll 模块:i:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:i:\Program Files\Rising\Rav\rsconf.dll 模块:i:\Program Files\Rising\Rav\rsguilib.dll 模块:H:\WINDOWS\system32\MFC71.DLL 模块:i:\Program Files\Rising\Rav\ScanEvnt.dll 模块:i:\Program Files\Rising\Rav\MonState.dll 模块:i:\Program Files\Rising\Rav\ProcComm.dll 模块:i:\Program Files\Rising\Rav\rsxml.dll 模块:i:\Program Files\Rising\Rav\comx3.dll 模块:i:\Program Files\Rising\Rav\Syslay.dll 模块:i:\Program Files\Rising\Rav\rslang.dll 模块:i:\Program Files\Rising\Rav\ComServ.dll 模块:H:\WINDOWS\system32\MSVCP71.dll 进程:i:\Program Files\Rising\Rav\rsnetsvr.exe 模块:i:\Program Files\Rising\Rav\ProcComm.dll 模块:H:\WINDOWS\system32\MSVCP71.dll 模块:i:\Program Files\Rising\Rav\comx3.dll 模块:i:\Program Files\Rising\Rav\Syslay.dll 模块:i:\Program Files\Rising\Rav\NComm.dll 进程:i:\Program Files\Rising\Rav\RavTask.exe 模块:i:\Program Files\Rising\Rav\rstask.dll 模块:i:\Program Files\Rising\Rav\rsstub.dll 模块:i:\Program Files\Rising\Rav\proccomm.dll 模块:H:\WINDOWS\system32\MSVCP71.dll 模块:i:\Program Files\Rising\Rav\CfgDll.dll 模块:i:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:i:\Program Files\Rising\Rav\rsconf.dll 模块:H:\WINDOWS\system32\kmon.dll ====================================================== 无签名自启动项(包含了IE劫持、服务、SPI等): 名称: 注册键:◆ Task ↓ 注册值: 类别: 名称:SchedLgU.Txt 注册键:H:\WINDOWS\Tasks\ 注册值:H:\WINDOWS\Tasks\SchedLgU.Txt 类别:10 名称:SogouImeMgr.job 注册键:H:\WINDOWS\Tasks\ 注册值:H:\WINDOWS\Tasks\SogouImeMgr.job 类别:10 名称: 注册键:◆ Logon Run ↓ 注册值: 类别: 名称: 注册键:◆ Serivce And Drivers ↓ 注册值: 类别: 名称:Changer 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\Changer.sys 类别:21 名称:HOSTNT 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\H:\WINDOWS\system32\drivers\hostnt.sys 类别:21 名称:i2omgmt 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\i2omgmt.sys 类别:21 名称:IpInIp 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\ipinip.sys 类别:21 名称:ISODrive 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\i:\Program Files\UltraISO\drivers\ISODrive.sys 类别:21 名称:LicenseInfo 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\LicenseInfo.sys 类别:21 名称:MHDRV 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\H:\WINDOWS\system32\drivers\mhdrv.sys 类别:21 名称:MSSEARCH 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:"H:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" 类别:21 名称:MSSQLSERVER 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:i:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe 类别:21 名称:MSSQLServerADHelper 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 类别:21 名称:PDCOMP 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\PDCOMP.sys 类别:21 名称:PDFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\PDFRAME.sys 类别:21 名称:PDRELI 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\PDRELI.sys 类别:21 名称:PDRFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\PDRFRAME.sys 类别:21 名称:RCMHDOG 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\H:\WINDOWS\system32\drivers\rcmhdog.sys 类别:21 名称:Remote Procedure Call (PPR) 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\system32\serverss 类别:21 名称:SQLSERVERAGENT 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:i:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe 类别:21 名称:WDICA 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\WDICA.sys 类别:21 名称:Winsock 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:H:\WINDOWS\System32\Drivers\Winsock.sys 类别:21 名称:HidServ 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:%SystemRoot%\System32\hidserv.dll 类别:11 名称: 注册键:◆ AppInit ↓ 注册值: 类别: 名称: 注册键:◆ Internet Explorer ↓ 注册值: 类别: 名称:{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units 注册值:http://download.rising.com.cn/rs2008/online/notvista/ravolctl.cab 类别:6 名称:使用迅雷下载 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:F:\Program Files\Thunder Network\Thunder\Program\geturl.htm 类别:1 名称:使用迅雷下载全部链接 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm 类别:1 名称: 注册键:◆ Internet Explorer ActiveX ↓ 注册值: 类别: 名称:{6E227101-F799-11CF-9227-00AA00A1EB95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:H:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{D24D4453-1F01-11d1-8E63-006097D2DF48} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:H:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll 类别:4 名称: 注册键:◆ Internet Explorer BHO ↓ 注册值: 类别: 名称: 注册键:◆ Explorer ↓ 注册值: 类别: 名称:application/octet-stream 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:H:\WINDOWS\system32\mscoree.dll 类别:8 名称:application/x-complus 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:H:\WINDOWS\system32\mscoree.dll 类别:8 名称:application/x-msdownload 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:H:\WINDOWS\system32\mscoree.dll 类别:8 名称:K 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 注册值:K:\AUTORUN.exe 类别:13 名称: 注册键:◆ Explorer ShellEx ↓ 注册值: 类别: 名称:UltraISO 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers 注册值:i:\Program Files\UltraISO\isoshell.dll 类别:9 名称:UltraISO 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 注册值:i:\Program Files\UltraISO\isoshell.dll 类别:9 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 注册值:H:\Program Files\WinRAR\rarext.dll 类别:9 名称:UltraISO 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers 注册值:i:\Program Files\UltraISO\isoshell.dll 类别:9 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers 注册值:H:\Program Files\WinRAR\rarext.dll 类别:9 名称:{88895560-9AA2-1069-930E-00AA0030EBC8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:hticons.dll 类别:7 名称:{1D2680C9-0E2A-469d-B787-065558BC7D43} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:H:\WINDOWS\system32\mscoree.dll 类别:7 名称:{AD392E40-428C-459F-961E-9B147782D099} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:i:\Program Files\UltraISO\isoshell.dll 类别:7 名称:{B41DB860-8EE4-11D2-9906-E49FADC173CA} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:H:\Program Files\WinRAR\rarext.dll 类别:7 名称: 注册键:◆ ImageFile Hijacks ↓ 注册值: 类别: 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers 注册值:H:\Program Files\WinRAR\rarext.dll 类别:9 名称: 注册键:◆ Session Manager ↓ 注册值: 类别: 名称: 注册键:◆ Other ↓ 注册值: 类别: ====================================================== 无签名内核模块: 模块基址:F58D8000 模块:\??\h:\documents and settings\administrator\桌面\20080305snipesword\SnipeSword.sys 模块基址:F6320000 模块:\??\H:\WINDOWS\system32\drivers\rcmhdog.sys 模块基址:F7877000 模块:\??\H:\WINDOWS\system32\drivers\GSMHWDM.SYS 模块基址:F65A2000 模块:\??\H:\WINDOWS\system32\drivers\mhdrv.sys 模块基址:F7B42000 模块:\??\H:\WINDOWS\system32\drivers\hostnt.sys 模块基址:F76A7000 模块:\SystemRoot\System32\Drivers\dump_WMILIB.SYS 模块基址:F6C30000 模块:\SystemRoot\System32\Drivers\dump_atapi.sys 模块基址:F6CBB000 模块:\??\i:\Program Files\UltraISO\drivers\ISODrive.sys 模块基址:85FCC5E8 模块: ====================================================== 硬件设备及其支持文件列表: ====================================================== 当前已安装软件列表: 无 ====================================================== Host文件: 127.0.0.1 localhost ====================================================== 系统体检全部完成 2009-02-16-14:56:59