狙剑(V2008)-系统体检记录 狙剑下载地址:http://www.ZhuLinFeng.com/ ====================================================== 操作系统:Windows 2000 版本号:5.0.2195.2 (Service Pack 4) ====================================================== SSDT-HOOK: 序号:10 函数:NtAdjustPrivilegesToken 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:16 函数:NtAllocateVirtualMemory 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:18 函数:NtAssignProcessToJobObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:35 函数:NtCreateKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:37 函数:NtCreateMutant 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:41 函数:NtCreateProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:43 函数:NtCreateSection 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:46 函数:NtCreateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:53 函数:NtDeleteKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:55 函数:NtDeleteValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:56 函数:NtDeviceIoControlFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:58 函数:NtDuplicateObject 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:72 函数:NtFsControlFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:85 函数:NtLoadDriver 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:89 函数:NtLockVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:103 函数:NtOpenKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:106 函数:NtOpenProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:108 函数:NtOpenSection 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:119 函数:NtProtectVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:125 函数:NtQueryDirectoryFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:151 函数:NtQuerySystemInformation 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:155 函数:NtQueryValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:158 函数:NtQueueApcThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:176 函数:NtRequestWaitReplyPort 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:180 函数:NtRestoreKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:186 函数:NtSetContextThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:206 函数:NtSetSecurityObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:208 函数:NtSetSystemInformation 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:210 函数:NtSetSystemTime 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:215 函数:NtSetValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:221 函数:NtSuspendThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:224 函数:NtTerminateProcess 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys HOOK类型:HOOK 序号:225 函数:NtTerminateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:231 函数:NtUnmapViewOfSection 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:240 函数:NtWriteVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK ====================================================== FSD-HOOK: 序号:0 IRP:IRP_MJ_CREATE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:2 IRP:IRP_MJ_CLOSE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:4 IRP:IRP_MJ_WRITE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:6 IRP:IRP_MJ_SET_INFORMATION HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:13 IRP:IRP_MJ_FILE_SYSTEM_CONTROL HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:18 IRP:IRP_MJ_CLEANUP HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:21 IRP:IRP_MJ_SET_SECURITY HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: ====================================================== 文件过滤系统驱动: 文件系统:\FileSystem\Ntfs 文件:C:\WINNT\system32\drivers\Ntfs.sys ====================================================== 内核Inline-HOOK: 跳转模块:未知模块 Inline-函数:KiReleaseSpinLock + 0xB82 ====================================================== API-HOOK: 无 ====================================================== 无微软签名进程: 进程:D:\broad\KDTX\newkj.exe 进程:C:\WINNT\system32\ctfmon.exe 进程:C:\Program Files\Java\jre1.5.0\bin\jusched.exe 进程:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 进程:F:\淮北上传\局\upload.exe 进程:F:\软件\狙剑V2008-0429\SnipeSword.exe 进程:C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 进程:C:\Program Files\ORL\VNC\WinVNC.exe 进程:D:\broad\KDTX\KDTX.exe 进程:C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe 进程:system ====================================================== 无微软签名模块 进程:D:\broad\KDTX\newkj.exe 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\WINNT\system32\MSCOMCTL.OCX 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\vb6chs.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\ctfmon.exe 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\WINNT\mui\fallback\0804\msutb.dll.mui 模块:C:\WINNT\system32\kmon.dll 模块:C:\WINNT\system32\MSUTB.dll 模块:C:\WINNT\system32\MSCTF.dll 进程:C:\Program Files\Java\jre1.5.0\bin\jusched.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL 模块:C:\WINNT\system32\kmon.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll 模块:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll 进程:C:\WINNT\system32\igfxpers.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\hkcmd.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\igfxsrvc.exe 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\igfxtray.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\Rising\Ris\rsnetsvr.exe 模块:C:\Program Files\Rising\Ris\ProcComm.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\NComm.dll 进程:C:\Program Files\Rising\Ris\RsTray.exe 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\Program Files\Rising\Ris\rfwlog.dll 模块:C:\Program Files\Rising\Ris\rsmginfo.dll 模块:C:\Program Files\Rising\Ris\rfwtray.dll 模块:C:\Program Files\Rising\Ris\ScanPrxy.dll 模块:C:\Program Files\Rising\Ris\RavITray.dll 模块:C:\Program Files\Rising\Ris\PngDll.dll 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\Program Files\Rising\Ris\MonTray.dll 模块:C:\Program Files\Rising\Ris\mruleui.dll 模块:C:\Program Files\Rising\Ris\ravbintl.dll 模块:C:\Program Files\Rising\Ris\rsnetsvr.dll 模块:C:\Program Files\Rising\Ris\rspalvd.dll 模块:C:\Program Files\Rising\Ris\rfwrule.dll 模块:C:\Program Files\Rising\Ris\CfgDll.dll 模块:C:\Program Files\Rising\Ris\RSAPPMGR.dll 模块:C:\Program Files\Rising\Ris\rsconf.dll 模块:C:\Program Files\Rising\Ris\rsguilib.dll 模块:C:\WINNT\system32\MFC71.DLL 模块:C:\Program Files\Rising\Ris\ScanEvnt.dll 模块:C:\Program Files\Rising\Ris\MonState.dll 模块:C:\Program Files\Rising\Ris\ProcComm.dll 模块:C:\Program Files\Rising\Ris\rsxml.dll 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\rslang.dll 模块:C:\Program Files\Rising\Ris\ComServ.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 进程:F:\淮北上传\局\upload.exe 模块:C:\WINNT\system32\midas.dll 模块:E:\dt\MULTIU~1.OCX 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\kmon.dll 进程:F:\软件\狙剑V2008-0429\SnipeSword.exe 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\dllhost.exe 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\Internet Explorer\iexplore.exe 模块:C:\WINNT\system32\msdmo.dll 模块:C:\Program Files\Rising\Ris\RavScrCh.dll 模块:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 模块:C:\WINNT\system32\msimtf.dll 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:e:\360\safemon\safemon.dll 模块:C:\Program Files\Rising\AntiSpyware\UrlRule.dll 模块:C:\WINNT\system32\UrlFilter.dll 模块:D:\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:D:\Thunder\Components\ResWorker\DsBho_00.dll 模块:C:\WINNT\system32\MSVCP60.dll 模块:d:\Thunder\ComDlls\xunleiBHO_Now.dll 模块:C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 模块:C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 模块:C:\WINNT\system32\MSVCP80.dll 模块:C:\WINNT\system32\MSVCR80.dll 模块:D:\Thunder\ComDlls\TDAtOnce_Now.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 模块:C:\WINNT\system32\ATL71.DLL 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\Explorer.EXE 模块:C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 模块:C:\WINNT\system32\MSVCR80.dll 模块:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 模块:C:\WINNT\system32\msimtf.dll 模块:D:\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:D:\Thunder\Components\ResWorker\DsBho_00.dll 模块:C:\WINNT\system32\MSVCP60.dll 模块:d:\Thunder\ComDlls\xunleiBHO_Now.dll 模块:D:\Thunder\ComDlls\TDAtOnce_Now.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 模块:C:\WINNT\system32\ATL71.DLL 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe 模块:C:\WINNT\system32\dbmslpcn.dll 模块:C:\WINNT\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b685a3847fc03d14af21e65c949fcbb1\System.EnterpriseServices.Wrapper.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b685a3847fc03d14af21e65c949fcbb1\System.EnterpriseServices.ni.dll 模块:C:\WINNT\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Transactions\b12ef3dd1ef9947f324598be12f4c2c1\System.Transactions.ni.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\kwebsite\5dd3f236\2ee14433\App_Web_qjupxsjo.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\7025c625976b150ea0868a9d425321b9\System.Web.RegularExpressions.ni.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Drawing\e1c9b81181dfcf8cf63b9964b557069b\System.Drawing.ni.dll 模块:C:\WINNT\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Data\b6bd08c2a4357be9407d9f7ef7d8cfd5\System.Data.ni.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\kwebsite\5dd3f236\2ee14433\App_Web_updthexx.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5e8b0a61e0a62c2051f83c0fbbf46d3c\System.Web.Mobile.ni.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7045a889e7a0b09dac5b67dfdd4d2a2d\Microsoft.VisualBasic.ni.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\kwebsite\5dd3f236\2ee14433\App_Code.ohqovfhx.dll 模块:C:\WINNT\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Xml\0d698b908551dd3343ccf3d07f16aec4\System.Xml.ni.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Configuration\d747db8b62a6fa7ef7246d14aa8d676e\System.Configuration.ni.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Web\48a819d133427713c2ef35ac2997de91\System.Web.ni.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\42004720a329c2d3aac17a05eef7ff27\System.ni.dll 模块:C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\3dbf60bd632bdffef39443240d5cff18\mscorlib.ni.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 模块:C:\WINNT\system32\mscoree.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINNT\system32\kmon.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\webengine.dll 模块:C:\WINNT\system32\MSVCR80.dll 进程:C:\WINNT\RTHDCPL.EXE 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 模块:C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll 模块:C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll 模块:C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll 模块:C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll 模块:C:\WINNT\system32\kmon.dll 模块:C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll 进程:C:\WINNT\system32\Dfssvc.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\Rising\Ris\ScanFrm.exe 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\ScanSrv.dll 模块:C:\Program Files\Rising\Ris\proccomm.dll 模块:C:\Program Files\Rising\Ris\scansrvp.dll 模块:C:\Program Files\Rising\Ris\moncomm.dll 模块:C:\Program Files\Rising\Ris\combase.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 进程:C:\WINNT\System32\WBEM\WinMgmt.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\regsvc.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\ORL\VNC\WinVNC.exe 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\kmon.dll 模块:C:\Program Files\ORL\VNC\omnithread_rt.dll 模块:C:\Program Files\ORL\VNC\VNCHooks.dll 进程:D:\broad\KDTX\KDTX.exe 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:C:\WINNT\system32\WINSKCHS.DLL 模块:C:\WINNT\system32\MSADODC.OCX 模块:C:\WINNT\system32\MSWINSCK.OCX 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\WINNT\system32\vb6chs.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\inetsrv\inetinfo.exe 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\webengine.dll 模块:C:\php4\extensions\php_mssql.dll 模块:C:\WINNT\system32\ntwdblib.dll 模块:C:\php4\extensions\php_iconv.dll 模块:C:\WINNT\system32\iconv.dll 模块:C:\php4\sapi\php4isapi.dll 模块:C:\WINNT\system32\php4ts.dll 模块:C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll 模块:C:\WINNT\system32\MSVCR80.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\System32\llssrv.exe 模块:C:\WINNT\System32\kmon.dll 进程:C:\WINNT\system32\svchost.exe 模块:C:\WINNT\system32\nap32.dll 进程:C:\Program Files\Rising\Ris\RavTask.exe 模块:C:\Program Files\Rising\Ris\rsstub.dll 模块:C:\Program Files\Rising\Ris\rstask.dll 模块:C:\Program Files\Rising\Ris\CfgDll.dll 模块:C:\Program Files\Rising\Ris\RSAPPMGR.dll 模块:C:\Program Files\Rising\Ris\rsconf.dll 模块:C:\Program Files\Rising\Ris\proccomm.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 进程:C:\WINNT\system32\svchost 模块:C:\WINNT\system32\nap32.dll 进程:C:\Program Files\Rising\Ris\RavMonD.exe 模块:C:\Program Files\Rising\Ris\scansct.dll 模块:C:\Program Files\Rising\Ris\revm.dll 模块:C:\Program Files\Rising\Ris\heurex.dll 模块:C:\Program Files\Rising\Ris\urllib.dll 模块:C:\Program Files\Rising\Ris\pecompd.dll 模块:C:\Program Files\Rising\Ris\methodex.dll 模块:C:\Program Files\Rising\Ris\urutils.dll 模块:C:\Program Files\Rising\Ris\ur000.dat 模块:C:\Program Files\Rising\Ris\extfile.dll 模块:C:\Program Files\Rising\Ris\scanpe.dll 模块:C:\Program Files\Rising\Ris\pearc.dll 模块:C:\Program Files\Rising\Ris\scanex.dll 模块:C:\Program Files\Rising\Ris\unexe.dll 模块:C:\Program Files\Rising\Ris\scanexec.dll 模块:C:\Program Files\Rising\Ris\nvfile.dll 模块:C:\Program Files\Rising\Ris\ffr.dll 模块:C:\Program Files\Rising\Ris\Scanner.dll 模块:C:\Program Files\Rising\Ris\ScanAdd.dll 模块:C:\Program Files\Rising\Ris\RSStore.dll 模块:C:\Program Files\Rising\Ris\BACore.dll 模块:C:\Program Files\Rising\Ris\HookCont.dll 模块:C:\Program Files\Rising\Ris\ProcCom.dll 模块:C:\Program Files\Rising\Ris\RsCommX2.dll 模块:C:\Program Files\Rising\Ris\Hooksys.dll 模块:C:\Program Files\Rising\Ris\CfgDll.dll 模块:C:\Program Files\Rising\Ris\RSAPPMGR.dll 模块:C:\Program Files\Rising\Ris\proccomm.dll 模块:C:\Program Files\Rising\Ris\rfwproxy.dll 模块:C:\Program Files\Rising\Ris\relibldr.dll 模块:C:\Program Files\Rising\Ris\viruslib.dll 模块:C:\Program Files\Rising\Ris\refs.dll 模块:C:\Program Files\Rising\Ris\recomp.dll 模块:C:\Program Files\Rising\Ris\comx3.dll 模块:C:\Program Files\Rising\Ris\urlrule.dll 模块:C:\Program Files\Rising\Ris\rsnetsvr.dll 模块:C:\Program Files\Rising\Ris\Rfwdrv.dll 模块:C:\Program Files\Rising\Ris\rfwdrvc.dll 模块:C:\Program Files\Rising\Ris\mPorts.dll 模块:C:\Program Files\Rising\Ris\rfwsrv.dll 模块:C:\Program Files\Rising\Ris\Syslay.dll 模块:C:\Program Files\Rising\Ris\rfwrule.dll 模块:C:\Program Files\Rising\Ris\rfwlog.dll 模块:C:\Program Files\Rising\Ris\HookWeb.dll 模块:C:\Program Files\Rising\Ris\MailMon.dll 模块:C:\Program Files\Rising\Ris\FileMon.dll 模块:C:\Program Files\Rising\Ris\MonRule.dll 模块:C:\Program Files\Rising\Ris\moncom08.dll 模块:C:\Program Files\Rising\Ris\defmon.dll 模块:C:\Program Files\Rising\Ris\mondrv.dll 模块:C:\Program Files\Rising\Ris\Rslog.dll 模块:C:\Program Files\Rising\Ris\MonBase.dll 模块:C:\Program Files\Rising\Ris\moncomm.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 模块:C:\Program Files\Rising\Ris\combase.dll 进程:C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLFTQRY.DLL 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\SSmsLPCn.dll 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNMPN70.dll 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNETLIB.dll 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlevn70.RLL 模块:C:\WINNT\system32\kmon.dll 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSORT.DLL 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\UMS.DLL 模块:C:\PROGRA~1\MICROS~3\MSSQL\binn\OPENDS60.DLL 进程:C:\Program Files\Rising\AntiSpyware\rstray.exe 模块:C:\Program Files\Rising\AntiSpyware\ProcCom.dll 模块:C:\Program Files\Rising\AntiSpyware\RsCommX2.dll 模块:C:\Program Files\Rising\AntiSpyware\runiep.dll 模块:C:\Program Files\Rising\AntiSpyware\NComm.dll 模块:C:\Program Files\Rising\AntiSpyware\pngdll.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\rscommon.dll 模块:C:\Program Files\Rising\AntiSpyware\ComServ.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\Program Files\Rising\AntiSpyware\RsXML.dll 模块:C:\Program Files\Rising\AntiSpyware\MSVCP71.dll 模块:C:\Program Files\Rising\AntiSpyware\MSVCR71.dll 模块:C:\Program Files\Rising\AntiSpyware\rsmginfo.dll 进程:C:\WINNT\system32\msdtc.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\system32\spoolsv.exe 模块:C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll 模块:C:\WINNT\system32\mdimon.dll 进程:C:\Program Files\Internet Explorer\iexplore.exe 模块:C:\WINNT\system32\Macromed\Flash\Flash10b.ocx 模块:C:\Program Files\Rising\Ris\RavScrCh.dll 模块:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 模块:C:\WINNT\system32\msimtf.dll 模块:C:\WINNT\mui\fallback\0804\msctf.dll.mui 模块:e:\360\safemon\safemon.dll 模块:C:\Program Files\Rising\AntiSpyware\UrlRule.dll 模块:C:\WINNT\system32\UrlFilter.dll 模块:D:\Thunder\Components\ResWorker\DataProcessor_00.dll 模块:D:\Thunder\Components\ResWorker\DsBho_00.dll 模块:C:\WINNT\system32\MSVCP60.dll 模块:d:\Thunder\ComDlls\xunleiBHO_Now.dll 模块:C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 模块:C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 模块:C:\WINNT\system32\MSVCP80.dll 模块:C:\WINNT\system32\MSVCR80.dll 模块:D:\Thunder\ComDlls\TDAtOnce_Now.dll 模块:C:\WINNT\system32\MSVCP71.dll 模块:C:\WINNT\system32\MSVCR71.dll 模块:C:\WINNT\system32\ATL71.DLL 模块:C:\WINNT\system32\MSCTF.dll 模块:C:\Program Files\Rising\AntiSpyware\comx3.dll 模块:C:\Program Files\Rising\AntiSpyware\Syslay.dll 模块:C:\WINNT\system32\kmon.dll 进程:C:\WINNT\System32\termsrv.exe 模块:C:\WINNT\System32\kmon.dll 进程:C:\WINNT\system32\lserver.exe 模块:C:\WINNT\system32\kmon.dll 进程:C:\Program Files\Rising\Ris\CCENTER.EXE 模块:C:\Program Files\Rising\Ris\cnt08.dll 模块:C:\Program Files\Rising\Ris\cnt09.dll 模块:C:\Program Files\Rising\Ris\combase.dll ====================================================== 无签名自启动项(包含了IE劫持、服务、SPI等): 名称: 注册键:◆ Task ↓ 注册值: 类别: 名称:At21.job 注册键:C:\WINNT\Tasks\ 注册值:C:\WINNT\Tasks\At21.job 类别:10 名称: 注册键:◆ Logon Run ↓ 注册值: 类别: 名称:ms08_067_patch 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册值:"C:\WINNT\system32\nap32.exe" /run 类别:2 名称:SunJavaUpdateSched 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册值:C:\Program Files\Java\jre1.5.0\bin\jusched.exe 类别:2 名称:ctfmon.exe 注册键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册值:ctfmon.exe 类别:2 名称: 注册键:◆ Logon Startup ↓ 注册值: 类别: 名称:Run WinVNC (App Mode).lnk 注册键:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ 注册值:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Run WinVNC (App Mode).lnk 类别:10 名称:upload.lnk 注册键:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ 注册值:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\upload.lnk 类别:10 名称:快捷方式 newkj.lnk 注册键:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ 注册值:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 newkj.lnk 类别:10 名称:服务管理器.lnk 注册键:C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ 注册值:C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk 类别:10 名称: 注册键:◆ Serivce And Drivers ↓ 注册值: 类别: 名称:Cdr4_2K 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\Cdr4_2K.sys 类别:21 名称:Cdralw2k 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\Cdralw2k.sys 类别:21 名称:Changer 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\Changer.sys 类别:21 名称:lbrtfdc 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\lbrtfdc.sys 类别:21 名称:LicenseInfo 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\LicenseInfo.sys 类别:21 名称:MSSEARCH 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" 类别:21 名称:MSSQLSERVER 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe 类别:21 名称:MSSQLServerADHelper 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 类别:21 名称:PCIDump 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\PCIDump.sys 类别:21 名称:PDCOMP 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\PDCOMP.sys 类别:21 名称:PDFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\PDFRAME.sys 类别:21 名称:PDRELI 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\PDRELI.sys 类别:21 名称:PDRFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\PDRFRAME.sys 类别:21 名称:SchedulingAgent 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\SchedulingAgent.sys 类别:21 名称:sglfb 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\sglfb.sys 类别:21 名称:SQLSERVERAGENT 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe 类别:21 名称:tga 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\tga.sys 类别:21 名称:WDICA 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\WDICA.sys 类别:21 名称:Winsock 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\System32\Drivers\Winsock.sys 类别:21 名称:ggqvymdqg 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\system32\odbnx.dll 类别:11 名称:WmdmPmSN 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\system32\mspmsnsv.dll 类别:11 名称:ztdyxb 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINNT\system32\odbnx.dll 类别:11 名称: 注册键:◆ WinLogon ↓ 注册值: 类别: 名称:SCRNSAVE.EXE 注册键:HKEY_CURRENT_USER\Control Panel\Desktop 注册值:(无) 类别:3 名称: 注册键:◆ AppInit ↓ 注册值: 类别: 名称: 注册键:◆ Internet Explorer ↓ 注册值: 类别: 名称:{5360B6FE-B366-4012-B499-E35EFFE4275A} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units 注册值:http://10.4.8.119:8877/ocx/RealLineProj1.inf 类别:6 名称:{7670648D-461B-42AF-BDFE-46D26AF5EFF2} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:D:\Thunder\Components\InMedia\MediaAddin.dll 类别:4 名称: 注册键:◆ Internet Explorer Extersions ↓ 注册值: 类别: 名称:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions 注册值:C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll 类别:15 名称:{92780B25-18CC-41C8-B9BE-3C9C571A8263} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions 注册值:C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll 类别:15 名称:{c95fe080-8f5d-11d2-a20b-00aa003c157a} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions 注册值:C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll 类别:15 名称: 注册键:◆ Internet Explorer ActiveX ↓ 注册值: 类别: 名称:{05589fa1-c356-11ce-bf01-00aa0055595a} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\wmpdxm.dll 类别:4 名称:{0DDF3B5C-E692-11D1-AB06-00AA00BDD685} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Visual Studio\VB98\Wizards\PDWizard\PDWIZARD.OCX 类别:4 名称:{18ab439e-fcf4-40d4-90da-f79baa3b0655} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:diactfrm.dll 类别:4 名称:{1B544C24-FD0B-11CE-8C63-00AA0044B520} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\qedit.dll 类别:4 名称:{1F7DD4F2-CAC3-11D0-A35B-00AA00BDCDFD} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddr.dll 类别:4 名称:{1F7DD4F3-CAC3-11D0-A35B-00AA00BDCDFD} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddr.dll 类别:4 名称:{22D6F312-B0F6-11D0-94AB-0080C74C7E95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\wmpdxm.dll 类别:4 名称:{250770f3-6af2-11cf-a915-008029e31fcd} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMARQ.OCX 类别:4 名称:{4CECCEB1-8359-11D0-A34E-00AA00BDCDFD} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddo.dll 类别:4 名称:{4CECCEB2-8359-11D0-A34E-00AA00BDCDFD} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddo.dll 类别:4 名称:{62ec9f22-5e30-11d2-97a1-00c04fb6dd9a} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6B7F1602-D44C-11d0-A7D9-AE3D17000000} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\designer\MSWCRUN.DLL 类别:4 名称:{6e2270fb-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6E227101-F799-11CF-9227-00AA00A1EB95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e227109-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e22710a-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e22710b-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e22710c-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e22710d-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e22710e-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{6e22710f-f799-11cf-9227-00aa00a1eb95} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{8422DAE3-9929-11CF-B8D3-004033373DA8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX 类别:4 名称:{8422DAE7-9929-11CF-B8D3-004033373DA8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX 类别:4 名称:{886E7BF0-C867-11CF-B1AE-00AA00A3F2C3} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Web Publish\FLUPL.OCX 类别:4 名称:{8B217746-717D-11CE-AB5B-D41203C10000} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\TLBINF32.DLL 类别:4 名称:{8B217752-717D-11CE-AB5B-D41203C10000} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\TLBINF32.DLL 类别:4 名称:{8B21775E-717D-11CE-AB5B-D41203C10000} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\TLBINF32.DLL 类别:4 名称:{B0406342-B0C5-11d0-89A9-00A0C9054129} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll 类别:4 名称:{B0406343-B0C5-11d0-89A9-00A0C9054129} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll 类别:4 名称:{b1d4ed44-ee64-11d0-97e6-00c04fc30b4a} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{cc7bfb42-f175-11d1-a392-00e0291f3959} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\qedit.dll 类别:4 名称:{cc7bfb43-f175-11d1-a392-00e0291f3959} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINNT\system32\qedit.dll 类别:4 名称:{d24d4450-1f01-11d1-8e63-006097d2df48} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll 类别:4 名称:{D24D4453-1F01-11d1-8E63-006097D2DF48} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll 类别:4 名称:{d675e22b-cae9-11d2-af7b-00c04f99179f} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll 类别:4 名称:{f5078f1b-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f1c-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f1d-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f1e-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f1f-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f20-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f21-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f22-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f26-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f28-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称:{f5078f29-c551-11d3-89b9-0000f81fe221} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:%SystemRoot%\system32\msxml2.dll 类别:4 名称: 注册键:◆ Internet Explorer BHO ↓ 注册值: 类别: 名称:{01443AEC-0FD1-40fd-9C87-E93D1494C233} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects 注册值:D:\Thunder\ComDlls\TDAtOnce_Now.dll 类别:4 名称: 注册键:◆ Explorer ↓ 注册值: 类别: 名称:ic32pp 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\WINNT\wc98pp.dll 类别:8 名称:ipp 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\WINNT\wc98pp.dll 类别:8 名称:application/octet-stream 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:mscoree.dll 类别:8 名称:application/x-complus 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:mscoree.dll 类别:8 名称:application/x-msdownload 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter 注册值:mscoree.dll 类别:8 名称:{89B4C1CD-B018-4511-B0A1-5476DBF70820} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components 注册值:C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install 类别:1 名称:{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components 注册值:%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl 类别:1 名称: 注册键:◆ Explorer ShellEx ↓ 注册值: 类别: 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称:{42071714-76d4-11d1-8b24-00a0c9068ff3} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:deskpan.dll 类别:7 名称:{B41DB860-8EE4-11D2-9906-E49FADC173CA} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\Program Files\WinRAR\rarext.dll 类别:7 名称:{e82a2d71-5b2f-43a0-97b8-81be15854de8} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\WINNT\system32\dfshim.dll 类别:7 名称:{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\WINNT\system32\dfshim.dll 类别:7 名称: 注册键:◆ LSA Providers ↓ 注册值: 类别: 名称:Notification Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:cecli 类别:3 名称:Notification Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:DCSVC 类别:3 名称:Notification Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:ASSFM 类别:3 名称:Security Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:channel 类别:3 名称:Security Packages 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 注册值:sv1_0 类别:3 名称: 注册键:◆ ImageFile Hijacks ↓ 注册值: 类别: 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称: 注册键:◆ Print Monitors ↓ 注册值: 类别: 名称:Microsoft Document Imaging Writer Monitor 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors 注册值:mdimon.dll 类别:1 名称: 注册键:◆ Session Manager ↓ 注册值: 类别: 名称: 注册键:◆ Other ↓ 注册值: 类别: ====================================================== 无签名内核模块: 模块基址:ADBE7000 模块:\??\f:\软件\狙剑v2008-0429\SnipeSword.sys 模块基址:AEE8E000 模块:\SystemRoot\System32\Drivers\dump_atapi.sys 模块基址:F6A2D000 模块:\SystemRoot\System32\Drivers\dump_WMILIB.SYS 模块基址:F6728000 模块:\SystemRoot\System32\Drivers\Cdralw2k.SYS 模块基址:F6470000 模块:\SystemRoot\System32\Drivers\Cdr4_2K.SYS ====================================================== 硬件设备及其支持文件列表: 设备:Intel(R) G33/G31 Express Chipset Family 支持文件:oem6.inf 支持文件:igxpmp32.sys 支持文件:igxpco32.dll 支持文件:igxprd32.dll 支持文件:igxpgd32.dll 支持文件:igxpdv32.dll 支持文件:igxpdx32.dll 支持文件:iglicd32.dll 支持文件:igldev32.dll 支持文件:ig4icd32.dll 支持文件:ig4dev32.dll 支持文件:igxpxk32.vp 支持文件:igxpxs32.vp 支持文件:igfxress.dll 支持文件:igfxrenu.lrc 支持文件:igfxrara.lrc 支持文件:igfxrchs.lrc 支持文件:igfxrcht.lrc 支持文件:igfxrdan.lrc 支持文件:igfxrdeu.lrc 支持文件:igfxresp.lrc 支持文件:igfxrfin.lrc 支持文件:igfxrfra.lrc 支持文件:igfxrheb.lrc 支持文件:igfxrita.lrc 支持文件:igfxrjpn.lrc 支持文件:igfxrkor.lrc 支持文件:igfxrnld.lrc 支持文件:igfxrnor.lrc 支持文件:igfxrplk.lrc 支持文件:igfxrptb.lrc 支持文件:igfxrptg.lrc 支持文件:igfxrrus.lrc 支持文件:igfxrsky.lrc 支持文件:igfxrslv.lrc 支持文件:igfxrsve.lrc 支持文件:igfxrtha.lrc 支持文件:igfxrcsy.lrc 支持文件:igfxrell.lrc 支持文件:igfxrhun.lrc 支持文件:igfxrtrk.lrc 支持文件:hccutils.dll 支持文件:igfxsrvc.dll 支持文件:igfxsrvc.exe 支持文件:igfxpph.dll 支持文件:igfxcpl.cpl 支持文件:igfxcfg.exe 支持文件:igfxdgps.dll 支持文件:igfxdev.dll 支持文件:igfxdo.dll 支持文件:igfxtray.exe 支持文件:igfxzoom.exe 支持文件:hkcmd.exe 支持文件:oemdspif.dll 支持文件:igfxext.exe 支持文件:igfxexps.dll 支持文件:igfxpers.exe 支持文件:igmedkrn.dll 设备:Realtek High Definition Audio 支持文件:oem7.inf 支持文件:RtkHDAud.sys 支持文件:RTHDCPL.EXE 支持文件:MicCal.exe 支持文件:SkyTel.exe 支持文件:SOUNDMAN.EXE 支持文件:RTLCPL.EXE 支持文件:ALCWZRD.EXE 支持文件:ALCMTR.EXE 支持文件:ALSNDMGR.CPL 支持文件:RTSndMgr.CPL 支持文件:RtlCPAPI.dll 支持文件:RTCOMDLL.dll 支持文件:RtlUpd.exe 设备:Intel(R) 82562V-2 10/100 Network Connection 支持文件:oem8.inf 支持文件:e1e5032.din 支持文件:e1e5032.sys 支持文件:e1e5132.din 支持文件:e1e5132.sys 支持文件:e1000msg.dll 支持文件:NicCo.dll 支持文件:NicInstE.dll 支持文件:NicEtCoE.dll 支持文件:prounstl.exe 设备:Microsoft UAA Bus Driver for High Definition Audio 支持文件:hdaudbus.inf 支持文件:hdaudbus.sys ====================================================== 当前已安装软件列表: 360安全卫士 Adobe Flash Player 10 ActiveX Intel(R) Graphics Media Accelerator Driver High Definition Audio Driver Package - KB888111 Windows 2000 修补程序 - KB890046 Windows 2000 修补程序 - KB893756 Windows Installer 3.1 (KB893803) Windows 2000 修补程序 - KB896358 Windows 2000 修补程序 - KB896423 Windows 2000 修补程序 - KB899587 Windows 2000 修补程序 - KB899591 Windows 2000 修补程序 - KB900725 Windows 2000 修补程序 - KB901017 Windows 2000 修补程序 - KB901214 Windows 2000 修补程序 - KB905414 Windows 2000 修补程序包 - KB905495 Windows 2000 修补程序 - KB905749 Windows 2000 修补程序 - KB908519 Windows 2000 修补程序 - KB908531 Windows 2000 修补程序 - KB911280 Windows Media Player (KB911564) 安全更新 Windows 2000 修补程序 - KB913580 Windows 2000 修补程序 - KB914388 Windows 2000 修补程序 - KB914389 Windows 2000 修补程序 - KB917008 Windows 2000 修补程序 - KB917537 Windows 2000 修补程序 - KB918118 Windows 2000 修补程序 - KB920213 Windows 2000 修补程序 - KB920670 Windows 2000 修补程序 - KB920683 Windows 2000 修补程序 - KB920685 Windows 2000 修补程序 - KB922582 Windows 2000 修补程序 - KB923191 Windows 2000 修补程序 - KB923561 Windows 2000 (KB923689) 安全更新 Windows 2000 修补程序 - KB923810 Windows 2000 修补程序 - KB923980 Windows 2000 修补程序 - KB924270 Windows 2000 修补程序 - KB924667 Windows 2000 修补程序 - KB925902 Windows 2000 修补程序 - KB926436 Windows 2000 修补程序 - KB927891 用于 Microsoft .NET Framework 2.0 的 Security Update (KB928365) Windows 2000 修补程序 - KB928843 Windows 2000 修补程序 - KB931784 Windows 2000 修补程序 - KB935839 Windows 2000 修补程序 - KB935840 Windows Media Player 9 (KB936782) 安全更新 Windows 2000 修补程序 - KB937894 Windows 2000 修补程序包 - KB938464 Windows 2000 修补程序 - KB938827 Windows 2000 (KB941569) 安全更新 Windows 2000 修补程序 - KB941644 Windows 2000 修补程序 - KB942831 Windows 2000 修补程序 - KB943055 Windows 2000 修补程序 - KB943485 Windows 2000 修补程序 - KB944338 Windows 2000 修补程序 - KB945553 Windows 2000 修补程序包 - KB948881 Windows 2000 修补程序 - KB950749 Windows 2000 修补程序 - KB950760 Windows 2000 修补程序 - KB950974 Windows 2000 修补程序包 - KB951066 Windows 2000 修补程序 - KB951071 安全更新 for DirectX 9 (KB951698) Windows 2000 修补程序 - KB952004 Windows Media Player (KB952069) 安全更新 Windows 2000 修补程序 - KB952954 Windows 2000 修补程序 - KB953155 Windows 2000 修补程序 - KB953839 Windows 2000 修补程序 - KB954211 Windows Media Player 6.4 (KB954600) 安全更新 Windows 2000 修补程序 - KB955069 Windows 2000 修补程序 - KB956391 Windows 2000 修补程序 - KB956802 Windows 2000 修补程序 - KB957097 Windows 2000 修补程序 - KB958644 Windows 2000 修补程序 - KB958687 Windows 2000 修补程序 - KB958752 Windows 2000 修补程序 - KB959426 Windows 2000 修补程序 - KB960225 Windows 2000 修补程序 - KB960715 Windows 2000 修补程序 - KB960803 Windows 2000 修补程序 - KB961371 Windows 2000 修补程序 - KB961501 Windows 2000 修补程序 - KB967715 Windows 2000 修补程序 - KB968537 Windows 2000 修补程序包 - KB969897 Windows 2000 修补程序 - KB969898 Windows 2000 修补程序 - KB970238 Windows 2000 修补程序 - KB970483 DirectX 9.0 (KB971633) 安全更新 Windows 2000 修补程序 - KB973346 Microsoft .NET Framework 2.0 Microsoft SQL Server 2000 Windows Media Player Hotfix [请参阅 Q828026 以获得更多信息] 瑞星全功能安全软件 卡卡上网安全助手 瑞星MS08-067内存补丁程序 搜狗拼音输入法 4.2正式版 TeeChart for .NET v3 EVALUATION 迅雷5 Windows 2000 SP4 更新汇总 1 Microsoft Visual Basic 6.0 中文企业版 (简体中文) Microsoft Web 发布向导 1.53 WinRAR 压缩文件管理器 WinVNC 3.3.3 Windows Media Player 系统更新(9 系列) J2SE Runtime Environment 5.0 J2SE Development Kit 5.0 Dell Resource CD WebFldrs Microsoft .NET Framework 2.0 Intel(R) PRO Network Connections 12.1.12.0 Microsoft Office Standard Edition 2003 KWebSite Adobe Reader 9.1 - Chinese Simplified curve Realtek High Definition Audio Driver 矮人DOS工具箱 ====================================================== Host文件: 127.0.0.1 localhost ====================================================== 系统体检全部完成 2009-07-24-08:21:05