狙剑(V2008)-系统体检记录 狙剑下载地址:http://www.ZhuLinFeng.com/ ====================================================== 操作系统:Windows XP 版本号:5.1.2600.2 (Service Pack 3) ====================================================== SSDT-HOOK: 序号:11 函数:NtAdjustPrivilegesToken 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:17 函数:NtAllocateVirtualMemory 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:19 函数:NtAssignProcessToJobObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:41 函数:NtCreateKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:43 函数:NtCreateMutant 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:47 函数:NtCreateProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:48 函数:NtCreateProcessEx 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:50 函数:NtCreateSection 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:53 函数:NtCreateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:57 函数:NtDebugActiveProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:63 函数:NtDeleteKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:65 函数:NtDeleteValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:66 函数:NtDeviceIoControlFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:68 函数:NtDuplicateObject 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:97 函数:NtLoadDriver 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:103 函数:NtLockVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:119 函数:NtOpenKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:122 函数:NtOpenProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:125 函数:NtOpenSection 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:137 函数:NtProtectVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:145 函数:NtQueryDirectoryFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:177 函数:NtQueryValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:180 函数:NtQueueApcThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:192 函数:NtRenameKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:200 函数:NtRequestWaitReplyPort 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:204 函数:NtRestoreKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:213 函数:NtSetContextThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:237 函数:NtSetSecurityObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:240 函数:NtSetSystemInformation 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:242 函数:NtSetSystemTime 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:247 函数:NtSetValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:253 函数:NtSuspendProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:254 函数:NtSuspendThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:255 函数:NtSystemDebugControl 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:257 函数:NtTerminateProcess 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:258 函数:NtTerminateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:267 函数:NtUnmapViewOfSection 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:277 函数:NtWriteVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK ====================================================== FSD-HOOK: 序号:0 IRP:IRP_MJ_CREATE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:2 IRP:IRP_MJ_CLOSE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:4 IRP:IRP_MJ_WRITE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:6 IRP:IRP_MJ_SET_INFORMATION HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:13 IRP:IRP_MJ_FILE_SYSTEM_CONTROL HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:18 IRP:IRP_MJ_CLEANUP HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:21 IRP:IRP_MJ_SET_SECURITY HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: ====================================================== 文件过滤系统驱动: 文件系统:\FileSystem\Ntfs 文件:C:\WINDOWS\system32\drivers\Ntfs.sys ====================================================== 内核Inline-HOOK: 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A8DA 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A77F 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A74A 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A726 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A6C3 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A61A 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A5F3 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A4E4 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A42A 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A392 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A314 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A2A2 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A1EA 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A103 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A0EC 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A0E4 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A0CF 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A0B5 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A08A 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x1A060 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x19F8F 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x19F22 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x19ED2 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x19EA0 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x19E52 跳转模块:\WINDOWS\system32\ntoskrnl.exe Inline-函数:RtlCompressBuffer + 0x19E0E ====================================================== API-HOOK: 无 ====================================================== 无微软签名进程: 进程:E:\TDDOWNLOAD\狙剑V2008-0429\SnipeSword.exe 进程:system ====================================================== 无微软签名模块 进程:C:\WINDOWS\System32\alg.exe 模块:C:\WINDOWS\System32\UxTheme.dll 模块:C:\WINDOWS\System32\MSWSOCK.DLL 进程:C:\WINDOWS\system32\ctfmon.exe 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\hkcmd.exe 模块:C:\WINDOWS\system32\SOGOUPY.IME 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\system32\igfxpers.exe 模块:C:\WINDOWS\system32\uxtheme.dll 进程:D:\Program Files\Rising\Rav\rsnetsvr.exe 模块:C:\WINDOWS\system32\uxtheme.dll 模块:D:\Program Files\Rising\Rav\ProcComm.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:D:\Program Files\Rising\Rav\comx3.dll 模块:D:\Program Files\Rising\Rav\Syslay.dll 模块:D:\Program Files\Rising\Rav\NComm.dll 模块:C:\WINDOWS\system32\WININET.dll 进程:C:\WINDOWS\system32\igfxtray.exe 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\system32\igfxsrvc.exe 模块:C:\WINDOWS\system32\uxtheme.dll 进程:D:\Program Files\Rising\Rav\CCENTER.EXE 模块:C:\WINDOWS\system32\uxtheme.dll 模块:D:\Program Files\Rising\Rav\cnt08.dll 模块:D:\Program Files\Rising\Rav\cnt09.dll 模块:D:\Program Files\Rising\Rav\combase.dll 进程:D:\Program Files\Rising\Rav\RsTray.exe 模块:C:\WINDOWS\system32\DNSAPI.dll 模块:C:\WINDOWS\System32\mswsock.dll 模块:D:\Program Files\Rising\Rav\rsmginfo.dll 模块:D:\Program Files\Rising\Rav\ScanPrxy.dll 模块:D:\Program Files\Rising\Rav\RavITray.dll 模块:D:\Program Files\Rising\Rav\PngDll.dll 模块:D:\Program Files\Rising\Rav\MonTray.dll 模块:D:\Program Files\Rising\Rav\mruleui.dll 模块:D:\Program Files\Rising\Rav\ravbintl.dll 模块:C:\WINDOWS\system32\WININET.dll 模块:D:\Program Files\Rising\Rav\rspalvd.dll 模块:D:\Program Files\Rising\Rav\CfgDll.dll 模块:D:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:D:\Program Files\Rising\Rav\rsconf.dll 模块:D:\Program Files\Rising\Rav\rsguilib.dll 模块:C:\WINDOWS\system32\MFC71.DLL 模块:D:\Program Files\Rising\Rav\ScanEvnt.dll 模块:D:\Program Files\Rising\Rav\MonState.dll 模块:D:\Program Files\Rising\Rav\ProcComm.dll 模块:D:\Program Files\Rising\Rav\rsxml.dll 模块:D:\Program Files\Rising\Rav\comx3.dll 模块:D:\Program Files\Rising\Rav\Syslay.dll 模块:D:\Program Files\Rising\Rav\rslang.dll 模块:D:\Program Files\Rising\Rav\ComServ.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:D:\Program Files\Rising\Rav\RavTask.exe 模块:D:\Program Files\Rising\Rav\rstask.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:D:\Program Files\Rising\Rav\rsstub.dll 模块:D:\Program Files\Rising\Rav\proccomm.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:D:\Program Files\Rising\Rav\CfgDll.dll 模块:D:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:D:\Program Files\Rising\Rav\rsconf.dll 进程:D:\Program Files\Rising\Rav\ScanFrm.exe 模块:C:\WINDOWS\system32\sfc_os.dll 模块:D:\Program Files\Rising\Rav\ScanAdd.dll 模块:D:\Program Files\Rising\Rav\ScanStub.dll 模块:D:\Program Files\Rising\Rav\ScanRavT.dll 模块:D:\Program Files\Rising\Rav\ScanBT.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:D:\Program Files\Rising\Rav\comx3.dll 模块:D:\Program Files\Rising\Rav\Syslay.dll 模块:D:\Program Files\Rising\Rav\ScanSrv.dll 模块:D:\Program Files\Rising\Rav\proccomm.dll 模块:D:\Program Files\Rising\Rav\scansrvp.dll 模块:D:\Program Files\Rising\Rav\moncomm.dll 模块:D:\Program Files\Rising\Rav\combase.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 进程:C:\WINDOWS\system32\lsass.exe 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\UxTheme.dll 模块:C:\WINDOWS\system32\DNSAPI.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:D:\Program Files\Rising\Rav\RavMonD.exe 模块:D:\Program Files\Rising\Rav\ur023.dat 模块:D:\Program Files\Rising\Rav\revm.dll 模块:D:\Program Files\Rising\Rav\urutils.dll 模块:D:\Program Files\Rising\Rav\ur000.dat 模块:D:\Program Files\Rising\Rav\scanpe.dll 模块:D:\Program Files\Rising\Rav\pearc.dll 模块:D:\Program Files\Rising\Rav\scansct.dll 模块:D:\Program Files\Rising\Rav\extmail.dll 模块:D:\Program Files\Rising\Rav\scanex.dll 模块:D:\Program Files\Rising\Rav\unexe.dll 模块:D:\Program Files\Rising\Rav\scanexec.dll 模块:D:\Program Files\Rising\Rav\extfile.dll 模块:D:\Program Files\Rising\Rav\nvfile.dll 模块:D:\Program Files\Rising\Rav\ffr.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\mswsock.dll 模块:D:\Program Files\Rising\Rav\relibldr.dll 模块:D:\Program Files\Rising\Rav\viruslib.dll 模块:D:\Program Files\Rising\Rav\Scanner.dll 模块:D:\Program Files\Rising\Rav\ScanAdd.dll 模块:D:\Program Files\Rising\Rav\RSStore.dll 模块:D:\Program Files\Rising\Rav\refs.dll 模块:D:\Program Files\Rising\Rav\recomp.dll 模块:C:\WINDOWS\system32\sfc_os.dll 模块:D:\Program Files\Rising\Rav\BACore.dll 模块:D:\Program Files\Rising\Rav\rsnetsvr.dll 模块:D:\Program Files\Rising\Rav\HookCont.dll 模块:D:\Program Files\Rising\Rav\ProcCom.dll 模块:D:\Program Files\Rising\Rav\RsCommX2.dll 模块:D:\Program Files\Rising\Rav\Hooksys.dll 模块:D:\Program Files\Rising\Rav\comx3.dll 模块:D:\Program Files\Rising\Rav\Syslay.dll 模块:D:\Program Files\Rising\Rav\CfgDll.dll 模块:D:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:D:\Program Files\Rising\Rav\proccomm.dll 模块:D:\Program Files\Rising\Rav\HookWeb.dll 模块:D:\Program Files\Rising\Rav\MailMon.dll 模块:D:\Program Files\Rising\Rav\FileMon.dll 模块:D:\Program Files\Rising\Rav\MonRule.dll 模块:D:\Program Files\Rising\Rav\moncom08.dll 模块:D:\Program Files\Rising\Rav\defmon.dll 模块:D:\Program Files\Rising\Rav\mondrv.dll 模块:D:\Program Files\Rising\Rav\Rslog.dll 模块:D:\Program Files\Rising\Rav\MonBase.dll 模块:D:\Program Files\Rising\Rav\moncomm.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:D:\Program Files\Rising\Rav\combase.dll 进程:C:\WINDOWS\system32\svchost 模块:C:\WINDOWS\system32\DNSAPI.dll 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\System32\svchost.exe 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\WININET.dll 模块:c:\windows\system32\DNSAPI.dll 模块:C:\WINDOWS\System32\UxTheme.dll 进程:E:\TDDOWNLOAD\狙剑V2008-0429\SnipeSword.exe 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\wininet.dll 进程:C:\WINDOWS\system32\inetsrv\inetinfo.exe 模块:C:\WINDOWS\system32\inetsrv\iislog.dll 模块:C:\WINDOWS\system32\inetsrv\httpext.dll 模块:C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 模块:C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\fpexedll.dll 模块:C:\WINDOWS\system32\inetsrv\md5filt.dll 模块:C:\WINDOWS\system32\inetsrv\aqueue.dll 模块:C:\WINDOWS\system32\inetsrv\seo.dll 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\inetsrv\w3svc.dll 模块:C:\WINDOWS\system32\inetsrv\ftpsvc2.dll 模块:C:\WINDOWS\system32\inetsrv\SMTPSVC.dll 模块:C:\WINDOWS\system32\RWNH.dll 模块:C:\WINDOWS\system32\DNSAPI.dll 模块:C:\WINDOWS\system32\inetsrv\INFOCOMM.dll 模块:C:\WINDOWS\system32\inetsrv\IISFECNV.dll 模块:C:\WINDOWS\system32\inetsrv\admexs.dll 模块:C:\WINDOWS\system32\IISMAP.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\inetsrv\iisadmin.dll 模块:C:\WINDOWS\system32\inetsrv\COADMIN.dll 模块:C:\WINDOWS\system32\ADMWPROX.dll 模块:C:\WINDOWS\system32\IisRTL.DLL 进程:C:\WINDOWS\system32\spoolsv.exe 模块:C:\WINDOWS\System32\mswsock.dll 模块:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll 模块:C:\WINDOWS\system32\mdimon.dll 模块:C:\WINDOWS\system32\sfc_os.dll 模块:C:\WINDOWS\system32\DNSAPI.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\Program Files\Internet Explorer\iexplore.exe 模块:C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx 模块:C:\WINDOWS\system32\SOGOUPY.IME 模块:C:\WINDOWS\system32\vbscript.dll 模块:C:\WINDOWS\system32\jscript.dll 模块:D:\Program Files\Rising\Rav\RavScrCh.dll 模块:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 模块:C:\WINDOWS\system32\mshtml.dll 模块:C:\WINDOWS\system32\DNSAPI.dll 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\shdoclc.dll 模块:d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll 模块:D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll 模块:C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll 模块:D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\WININET.dll 进程:C:\WINDOWS\system32\svchost 模块:C:\WINDOWS\system32\UxTheme.dll 进程:D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe 模块:D:\Program Files\Thunder Network\Thunder\Program\bd.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Tips\XLSkin.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll 模块:D:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll 模块:D:\Program Files\Thunder Network\Thunder\Plugins\GouGouTop\GouGouTop.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrUpdate.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrSoftIdentifier.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrKernel.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrThunderHost.dll 模块:D:\Program Files\Thunder Network\Thunder\Plugins\NetGame\XLNetGame.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\xldcsubtask.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll 模块:C:\WINDOWS\system32\vbscript.dll 模块:C:\WINDOWS\system32\jscript.dll 模块:D:\Program Files\Rising\Rav\RavScrCh.dll 模块:D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Security\SafeStatistic.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Security\SafeManager.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Security\ConfigManager.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\imdt.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\XLNetU.Dll 模块:D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\emule_id.dll 模块:C:\WINDOWS\system32\mshtml.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\p2sp_pd.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL 模块:D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed20.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\sl.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\media_data.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\al.dll 模块:C:\WINDOWS\system32\quartz.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\stream.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\xldc.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\p2p.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll 模块:C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx 模块:D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\p2p_network_com.dll 模块:C:\WINDOWS\system32\DNSAPI.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\ptl.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\fs.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\p2sp.dll 模块:C:\WINDOWS\system32\shdoclc.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\zlib1.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll 模块:D:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL 模块:C:\WINDOWS\system32\MSWSOCK.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\mp.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\WININET.dll 模块:D:\Program Files\Thunder Network\Thunder\Program\BugReport.dll 进程:C:\WINDOWS\Explorer.EXE 模块:C:\WINDOWS\system32\RavExt.dll 模块:C:\Program Files\WinRAR\rarext.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll 模块:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll 模块:D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll 模块:D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:C:\WINDOWS\system32\shdoclc.dll 模块:C:\Program Files\FreeLaunchBar\flb.dll 模块:C:\WINDOWS\system32\UxTheme.dll 模块:C:\WINDOWS\system32\WININET.dll 进程:C:\WINDOWS\system32\winlogon.exe 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\sfc_os.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\system32\mswsock.dll 模块:C:\WINDOWS\system32\WININET.dll 模块:c:\windows\system32\DNSAPI.dll 模块:C:\WINDOWS\system32\UxTheme.dll ====================================================== 无签名自启动项(包含了IE劫持、服务、SPI等): 名称: 注册键:◆ Task ↓ 注册值: 类别: 名称:SogouImeMgr.job 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\SogouImeMgr.job 类别:10 名称: 注册键:◆ Logon Run ↓ 注册值: 类别: 名称: 注册键:◆ Logon Startup ↓ 注册值: 类别: 名称:中国网通.lnk 注册键:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ 注册值:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\中国网通.lnk 类别:10 名称: 注册键:◆ Serivce And Drivers ↓ 注册值: 类别: 名称:AFD 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\SystemRoot\System32\drivers\afd.sys 类别:21 名称:Alidevice 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\Alidevice.sys 类别:21 名称:Changer 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\Changer.sys 类别:21 名称:GMSIPCI 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\F:\INSTALL\GMSIPCI.SYS 类别:21 名称:i2omgmt 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\i2omgmt.sys 类别:21 名称:lbrtfdc 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\lbrtfdc.sys 类别:21 名称:nvrd32 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\nvrd32.sys 类别:21 名称:PCIDump 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PCIDump.sys 类别:21 名称:PDCOMP 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDCOMP.sys 类别:21 名称:PDFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDFRAME.sys 类别:21 名称:PDRELI 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDRELI.sys 类别:21 名称:PDRFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDRFRAME.sys 类别:21 名称:Tcpip 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\tcpip.sys 类别:21 名称:viamraid 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\viamraid.sys 类别:21 名称:WDICA 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\WDICA.sys 类别:21 名称:Winsock 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\Winsock.sys 类别:21 名称:HidServ 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:%SystemRoot%\System32\hidserv.dll 类别:11 名称:Nla 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:%SystemRoot%\System32\mswsock.dll 类别:11 名称:pnutqcho 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\system32\dtbcgsvd.dll 类别:11 名称: 注册键:◆ WinLogon ↓ 注册值: 类别: 名称:SCRNSAVE.EXE 注册键:HKEY_CURRENT_USER\Control Panel\Desktop 注册值:C:\WINDOWS\System32\bubbles.scr 类别:3 名称: 注册键:◆ Internet Explorer ↓ 注册值: 类别: 名称:{488A4255-3236-44B3-8F27-FA1AECAA8844} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units 注册值:https://img.alipay.com/download/2121/aliedit.cab 类别:6 名称:AutoConfigProxy 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 注册值:wininet.dll 类别:3 名称:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\WINDOWS\system32\msjava.dll 类别:4 名称:{6483F145-A768-4C41-AACC-52D4D7845851} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work 类别:4 名称:{693571CB-54A3-4E90-9D52-EEAE1334E2D3} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work 类别:4 名称:{6DBB2904-082D-4DB0-944A-21C22BA121F4} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\WINDOWS\system32\BANKCE~1.DLL 类别:4 名称: 注册键:◆ Internet Explorer Extersions ↓ 注册值: 类别: 名称:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions 注册值:C:\WINDOWS\system32\msjava.dll 类别:4 名称: 注册键:◆ Internet Explorer ActiveX ↓ 注册值: 类别: 名称:{03D9F3F2-B0E3-11D2-B081-006008039BF0} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\javaprxy.dll 类别:4 名称:{08B0e5c0-4FCB-11CF-AAA5-00401C608501} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\msjava.dll 类别:4 名称:{13de4a42-8d21-4c8e-bf9c-8f69cb068fca} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\INK\INKOBJ.DLL 类别:4 名称:{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:"C:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll" 类别:4 名称:{1833c110-b3a3-4dc0-90b5-ea58424d46b3} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:mscoree.dll 类别:4 名称:{250770F3-6AF2-11CF-A915-008029E31FCD} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMARQ.OCX 类别:4 名称:{2bde808f-0ee2-4d4f-9d8a-997c590aeb55} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Visual Studio 8\Visual Studio Tools for Office\VSTOApartmentShim.dll 类别:4 名称:{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\quartz.dll 类别:4 名称:{3050F391-98B5-11CF-BB82-00AA00BDCE0B} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\mshtml.dll 类别:4 名称:{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\mshtml.dll 类别:4 名称:{3050F667-98B5-11CF-BB82-00AA00BDCE0B} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\mshtml.dll 类别:4 名称:{3050F67D-98B5-11CF-BB82-00AA00BDCE0B} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\mshtml.dll 类别:4 名称:{314111b8-a502-11d2-bbca-00c04f8ec294} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Help\hxvz.dll 类别:4 名称:{314111c6-a502-11d2-bbca-00c04f8ec294} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Help\hxvz.dll 类别:4 名称:{32DA2B15-CFED-11D1-B747-00C04FC2B085} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\scrrun.dll 类别:4 名称:{51B4ABF3-748F-4E3B-A276-C828330E926A} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\quartz.dll 类别:4 名称:{7F5B7F63-F06F-4331-8A26-339E03C0AE3D} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\WMI\wmiscriptutils.dll 类别:4 名称:{8422DAE3-9929-11CF-B8D3-004033373DA8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX 类别:4 名称:{8422DAE7-9929-11CF-B8D3-004033373DA8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX 类别:4 名称:{8E26BFC1-AFD6-11CF-BFFC-00AA003CFDFC} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\vmhelper.dll 类别:4 名称:{a8dfb9a0-8a20-479f-b538-9387c5eeba2b} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\quartz.dll 类别:4 名称:{AE24FDAE-03C6-11D1-8B76-0080C744F389} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\mshtml.dll 类别:4 名称:{d542c249-a028-4abc-9e57-58b5ed151c3f} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\mscoree.dll 类别:4 名称:{E4979309-7A32-495E-8A92-7B014AAD4961} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\quartz.dll 类别:4 名称:{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\msagent\AgentCtl.dll 类别:4 名称:{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:"C:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll" 类别:4 名称: 注册键:◆ Internet Explorer Bar ↓ 注册值: 类别: 名称:{8C84B9F5-3D9E-4204-BB0B-F85D46455868} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars 注册值:mscoree.dll 类别:4 名称: 注册键:◆ Internet Explorer BHO ↓ 注册值: 类别: 名称: 注册键:◆ Explorer ↓ 注册值: 类别: 名称:about 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:%SystemRoot%\system32\mshtml.dll 类别:8 名称:javascript 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:%SystemRoot%\system32\mshtml.dll 类别:8 名称:mailto 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:%SystemRoot%\system32\mshtml.dll 类别:8 名称:ms-help 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll 类别:8 名称:res 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:%SystemRoot%\system32\mshtml.dll 类别:8 名称:sysimage 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:%SystemRoot%\system32\mshtml.dll 类别:8 名称:vbscript 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:%SystemRoot%\system32\mshtml.dll 类别:8 名称:application/octet-stream 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:mscoree.dll 类别:8 名称:application/x-complus 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:mscoree.dll 类别:8 名称:application/x-msdownload 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:mscoree.dll 类别:8 名称:{89B4C1CD-B018-4511-B0A1-5476DBF70820} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components 注册值:C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install 类别:1 名称: 注册键:◆ Explorer ShellEx ↓ 注册值: 类别: 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称:{42071714-76d4-11d1-8b24-00a0c9068ff3} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:deskpan.dll 类别:7 名称:{60254CA5-953B-11CF-8C96-00AA00B8708C} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\WINDOWS\system32\wshext.dll 类别:7 名称:{143A62C8-C33B-11D1-84FE-00C04FA34A14} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\WINDOWS\msagent\AgentPsh.dll 类别:7 名称:{B41DB860-8EE4-11D2-9906-E49FADC173CA} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\Program Files\WinRAR\rarext.dll 类别:7 名称:{e82a2d71-5b2f-43a0-97b8-81be15854de8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\WINDOWS\system32\dfshim.dll 类别:7 名称:{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\WINDOWS\system32\dfshim.dll 类别:7 名称: 注册键:◆ LSA Providers ↓ 注册值: 类别: 名称:Security Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:channel 类别:3 名称:Security Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:sv1_0 类别:3 名称: 注册键:◆ WinSocket ↓ 注册值: 类别: 名称:000000000001 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000002 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000003 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000006 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000007 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000008 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000009 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000010 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000011 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000012 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000013 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000014 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000015 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000016 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000017 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 注册值:%SystemRoot%\system32\mswsock.dll 类别:22 名称:000000000001 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries 注册值:%SystemRoot%\System32\mswsock.dll 类别:22 名称:000000000003 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries 注册值:%SystemRoot%\System32\mswsock.dll 类别:22 名称: 注册键:◆ ImageFile Hijacks ↓ 注册值: 类别: 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称: 注册键:◆ Print Monitors ↓ 注册值: 类别: 名称: 注册键:◆ Session Manager ↓ 注册值: 类别: 名称: 注册键:◆ Other ↓ 注册值: 类别: ====================================================== 无签名内核模块: 模块基址:A7045000 模块:\??\e:\tddownload\狙剑v2008-0429\SnipeSword.sys 模块基址:A8E05000 模块:\SystemRoot\System32\drivers\afd.sys 模块基址:A8E9D000 模块:\SystemRoot\system32\DRIVERS\tcpip.sys 模块基址:F77DF000 模块:\SystemRoot\System32\Drivers\Alidevice.SYS 模块基址:F745A000 模块:viamraid.sys 模块基址:F748F000 模块:nvrd32.sys ====================================================== 硬件设备及其支持文件列表: 设备:Intel(R) G41 Express Chipset 支持文件:oem6.inf 支持文件:igxpmp32.sys 支持文件:igxpco32.dll 支持文件:igxprd32.dll 支持文件:igxpgd32.dll 支持文件:igxpdv32.dll 支持文件:igxpdx32.dll 支持文件:iglicd32.dll 支持文件:igldev32.dll 支持文件:ig4icd32.dll 支持文件:ig4dev32.dll 支持文件:igxpxk32.vp 支持文件:igxpxs32.vp 支持文件:igfxress.dll 支持文件:igfxrenu.lrc 支持文件:igfxrara.lrc 支持文件:igfxrchs.lrc 支持文件:igfxrcht.lrc 支持文件:igfxrdan.lrc 支持文件:igfxrdeu.lrc 支持文件:igfxresp.lrc 支持文件:igfxrfin.lrc 支持文件:igfxrfra.lrc 支持文件:igfxrheb.lrc 支持文件:igfxrita.lrc 支持文件:igfxrjpn.lrc 支持文件:igfxrkor.lrc 支持文件:igfxrnld.lrc 支持文件:igfxrnor.lrc 支持文件:igfxrplk.lrc 支持文件:igfxrptb.lrc 支持文件:igfxrptg.lrc 支持文件:igfxrrus.lrc 支持文件:igfxrsky.lrc 支持文件:igfxrslv.lrc 支持文件:igfxrsve.lrc 支持文件:igfxrtha.lrc 支持文件:igfxrcsy.lrc 支持文件:igfxrell.lrc 支持文件:igfxrhun.lrc 支持文件:igfxrtrk.lrc 支持文件:hccutils.dll 支持文件:igfxsrvc.dll 支持文件:igfxsrvc.exe 支持文件:igfxpph.dll 支持文件:igfxcpl.cpl 支持文件:igfxcfg.exe 支持文件:igfxdgps.dll 支持文件:igfxdev.dll 支持文件:igfxdo.dll 支持文件:igfxtray.exe 支持文件:hkcmd.exe 支持文件:oemdspif.dll 支持文件:igfxext.exe 支持文件:igfxexps.dll 支持文件:igfxpers.exe 支持文件:igkrng400.bin 支持文件:igkrng500.bin 支持文件:igcompkrng500.bin 设备:Realtek High Definition Audio 支持文件:oem0.inf 支持文件:RtkHDAud.sys 支持文件:RTHDCPL.EXE 支持文件:MicCal.exe 支持文件:SkyTel.exe 支持文件:SOUNDMAN.EXE 支持文件:RTLCPL.EXE 支持文件:ALCWZRD.EXE 支持文件:ALCMTR.EXE 支持文件:ALSNDMGR.CPL 支持文件:RTSndMgr.CPL 支持文件:RtlCPAPI.dll 支持文件:RTCOMDLL.dll 支持文件:RtlUpd.exe 设备:Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC 支持文件:oem7.inf 支持文件:Rtenic.sys 支持文件:Rtenicxp.sys 支持文件:Rtenic64.sys 支持文件:RTNicProp32.dll 支持文件:RTNicProp64.dll 设备:Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 支持文件:hdaudbus.inf 支持文件:hdaudbus.sys ====================================================== 当前已安装软件列表: ACDSee 5.0 Adobe Flash Player ActiveX Fetion 2008 深度一键还原工具 5.1 Intel(R) Graphics Media Accelerator Driver Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 语言包 - 简体中文 Microsoft Document Explorer 2005 Microsoft Document Explorer 2005 语言包 - 简体中文 Microsoft SQL Server 2005 Microsoft Visual J# 2.0 Redistributable 语言包 - 简体中文 Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2005 Team Suite - 简体中文 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack MSDN Library for Visual Studio 2005 - 简体中文 谷歌金山词霸合作版 PPLive 1.9 瑞星杀毒软件 搜狗拼音输入法 4.0正式版 WinISO 5.3 WinRAR 压缩文件管理器 腾讯QQ2009 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) MyEclipse 6.5 MSXML 6.0 分析程序 Free Launch Bar Microsoft SQL Server 安装程序支持文件(英语) Microsoft Visual J# 2.0 Redistributable Language Pack - CHS Java(TM) 6 Update 6 Java(TM) SE Development Kit 6 Update 6 Microsoft SQL Server 2005 Integration Services WebFldrs XP Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Document Explorer 2005 Microsoft .NET Framework 2.0 Language Pack - CHS Macromedia Dreamweaver 8 Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack Microsoft .NET Compact Framework 2.0 Microsoft Visual J# 2.0 Redistributable Package Microsoft .NET Compact Framework 1.0 SP3 Developer Microsoft .NET Framework 2.0 Microsoft SQL Server 2005 Notification Services Microsoft SQL Server 2005 Microsoft SQL Server 2005 向后兼容 Microsoft SQL Server 2005 联机丛书(简体中文) Microsoft SQL Server VSS 编写器 Microsoft Silverlight Microsoft Office Professional Edition 2003 Microsoft Office 2003 Web Components MSDN Library for Visual Studio 2005 - Chinese Simplified Microsoft SQL Server Reporting Services Microsoft Visual Studio 2005 Premier Partner Edition - CHS Microsoft Device Emulator version 1.0 - CHS SQLXML4 MSXML 4.0 SP2 (KB936181) Microsoft SQL Server Native Client Microsoft SQL Server 2005 Mobile [CHS] Developer Tools Java DB 10.3.1.4 Microsoft Document Explorer 2005 Language Pack - CHS Microsoft SQL Server 2005 Analysis Services Microsoft Visual Studio 2005 Team Suite - CHS Realtek High Definition Audio Driver Macromedia Extension Manager Microsoft SQL Server 2005 Tools 大智慧v5.6 影音风暴 2008 Beta1 深度美化主题包 6.5 起凡游戏平台 1.0 ====================================================== Host文件: 127.0.0.1 localhost 127.0.0.1 858656.com 127.0.0.1 my123.com 127.0.0.1 8749.com 127.0.0.1 4199.com 127.0.0.1 7379.com 127.0.0.1 7255.com 127.0.0.1 3448.com 127.0.0.1 7939.com 127.0.0.1 8009.com 127.0.0.1 piaoxue.com 127.0.0.1 kzdh.com 127.0.0.1 about.blank.la 127.0.0.1 6781.com 127.0.0.1 7322.com 127.0.0.1 9991.com 127.0.0.1 c0mo.com 127.0.0.1 gxgxy.net 127.0.0.1 fg.pvs360.com 127.0.0.1 cw.pvs360.com 127.0.0.1 ta.pvs360.com 127.0.0.1 dl.pvs360.com 127.0.0.1 ok.sl8cjs.cn 127.0.0.1 union.daqi.com 127.0.0.1 121.15.247.22 127.0.0.1 61.155.140.4 127.0.0.1 444.gmwo07.com 127.0.0.1 333.gmwo07.com 127.0.0.1 222.gmwo07.com 127.0.0.1 111.gmwo07.com 127.0.0.1 www.zmjjjyy.cn 127.0.0.1 user9.78-10.net 127.0.0.1 haha.yaoyao09.com 127.0.0.1 www.noseqing.cn 127.0.0.1 219.129.239.251 127.0.0.1 61.164.118.208 127.0.0.1 nc.mskess.com 127.0.0.1 idc.windowsupdeta.cn 127.0.0.1 pvs360.com 127.0.0.1 sl8cjs.cn 127.0.0.1 my.531jx.cn 127.0.0.1 nx.51ylb.cn 127.0.0.1 llboss.com 127.0.0.1 windowsupdeta.cn 127.0.0.1 up.22x44.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 wg.47255.com 127.0.0.1 www.tomwg.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.22aaa.com 127.0.0.1 ilove.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 171817.171817.com 127.0.0.1 www.868wg.com 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopmmqq.com 127.0.0.1 cao.kv8.info 127.0.0.1 xtx.kv8.info 127.0.0.1 new.749571.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 1.jopenkk.com 127.0.0.1 d.93se.com 127.0.0.1 3.joppnqq.com 127.0.0.1 xxx.j41m.com 127.0.0.1 xxx.m111.biz 127.0.0.1 down.18dd.net 127.0.0.1 www.333292.com 127.0.0.1 1.jopenqc.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 qqq.dzydhx.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.exiao01.com 127.0.0.1 2.joppnqq.com 127.0.0.1 1.jopanqc.com 127.0.0.1 1.joppnqq.com 127.0.0.1 www.exiao01.com 127.0.0.1 xx.exiao01.com ====================================================== 系统体检全部完成 2009-03-13-19:09:15