狙剑(V2008)-系统体检记录 狙剑下载地址:http://www.ZhuLinFeng.com/ ====================================================== 操作系统:Windows 2003 版本号:5.2.3790.2 (Service Pack 1) ====================================================== SSDT-HOOK: 序号:0 函数:NtAcceptConnectPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:1 函数:NtAccessCheck 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:2 函数:NtAccessCheckAndAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:3 函数:NtAccessCheckByType 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:4 函数:NtAccessCheckByTypeAndAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:5 函数:NtAccessCheckByTypeResultList 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:6 函数:NtAccessCheckByTypeResultListAndAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:7 函数:NtAccessCheckByTypeResultListAndAuditAlarmByHandle 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:8 函数:NtAddAtom 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:9 函数:NtAddBootEntry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:10 函数:NtAddDriverEntry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:11 函数:NtAdjustGroupsToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:12 函数:NtAdjustPrivilegesToken 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:13 函数:NtAlertResumeThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:14 函数:NtAlertThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:15 函数:NtAllocateLocallyUniqueId 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:16 函数:NtAllocateUserPhysicalPages 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:17 函数:NtAllocateUuids 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:18 函数:NtAllocateVirtualMemory 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:19 函数:NtApphelpCacheControl 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:20 函数:NtAreMappedFilesTheSame 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:21 函数:NtAssignProcessToJobObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:22 函数:NtCallbackReturn 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:23 函数:NtCancelDeviceWakeupRequest 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:24 函数:NtCancelIoFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:25 函数:NtCancelTimer 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:26 函数:NtClearEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:27 函数:NtClose 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:28 函数:NtCloseObjectAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:29 函数:NtCompactKeys 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:30 函数:NtCompareTokens 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:31 函数:NtCompleteConnectPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:32 函数:NtCompressKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:33 函数:NtConnectPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:34 函数:NtContinue 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:35 函数:NtCreateDebugObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:36 函数:NtCreateDirectoryObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:37 函数:NtCreateEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:38 函数:NtCreateEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:39 函数:NtCreateFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:40 函数:NtCreateIoCompletion 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:41 函数:NtCreateJobObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:42 函数:NtCreateJobSet 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:43 函数:NtCreateKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:44 函数:NtCreateMailslotFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:45 函数:NtCreateMutant 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:46 函数:NtCreateNamedPipeFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:47 函数:NtCreatePagingFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:48 函数:NtCreatePort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:49 函数:NtCreateProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:50 函数:NtCreateProcessEx 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:51 函数:NtCreateProfile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:52 函数:NtCreateSection 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:53 函数:NtCreateSemaphore 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:54 函数:NtCreateSymbolicLinkObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:55 函数:NtCreateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:56 函数:NtCreateTimer 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:57 函数:NtCreateToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:58 函数:NtCreateWaitablePort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:59 函数:NtDebugActiveProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:60 函数:NtDebugContinue 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:61 函数:NtDelayExecution 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:62 函数:NtDeleteAtom 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:63 函数:NtDeleteBootEntry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:64 函数:NtDeleteDriverEntry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:65 函数:NtDeleteFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:66 函数:NtDeleteKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:67 函数:NtDeleteObjectAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:68 函数:NtDeleteValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:69 函数:NtDeviceIoControlFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:70 函数:NtDisplayString 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:71 函数:NtDuplicateObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:72 函数:NtDuplicateToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:73 函数:NtEnumerateBootEntries 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:74 函数:NtEnumerateDriverEntries 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:75 函数:NtEnumerateKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:76 函数:NtEnumerateSystemEnvironmentValuesEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:77 函数:NtEnumerateValueKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:78 函数:NtExtendSection 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:79 函数:NtFilterToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:80 函数:NtFindAtom 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:81 函数:NtFlushBuffersFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:82 函数:NtFlushInstructionCache 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:83 函数:NtFlushKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:84 函数:NtFlushVirtualMemory 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:85 函数:NtFlushWriteBuffer 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:86 函数:NtFreeUserPhysicalPages 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:87 函数:NtFreeVirtualMemory 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:88 函数:NtFsControlFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:89 函数:NtGetContextThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:90 函数:NtGetDevicePowerState 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:91 函数:NtGetPlugPlayEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:92 函数:NtGetWriteWatch 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:93 函数:NtImpersonateAnonymousToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:94 函数:NtImpersonateClientOfPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:95 函数:NtImpersonateThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:96 函数:NtInitializeRegistry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:97 函数:NtInitiatePowerAction 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:98 函数:NtIsProcessInJob 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:99 函数:NtIsSystemResumeAutomatic 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:100 函数:NtListenPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:101 函数:NtLoadDriver 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:102 函数:NtLoadKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:103 函数:NtLoadKey2 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:104 函数:NtLoadKeyEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:105 函数:NtLockFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:106 函数:NtLockProductActivationKeys 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:107 函数:NtLockRegistryKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:108 函数:NtLockVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:109 函数:NtMakePermanentObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:110 函数:NtMakeTemporaryObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:111 函数:NtMapUserPhysicalPages 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:112 函数:NtMapUserPhysicalPagesScatter 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:113 函数:NtMapViewOfSection 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:114 函数:NtModifyBootEntry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:115 函数:NtModifyDriverEntry 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:116 函数:NtNotifyChangeDirectoryFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:117 函数:NtNotifyChangeKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:118 函数:NtNotifyChangeMultipleKeys 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:119 函数:NtOpenDirectoryObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:120 函数:NtOpenEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:121 函数:NtOpenEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:122 函数:NtOpenFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:123 函数:NtOpenIoCompletion 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:124 函数:NtOpenJobObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:125 函数:NtOpenKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:126 函数:NtOpenMutant 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:127 函数:NtOpenObjectAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:128 函数:NtOpenProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:129 函数:NtOpenProcessToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:130 函数:NtOpenProcessTokenEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:131 函数:NtOpenSection 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:132 函数:NtOpenSemaphore 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:133 函数:NtOpenSymbolicLinkObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:134 函数:NtOpenThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:135 函数:NtOpenThreadToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:136 函数:NtOpenThreadTokenEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:137 函数:NtOpenTimer 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:138 函数:NtPlugPlayControl 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:139 函数:NtPowerInformation 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:140 函数:NtPrivilegeCheck 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:141 函数:NtPrivilegeObjectAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:142 函数:NtPrivilegedServiceAuditAlarm 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:143 函数:NtProtectVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:144 函数:NtPulseEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:145 函数:NtQueryAttributesFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:146 函数:NtQueryBootEntryOrder 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:147 函数:NtQueryBootOptions 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:148 函数:NtQueryDebugFilterState 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:149 函数:NtQueryDefaultLocale 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:150 函数:NtQueryDefaultUILanguage 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:151 函数:NtQueryDirectoryFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:152 函数:NtQueryDirectoryObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:153 函数:NtQueryDriverEntryOrder 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:154 函数:NtQueryEaFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:155 函数:NtQueryEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:156 函数:NtQueryFullAttributesFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:157 函数:NtQueryInformationAtom 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:158 函数:NtQueryInformationFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:159 函数:NtQueryInformationJobObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:160 函数:NtQueryInformationPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:161 函数:NtQueryInformationProcess 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:162 函数:NtQueryInformationThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:163 函数:NtQueryInformationToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:164 函数:NtQueryInstallUILanguage 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:165 函数:NtQueryIntervalProfile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:166 函数:NtQueryIoCompletion 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:167 函数:NtQueryKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:168 函数:NtQueryMultipleValueKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:169 函数:NtQueryMutant 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:170 函数:NtQueryObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:171 函数:NtQueryOpenSubKeys 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:172 函数:NtQueryOpenSubKeysEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:173 函数:NtQueryPerformanceCounter 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:174 函数:NtQueryQuotaInformationFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:175 函数:NtQuerySection 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:176 函数:NtQuerySecurityObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:177 函数:NtQuerySemaphore 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:178 函数:NtQuerySymbolicLinkObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:179 函数:NtQuerySystemEnvironmentValue 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:180 函数:NtQuerySystemEnvironmentValueEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:181 函数:NtQuerySystemInformation 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:182 函数:NtQuerySystemTime 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:183 函数:NtQueryTimer 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:184 函数:NtQueryTimerResolution 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:185 函数:NtQueryValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:186 函数:NtQueryVirtualMemory 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:187 函数:NtQueryVolumeInformationFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:188 函数:NtQueueApcThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:189 函数:NtRaiseException 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:190 函数:NtRaiseHardError 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:191 函数:NtReadFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:192 函数:NtReadFileScatter 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:193 函数:NtReadRequestData 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:194 函数:NtReadVirtualMemory 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:195 函数:NtRegisterThreadTerminatePort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:196 函数:NtReleaseMutant 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:197 函数:NtReleaseSemaphore 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:198 函数:NtRemoveIoCompletion 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:199 函数:NtRemoveProcessDebug 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:200 函数:NtRenameKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:201 函数:NtReplaceKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:202 函数:NtReplyPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:203 函数:NtReplyWaitReceivePort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:204 函数:NtReplyWaitReceivePortEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:205 函数:NtReplyWaitReplyPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:206 函数:NtRequestDeviceWakeup 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:207 函数:NtRequestPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:208 函数:NtRequestWaitReplyPort 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:209 函数:NtRequestWakeupLatency 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:210 函数:NtResetEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:211 函数:NtResetWriteWatch 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:212 函数:NtRestoreKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:213 函数:NtResumeProcess 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:214 函数:NtResumeThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:215 函数:NtSaveKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:216 函数:NtSaveKeyEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:217 函数:NtSaveMergedKeys 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:218 函数:NtSecureConnectPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:219 函数:NtSetBootEntryOrder 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:220 函数:NtSetBootOptions 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:221 函数:NtSetContextThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:222 函数:NtSetDebugFilterState 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:223 函数:NtSetDefaultHardErrorPort 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:224 函数:NtSetDefaultLocale 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:225 函数:NtSetDefaultUILanguage 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:226 函数:NtSetDriverEntryOrder 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:227 函数:NtSetEaFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:228 函数:NtSetEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:229 函数:NtSetEventBoostPriority 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:230 函数:NtSetHighEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:231 函数:NtSetHighWaitLowEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:232 函数:NtSetInformationDebugObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:233 函数:NtSetInformationFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:234 函数:NtSetInformationJobObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:235 函数:NtSetInformationKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:236 函数:NtSetInformationObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:237 函数:NtSetInformationProcess 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:238 函数:NtSetInformationThread 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:239 函数:NtSetInformationToken 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:240 函数:NtSetIntervalProfile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:241 函数:NtSetIoCompletion 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:242 函数:NtSetLdtEntries 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:243 函数:NtSetLowEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:244 函数:NtSetLowWaitHighEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:245 函数:NtSetQuotaInformationFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:246 函数:NtSetSecurityObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:247 函数:NtSetSystemEnvironmentValue 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:248 函数:NtSetSystemEnvironmentValueEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:249 函数:NtSetSystemInformation 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:250 函数:NtSetSystemPowerState 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:251 函数:NtSetSystemTime 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:252 函数:NtSetThreadExecutionState 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:253 函数:NtSetTimer 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:254 函数:NtSetTimerResolution 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:255 函数:NtSetUuidSeed 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:256 函数:NtSetValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:257 函数:NtSetVolumeInformationFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:258 函数:NtShutdownSystem 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:259 函数:NtSignalAndWaitForSingleObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:260 函数:NtStartProfile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:261 函数:NtStopProfile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:262 函数:NtSuspendProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:263 函数:NtSuspendThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:264 函数:NtSystemDebugControl 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:265 函数:NtTerminateJobObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:266 函数:NtTerminateProcess 模块:\??\c:\documents and settings\administrator.domain\桌面\狙剑\SnipeSword.sys HOOK类型:HOOK 序号:267 函数:NtTerminateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:268 函数:NtTestAlert 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:269 函数:NtTraceEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:270 函数:NtTranslateFilePath 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:271 函数:NtUnloadDriver 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:272 函数:NtUnloadKey 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:273 函数:NtUnloadKey2 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:274 函数:NtUnloadKeyEx 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:275 函数:NtUnlockFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:276 函数:NtUnlockVirtualMemory 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:277 函数:NtUnmapViewOfSection 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:278 函数:NtVdmControl 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:279 函数:NtWaitForDebugEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:280 函数:NtWaitForMultipleObjects 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:281 函数:NtWaitForSingleObject 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:282 函数:NtWaitHighEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:283 函数:NtWaitLowEventPair 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:284 函数:NtWriteFile 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:285 函数:NtWriteFileGather 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:286 函数:NtWriteRequestData 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:287 函数:NtWriteVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:288 函数:NtYieldExecution 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:289 函数:NtCreateKeyedEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:290 函数:NtOpenKeyedEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:291 函数:NtReleaseKeyedEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:292 函数:NtWaitForKeyedEvent 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:293 函数:NtQueryPortInformationProcess 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:294 函数:NtGetCurrentProcessorNumber 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK 序号:295 函数:NtWaitForMultipleObjects32 模块:\WINDOWS\system32\ntkrnlpa.exe HOOK类型:HOOK ====================================================== FSD-HOOK: 序号:0 IRP:IRP_MJ_CREATE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:2 IRP:IRP_MJ_CLOSE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:4 IRP:IRP_MJ_WRITE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:6 IRP:IRP_MJ_SET_INFORMATION HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:13 IRP:IRP_MJ_FILE_SYSTEM_CONTROL HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:18 IRP:IRP_MJ_CLEANUP HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:21 IRP:IRP_MJ_SET_SECURITY HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: ====================================================== 文件过滤系统驱动: 文件系统:\FileSystem\FltMgr 文件:system32\DRIVERS\fltMgr.sys 文件系统:\FileSystem\Ntfs 文件:C:\WINDOWS\system32\drivers\Ntfs.sys ====================================================== 内核Inline-HOOK: 无 ====================================================== API-HOOK: 无 ====================================================== 无微软签名进程: 进程:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 进程:C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe 进程:C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 进程:C:\Documents and Settings\Administrator.DOMAIN\桌面\狙剑\SnipeSword.exe 进程:C:\WINDOWS\system32\NetDogSrv.exe 进程:C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe 进程:system ====================================================== 无微软签名模块 进程:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 模块:C:\Program Files\360\360Safe\safemon\safemon.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL 模块:C:\WINDOWS\system32\kmon.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll 进程:C:\WINDOWS\system32\ctfmon.exe 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\Program Files\360\360Safe\safemon\360tray.exe 模块:C:\Program Files\360\360Safe\live.dll 模块:C:\Program Files\360\360Safe\safemon\360webpro.dll 模块:C:\Program Files\360\360Safe\AntiAdwa.dll 模块:C:\Program Files\360\360Safe\safemon\SafeKrnl.dll 模块:C:\Program Files\360\360Safe\safemon\urlproc.dll 模块:C:\Program Files\360\360Safe\safemon\safemon.dll 模块:C:\Program Files\360\360Safe\safemon\360compro.dll 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\Program Files\Rising\Ris\RsTray.exe 模块:C:\Program Files\Rising\Ris\rfwlog.dll 模块:C:\Program Files\Rising\Ris\rsmginfo.dll 模块:C:\Program Files\Rising\Ris\rfwtray.dll 模块:C:\Program Files\Rising\Ris\ScanPrxy.dll 模块:C:\Program Files\Rising\Ris\RavITray.dll 模块:C:\Program Files\Rising\Ris\PngDll.dll 模块:C:\Program Files\Rising\Ris\MonTray.dll 模块:C:\Program Files\Rising\Ris\mruleui.dll 模块:C:\Program Files\Rising\Ris\ravbintl.dll 模块:C:\Program Files\Rising\Ris\rsnetsvr.dll 模块:C:\Program Files\Rising\Ris\rspalvd.dll 模块:C:\Program Files\Rising\Ris\rfwrule.dll 模块:C:\Program Files\Rising\Ris\CfgDll.dll 模块:C:\Program Files\Rising\Ris\RSAPPMGR.dll 模块:C:\Program Files\Rising\Ris\rsconf.dll 模块:C:\Program Files\Rising\Ris\rsguilib.dll 模块:C:\WINDOWS\system32\MFC71.DLL 模块:C:\Program Files\Rising\Ris\ScanEvnt.dll 模块:C:\Program Files\Rising\Ris\MonState.dll 模块:C:\Program Files\Rising\Ris\ProcComm.dll 模块:C:\Program Files\Rising\Ris\rsxml.dll 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\rslang.dll 模块:C:\Program Files\Rising\Ris\ComServ.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 进程:C:\Program Files\Rising\AntiSpyware\rstray.exe 模块:C:\Program Files\Rising\AntiSpyware\ProcCom.dll 模块:C:\Program Files\Rising\AntiSpyware\RsCommX2.dll 模块:C:\Program Files\Rising\AntiSpyware\runiep.dll 模块:C:\Program Files\Rising\AntiSpyware\NComm.dll 模块:C:\Program Files\Rising\AntiSpyware\pngdll.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\rscommon.dll 模块:C:\Program Files\Rising\AntiSpyware\ComServ.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\Program Files\Rising\AntiSpyware\RsXML.dll 模块:C:\Program Files\Rising\AntiSpyware\MSVCP71.dll 模块:C:\Program Files\Rising\AntiSpyware\rsmginfo.dll 进程:C:\WINDOWS\Explorer.EXE 模块:C:\WINDOWS\system32\RavExt.dll 模块:C:\Program Files\360\360Safe\safemon\safemon.dll 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\WINDOWS\system32\wbem\wmiprvse.exe 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\Program Files\Rising\Ris\RavMonD.exe 模块:C:\Program Files\Rising\Ris\revm.dll 模块:C:\Program Files\Rising\Ris\urutils.dll 模块:C:\Program Files\Rising\Ris\ur000.dat 模块:C:\Program Files\Rising\Ris\scanpe.dll 模块:C:\Program Files\Rising\Ris\pearc.dll 模块:C:\Program Files\Rising\Ris\scansct.dll 模块:C:\Program Files\Rising\Ris\scanex.dll 模块:C:\Program Files\Rising\Ris\unexe.dll 模块:C:\Program Files\Rising\Ris\scanexec.dll 模块:C:\Program Files\Rising\Ris\nvfile.dll 模块:C:\Program Files\Rising\Ris\ffr.dll 模块:C:\Program Files\Rising\Ris\extfile.dll 模块:C:\Program Files\Rising\Ris\Scanner.dll 模块:C:\Program Files\Rising\Ris\ScanAdd.dll 模块:C:\Program Files\Rising\Ris\RSStore.dll 模块:C:\Program Files\Rising\Ris\BACore.dll 模块:C:\Program Files\Rising\Ris\HookCont.dll 模块:C:\Program Files\Rising\Ris\ProcCom.dll 模块:C:\Program Files\Rising\Ris\RsCommX2.dll 模块:C:\Program Files\Rising\Ris\Hooksys.dll 模块:C:\Program Files\Rising\Ris\CfgDll.dll 模块:C:\Program Files\Rising\Ris\RSAPPMGR.dll 模块:C:\Program Files\Rising\Ris\proccomm.dll 模块:C:\Program Files\Rising\Ris\rfwproxy.dll 模块:C:\Program Files\Rising\Ris\relibldr.dll 模块:C:\Program Files\Rising\Ris\viruslib.dll 模块:C:\Program Files\Rising\Ris\refs.dll 模块:C:\Program Files\Rising\Ris\recomp.dll 模块:C:\Program Files\Rising\Ris\urlrule.dll 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\rsnetsvr.dll 模块:C:\Program Files\Rising\Ris\Rfwdrv.dll 模块:C:\Program Files\Rising\Ris\rfwdrvc.dll 模块:C:\Program Files\Rising\Ris\mPorts.dll 模块:C:\Program Files\Rising\Ris\rfwsrv.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\rfwrule.dll 模块:C:\Program Files\Rising\Ris\rfwlog.dll 模块:C:\Program Files\Rising\Ris\HookWeb.dll 模块:C:\Program Files\Rising\Ris\MailMon.dll 模块:C:\Program Files\Rising\Ris\FileMon.dll 模块:C:\Program Files\Rising\Ris\MonRule.dll 模块:C:\Program Files\Rising\Ris\moncom08.dll 模块:C:\Program Files\Rising\Ris\defmon.dll 模块:C:\Program Files\Rising\Ris\mondrv.dll 模块:C:\Program Files\Rising\Ris\Rslog.dll 模块:C:\Program Files\Rising\Ris\MonBase.dll 模块:C:\Program Files\Rising\Ris\moncomm.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\kmon.dll 模块:C:\Program Files\Rising\Ris\combase.dll 进程:C:\WINDOWS\system32\msdtc.exe 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\Program Files\Rising\Ris\rsnetsvr.exe 模块:C:\Program Files\Rising\Ris\ProcComm.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\NComm.dll 进程:C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe 模块:C:\WINDOWS\system32\DBmsLPCn.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL 模块:C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\ATXCORE.RLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\ATXCORE.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLAGENT.DLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\sqlagent.RLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\SEMMAP.RLL 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\SQLSVC.RLL 模块:C:\WINDOWS\system32\kmon.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\SEMMAP.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLSVC.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\W95SCM.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLRESLD.dll 进程:C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 模块:C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll 模块:C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll 模块:C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll 模块:C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll 模块:C:\WINDOWS\system32\kmon.dll 模块:C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll 进程:C:\Program Files\Rising\Ris\CCENTER.EXE 模块:C:\Program Files\Rising\Ris\cnt08.dll 模块:C:\Program Files\Rising\Ris\cnt09.dll 模块:C:\WINDOWS\system32\kmon.dll 模块:C:\Program Files\Rising\Ris\combase.dll 进程:C:\Program Files\Rising\Ris\RavTask.exe 模块:C:\Program Files\Rising\Ris\rstask.dll 模块:C:\Program Files\Rising\Ris\rsstub.dll 模块:C:\Program Files\Rising\Ris\proccomm.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\Program Files\Rising\Ris\CfgDll.dll 模块:C:\Program Files\Rising\Ris\RSAPPMGR.dll 模块:C:\Program Files\Rising\Ris\rsconf.dll 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\Documents and Settings\Administrator.DOMAIN\桌面\狙剑\SnipeSword.exe 模块:C:\Program Files\360\360Safe\safemon\safemon.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\WINDOWS\system32\NetDogSrv.exe 模块:C:\WINDOWS\system32\RCTimeDog.dll 模块:C:\WINDOWS\system32\RCMicroDog.dll 模块:C:\WINDOWS\system32\UNHLOCALDOG.DLL 模块:C:\WINDOWS\system32\kmon.dll 进程:C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\xpsqlbot.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\SSnmPN70.dll 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll 模块:C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL 模块:C:\WINDOWS\system32\kmon.dll 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\ums.dll 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlsort.dll 模块:C:\PROGRA~1\MICROS~1\MSSQL\binn\opends60.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 进程:C:\Program Files\Rising\Ris\ScanFrm.exe 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\ScanSrv.dll 模块:C:\Program Files\Rising\Ris\proccomm.dll 模块:C:\Program Files\Rising\Ris\scansrvp.dll 模块:C:\Program Files\Rising\Ris\moncomm.dll 模块:C:\Program Files\Rising\Ris\combase.dll 模块:C:\WINDOWS\system32\MSVCP71.dll