狙剑(V2008)-系统体检记录 狙剑下载地址:http://www.ZhuLinFeng.com/ ====================================================== 操作系统:Windows XP 版本号:5.1.2600.2 (Service Pack 3) ====================================================== SSDT-HOOK: 序号:11 函数:NtAdjustPrivilegesToken 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:17 函数:NtAllocateVirtualMemory 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:19 函数:NtAssignProcessToJobObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:31 函数:NtConnectPort 模块:\??\C:\Program Files\Rising\Rfw\rfwtdi.sys HOOK类型:HOOK 序号:41 函数:NtCreateKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:43 函数:NtCreateMutant 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:47 函数:NtCreateProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:48 函数:NtCreateProcessEx 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:50 函数:NtCreateSection 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:52 函数:NtCreateSymbolicLinkObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:53 函数:NtCreateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:57 函数:NtDebugActiveProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:63 函数:NtDeleteKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:65 函数:NtDeleteValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:66 函数:NtDeviceIoControlFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:68 函数:NtDuplicateObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:71 函数:NtEnumerateKey 模块:sptd.sys HOOK类型:HOOK 序号:73 函数:NtEnumerateValueKey 模块:sptd.sys HOOK类型:HOOK 序号:97 函数:NtLoadDriver 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:103 函数:NtLockVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:119 函数:NtOpenKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:122 函数:NtOpenProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:125 函数:NtOpenSection 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:137 函数:NtProtectVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:145 函数:NtQueryDirectoryFile 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:160 函数:NtQueryKey 模块:sptd.sys HOOK类型:HOOK 序号:173 函数:NtQuerySystemInformation 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:177 函数:NtQueryValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:180 函数:NtQueueApcThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:192 函数:NtRenameKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:200 函数:NtRequestWaitReplyPort 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:204 函数:NtRestoreKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:213 函数:NtSetContextThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:228 函数:NtSetInformationProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:237 函数:NtSetSecurityObject 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:240 函数:NtSetSystemInformation 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:242 函数:NtSetSystemTime 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:247 函数:NtSetValueKey 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:253 函数:NtSuspendProcess 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:254 函数:NtSuspendThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:255 函数:NtSystemDebugControl 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:257 函数:NtTerminateProcess 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys HOOK类型:HOOK 序号:258 函数:NtTerminateThread 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:267 函数:NtUnmapViewOfSection 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK 序号:277 函数:NtWriteVirtualMemory 模块:\SystemRoot\system32\drivers\HOOKHELP.sys HOOK类型:HOOK ====================================================== FSD-HOOK: 序号:0 IRP:IRP_MJ_CREATE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:2 IRP:IRP_MJ_CLOSE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:4 IRP:IRP_MJ_WRITE HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:6 IRP:IRP_MJ_SET_INFORMATION HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:13 IRP:IRP_MJ_FILE_SYSTEM_CONTROL HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:18 IRP:IRP_MJ_CLEANUP HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: 序号:21 IRP:IRP_MJ_SET_SECURITY HOOK模块:\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOK模块: ====================================================== 文件过滤系统驱动: 文件系统:\FileSystem\sr 文件:system32\DRIVERS\sr.sys 文件系统:\FileSystem\Ntfs 文件:C:\WINDOWS\system32\drivers\Ntfs.sys ====================================================== 内核Inline-HOOK: 无 ====================================================== API-HOOK: 无 ====================================================== 无微软签名进程: 进程:C:\WINDOWS\system32\hkcmd.exe 进程:C:\WINDOWS\system32\igfxtray.exe 进程:C:\Documents and Settings\Administrator\桌面\snipesword.exe 进程:C:\WINDOWS\explorer.exe 进程:system ====================================================== 无微软签名模块 进程:C:\WINDOWS\system32\ctfmon.exe 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\Program Files\Rising\Rfw\RsTray.exe 模块:C:\Program Files\Rising\Rfw\rfwlog.dll 模块:C:\Program Files\Rising\Rfw\PngDll.dll 模块:C:\Program Files\Rising\Rfw\rfwtray.dll 模块:C:\Program Files\Rising\Rfw\rsmginfo.dll 模块:C:\Program Files\Rising\Rfw\rsnetsvr.dll 模块:C:\Program Files\Rising\Rfw\ravbintl.dll 模块:C:\Program Files\Rising\Rfw\rsguilib.dll 模块:C:\WINDOWS\system32\MFC71.DLL 模块:C:\Program Files\Rising\Rfw\rspalvd.dll 模块:C:\Program Files\Rising\Rfw\CfgDll.dll 模块:C:\Program Files\Rising\Rfw\RSAPPMGR.dll 模块:C:\Program Files\Rising\Rfw\rsconf.dll 模块:C:\Program Files\Rising\Rfw\rfwrule.dll 模块:C:\Program Files\Rising\Rfw\MonState.dll 模块:C:\Program Files\Rising\Rfw\ProcComm.dll 模块:C:\Program Files\Rising\Rfw\rsxml.dll 模块:C:\Program Files\Rising\Rfw\comx3.dll 模块:C:\Program Files\Rising\Rfw\Syslay.dll 模块:C:\Program Files\Rising\Rfw\rslang.dll 模块:C:\Program Files\Rising\Rfw\ComServ.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\system32\hkcmd.exe 模块:C:\WINDOWS\system32\igfxres.dll 模块:C:\WINDOWS\system32\igfxhk.dll 模块:C:\WINDOWS\system32\igfxsrvc.dll 模块:C:\WINDOWS\system32\igfxdev.dll 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\hccutils.DLL 进程:C:\WINDOWS\system32\igfxtray.exe 模块:C:\WINDOWS\system32\igfxress.dll 模块:C:\WINDOWS\system32\igfxres.dll 模块:C:\WINDOWS\system32\igfxsrvc.dll 模块:C:\WINDOWS\system32\igfxdev.dll 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\system32\hccutils.DLL 进程:C:\WINDOWS\SOUNDMAN.EXE 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\msagent\AgentSvr.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MSVCP90.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MSVCR90.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\Program Files\Rising\Rav\RsAgent.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\Program Files\Rising\Rav\ScanPrxy.dll 模块:C:\Program Files\Rising\Rav\comx3.dll 模块:C:\Program Files\Rising\Rav\Syslay.dll 模块:C:\Program Files\Rising\Rav\ProcComm.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\conime.exe 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\spoolsv.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\Program Files\Internet Explorer\iexplore.exe 模块:C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx 模块:C:\Program Files\Rising\Rav\RavScrCh.dll 模块:C:\WINDOWS\system32\MSVCP71.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\KeyMonitor.dll 模块:D:\Program Files\Microsoft Office\Office12\msohevi.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 模块:C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MSVCP90.dll 模块:C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MSVCR90.dll 模块:C:\Program Files\QvodPlayer\QvodExtend.dll 模块:C:\Program Files\Tencent\QQDownload2\QQIEHelper01.dll 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\Program Files\Rising\Rav\RsMain.exe 模块:C:\Program Files\Rising\Rav\htmllib.dll 模块:C:\Program Files\Rising\Rav\log2file.dll 模块:C:\Program Files\Rising\Rav\ravptool.dll 模块:C:\Program Files\Rising\Rav\ravxmons.dll 模块:C:\Program Files\Rising\Rav\ravxpage.dll 模块:C:\Program Files\Rising\Rav\ProcComm.dll 模块:C:\Program Files\Rising\Rav\comx3.dll 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\Program Files\Rising\Rav\CfgDll.dll 模块:C:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:C:\Program Files\Rising\Rav\PngDll.dll 模块:C:\Program Files\Rising\Rav\rsscanbd.dll 模块:C:\Program Files\Rising\Rav\pubcfg.dll 模块:C:\Program Files\Rising\Rav\ScanPrxy.dll 模块:C:\Program Files\Rising\Rav\MonState.dll 模块:C:\Program Files\Rising\Rav\ravpsafe.dll 模块:C:\Program Files\Rising\Rav\ravbintl.dll 模块:C:\Program Files\Rising\Rav\Syslay.dll 模块:C:\Program Files\Rising\Rav\ravppops.dll 模块:C:\Program Files\Rising\Rav\rspalvd.dll 模块:C:\Program Files\Rising\Rav\rsconf.dll 模块:C:\Program Files\Rising\Rav\rslang.dll 模块:C:\Program Files\Rising\Rav\RsGuiLib.dll 模块:C:\Program Files\Rising\Rav\RSXML.DLL 模块:C:\Program Files\Rising\Rav\rspalmgr.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\svchost 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\Program Files\Rising\Rav\RsTray.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\Program Files\Rising\Rav\ScanPrxy.dll 模块:C:\Program Files\Rising\Rav\PngDll.dll 模块:C:\Program Files\Rising\Rav\CfgDll.dll 模块:C:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:C:\Program Files\Rising\Rav\ravppops.dll 模块:C:\Program Files\Rising\Rav\scanleak.dll 模块:C:\Program Files\Rising\Rav\rsmginfo.dll 模块:C:\Program Files\Rising\Rav\RavITray.dll 模块:C:\Program Files\Rising\Rav\MonTray.dll 模块:C:\Program Files\Rising\Rav\mruleui.dll 模块:C:\Program Files\Rising\Rav\ravbintl.dll 模块:C:\Program Files\Rising\Rav\rspalvd.dll 模块:C:\Program Files\Rising\Rav\rsconf.dll 模块:C:\Program Files\Rising\Rav\rsguilib.dll 模块:C:\Program Files\Rising\Rav\ScanEvnt.dll 模块:C:\Program Files\Rising\Rav\MonState.dll 模块:C:\Program Files\Rising\Rav\rsxml.dll 模块:C:\Program Files\Rising\Rav\ProcComm.dll 模块:C:\Program Files\Rising\Rav\comx3.dll 模块:C:\Program Files\Rising\Rav\Syslay.dll 模块:C:\Program Files\Rising\Rav\rslang.dll 模块:C:\Program Files\Rising\Rav\comserv.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\Documents and Settings\Administrator\桌面\snipesword.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\WINDOWS\explorer.exe 模块:C:\Program Files\NamiRobot\Data\NamipanExt1.dll 模块:C:\WINDOWS\system32\MSVCR71.dll 模块:C:\Program Files\AliWangWang\AliIMExt.dll 模块:C:\Program Files\WinRAR\rarext.dll 模块:C:\WINDOWS\system32\msi.dll 模块:C:\WINDOWS\system32\SCEVFJRCmaB7.dll 模块:C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll 模块:C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf 模块:C:\WINDOWS\system32\t9hdtMrwMeQcvYV3CMvhtNZpC.inf 模块:C:\WINDOWS\system32\122B901E.dll 模块:C:\WINDOWS\system32\ndxq9awMc.dll 模块:C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf 模块:C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf 模块:C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur 模块:C:\WINDOWS\system32\RavExt.dll 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\svchost 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\svchost.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\system32\lsass.exe 模块:C:\WINDOWS\system32\UxTheme.dll 进程:C:\WINDOWS\System32\svchost.exe 模块:c:\windows\system32\msi.dll 模块:C:\WINDOWS\System32\COMRes.dll 模块:C:\WINDOWS\System32\UxTheme.dll 进程:C:\WINDOWS\system32\winlogon.exe 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\WINDOWS\system32\uxtheme.dll 进程:C:\Program Files\Rising\Rav\RavMonD.exe 模块:C:\Program Files\Rising\Rav\ur027.dat 模块:C:\Program Files\Rising\Rav\ur023.dat 模块:C:\Program Files\Rising\Rav\ur007.dat 模块:C:\Program Files\Rising\Rav\extmail.dll 模块:C:\Program Files\Rising\Rav\ur001.dat 模块:C:\Program Files\Rising\Rav\scansct.dll 模块:C:\Program Files\Rising\Rav\extsfx.dll 模块:C:\Program Files\Rising\Rav\SysMail.dll 模块:C:\Program Files\Rising\Rav\RKPColl.dll 模块:C:\Program Files\Rising\Rav\posttrt.dll 模块:C:\Program Files\Rising\Rav\uroutine.dll 模块:C:\Program Files\Rising\Rav\scriptci.dll 模块:C:\Program Files\Rising\Rav\heurex.dll 模块:C:\Program Files\Rising\Rav\pecompd.dll 模块:C:\Program Files\Rising\Rav\methodex.dll 模块:C:\Program Files\Rising\Rav\scantj.dll 模块:C:\Program Files\Rising\Rav\scanex.dll 模块:C:\Program Files\Rising\Rav\unexe.dll 模块:C:\Program Files\Rising\Rav\scanexec.dll 模块:C:\Program Files\Rising\Rav\nvfile.dll 模块:C:\Program Files\Rising\Rav\ffr.dll 模块:C:\WINDOWS\system32\COMRes.dll 模块:C:\Program Files\Rising\Rav\ScanStub.dll 模块:C:\Program Files\Rising\Rav\ScanRavT.dll 模块:C:\Program Files\Rising\Rav\ScanBT.dll 模块:C:\Program Files\Rising\Rav\revm.dll 模块:C:\Program Files\Rising\Rav\urutils.dll 模块:C:\Program Files\Rising\Rav\ur000.dat 模块:C:\Program Files\Rising\Rav\pearc.dll 模块:C:\Program Files\Rising\Rav\scanpe.dll 模块:C:\Program Files\Rising\Rav\ScanSrv.dll 模块:C:\Program Files\Rising\Rav\rsstub.dll 模块:C:\Program Files\Rising\Rav\rstask.dll 模块:C:\Program Files\Rising\Rav\NComm2.dll 模块:C:\Program Files\Rising\Rav\ScanAdd.dll 模块:C:\Program Files\Rising\Rav\Scanner.dll 模块:C:\Program Files\Rising\Rav\RSStore.dll 模块:C:\Program Files\Rising\Rav\bawhite.dll 模块:C:\Program Files\Rising\Rav\rsnetsvr.dll 模块:C:\Program Files\Rising\Rav\relibldr.dll 模块:C:\Program Files\Rising\Rav\viruslib.dll 模块:C:\Program Files\Rising\Rav\refs.dll 模块:C:\Program Files\Rising\Rav\recomp.dll 模块:C:\Program Files\Rising\Rav\BACore.dll 模块:C:\Program Files\Rising\Rav\HookCont.dll 模块:C:\Program Files\Rising\Rav\ProcCom.dll 模块:C:\Program Files\Rising\Rav\RsCommX2.dll 模块:C:\Program Files\Rising\Rav\Hooksys.dll 模块:C:\Program Files\Rising\Rav\comx3.dll 模块:C:\Program Files\Rising\Rav\CfgDll.dll 模块:C:\Program Files\Rising\Rav\RSAPPMGR.dll 模块:C:\Program Files\Rising\Rav\proccomm.dll 模块:C:\Program Files\Rising\Rav\cnt08.dll 模块:C:\Program Files\Rising\Rav\scansrvp.dll 模块:C:\Program Files\Rising\Rav\taskplug.dll 模块:C:\Program Files\Rising\Rav\rsindent.dll 模块:C:\Program Files\Rising\Rav\Syslay.dll 模块:C:\Program Files\Rising\Rav\HookWeb.dll 模块:C:\Program Files\Rising\Rav\MailMon.dll 模块:C:\Program Files\Rising\Rav\FileMon.dll 模块:C:\Program Files\Rising\Rav\MonRule.dll 模块:C:\Program Files\Rising\Rav\moncom08.dll 模块:C:\Program Files\Rising\Rav\defmon.dll 模块:C:\Program Files\Rising\Rav\mondrv.dll 模块:C:\Program Files\Rising\Rav\Rslog.dll 模块:C:\Program Files\Rising\Rav\MonBase.dll 模块:C:\Program Files\Rising\Rav\moncomm.dll 模块:C:\Program Files\Rising\Rav\cnt09.dll 模块:C:\WINDOWS\system32\uxtheme.dll 模块:C:\Program Files\Rising\Rav\combase.dll ====================================================== 无签名自启动项(包含了IE劫持、服务、SPI等): 名称: 注册键:◆ Task ↓ 注册值: 类别: 名称:EkKXXTKa2TVmc6XM.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\EkKXXTKa2TVmc6XM.ico 类别:10 名称:exfvE4paGnSAB.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\exfvE4paGnSAB.ico 类别:10 名称:kTS4JJGUYtVagxPs.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\kTS4JJGUYtVagxPs.ico 类别:10 名称:kZdWDEpQcNC2NwDe.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\kZdWDEpQcNC2NwDe.ico 类别:10 名称:Low Battery Alarm Program.job 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\Low Battery Alarm Program.job 类别:10 名称:SbrmpxjdCrgRAFhz4gHh.inf 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf 类别:10 名称:SogouImeMgr.job 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\SogouImeMgr.job 类别:10 名称:ThGkkhVnR6Dhf3eN.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\ThGkkhVnR6Dhf3eN.ico 类别:10 名称:vC6ykXbjUGCVeCJa.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\vC6ykXbjUGCVeCJa.ico 类别:10 名称:x7j7yet9WK9FdYSD.ico 注册键:C:\WINDOWS\Tasks\ 注册值:C:\WINDOWS\Tasks\x7j7yet9WK9FdYSD.ico 类别:10 名称: 注册键:◆ Logon ↓ 注册值: 类别: 名称:Shell 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 注册值:Explorer.exe 类别:20 名称: 注册键:◆ Logon Run ↓ 注册值: 类别: 名称:IgfxTray 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册值:C:\WINDOWS\system32\igfxtray.exe 类别:2 名称:HotKeysCmds 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册值:C:\WINDOWS\system32\hkcmd.exe 类别:2 名称:360Soft 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册值:C:\WINDOWS\system32\scvhost.exe 类别:2 名称: 注册键:◆ Logon Startup ↓ 注册值: 类别: 名称:QQ游戏启动加速程序.lnk 注册键:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ 注册值:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk 类别:10 名称: 注册键:◆ Serivce And Drivers ↓ 注册值: 类别: 名称:Alidevice 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\Alidevice.sys 类别:21 名称:AntiARPClientLoader 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\AntiARPClientLoader.sys 类别:21 名称:AntiArpNdisProt 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\AntiArpNdisProt.sys 类别:21 名称:Changer 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\Changer.sys 类别:21 名称:i2omgmt 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\i2omgmt.sys 类别:21 名称:ialm 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\ialmnt5.sys 类别:21 名称:IDriverT 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" 类别:21 名称:lbrtfdc 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\lbrtfdc.sys 类别:21 名称:NPF 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\drivers\npf.sys 类别:21 名称:npkcrypt 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\C:\WINDOWS\system32\npkcrypt.sys 类别:21 名称:npkycryp 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\C:\WINDOWS\system32\npkycryp.sys 类别:21 名称:ntptdb 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys 类别:21 名称:Packet 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\ProtoDrv.sys 类别:21 名称:PCANDIS5 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\C:\WINDOWS\system32\PCANDIS5.SYS 类别:21 名称:PDCOMP 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDCOMP.sys 类别:21 名称:PDFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDFRAME.sys 类别:21 名称:PDRELI 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDRELI.sys 类别:21 名称:PDRFRAME 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\PDRFRAME.sys 类别:21 名称:rpcapd 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:"%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" 类别:21 名称:rspp 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\C:\WINDOWS\system32\Drivers\Rspp.sys 类别:21 名称:RTL8023 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\Rtlnic51.sys 类别:21 名称:sptd 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:System32\Drivers\sptd.sys 类别:21 名称:SuperMounter 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\SuperMounter.sys 类别:21 名称:tap0801 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\tap0801.sys 类别:21 名称:Tcpip 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\tcpip.sys 类别:21 名称:UnlockerDriver4 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:\??\C:\Program Files\Unlocker\UnlockerDriver4.sys 类别:21 名称:WDICA 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\WDICA.sys 类别:21 名称:Winsock 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\Winsock.sys 类别:21 名称:xAntiArp 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\DRIVERS\xAntiArp.sys 类别:21 名称:{6080A529-897E-4629-A488-ABA0C29B635E} 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\drivers\ialmsbw.sys 类别:21 名称:{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:system32\drivers\ialmkchw.sys 类别:21 名称:argusrj2 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:C:\WINDOWS\System32\Drivers\argusrj2.sys 类别:21 名称:HidServ 注册键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 注册值:%SystemRoot%\System32\hidserv.dll 类别:11 名称: 注册键:◆ AppInit ↓ 注册值: 类别: 名称:AppInit_DLLs 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows 注册值:C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf, 类别:3 名称: 注册键:◆ Internet Explorer ↓ 注册值: 类别: 名称:{488A4255-3236-44B3-8F27-FA1AECAA8844} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units 注册值:https://img.alipay.com/download/2121/aliedit.cab 类别:6 名称:&U使用米人下载并收藏 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:C:\Program Files\NamiRobot\Data\du.html 类别:1 名称:&使用QQ旋风下载 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:C:\Program Files\Tencent\QQDownload2\geturl.htm 类别:1 名称:&使用QQ旋风下载全部链接 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:C:\Program Files\Tencent\QQDownload2\getAllurl.htm 类别:1 名称:使用迅雷下载 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm 类别:1 名称:使用迅雷下载全部链接 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm 类别:1 名称:导出到 Microsoft Excel(&X) 注册键:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt 注册值:res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 类别:1 名称:{1DABF8D5-8430-4985-9B7F-A30E53D709B3} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Program Files\Tencent\QQLive\QQLiveInstaller.dll 类别:4 名称:{3AA9CF07-DF20-48FF-98BE-DED276E40146} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\WINDOWS\system32\GDREAD~1.DLL 类别:4 名称:{4990272A-0655-4D80-90A7-C18D0FF7A4A9} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Program Files\NamiRobot\Plugins\SkyDrive.dll 类别:4 名称:{5CB840B5-A94E-4AD9-B785-4866E3B04476} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\WINDOWS\system32\ICBCNE~1.DLL 类别:4 名称:{6483F145-A768-4C41-AACC-52D4D7845851} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work 类别:4 名称:{6A19C29D-ED45-4483-8999-9F939C8161F2} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Program Files\eREAD\eREAD\WebHook.dll 类别:4 名称:{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\WINDOWS\system32\INPUTC~1.DLL 类别:4 名称:{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL 类别:4 名称:{E05BC2A3-9A46-4A32-80C9-023A473F5B23} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Program Files\QQMusic\QzoneMusic.dll 类别:4 名称:{F3D0D36F-23F8-4682-A195-74C92B03D4AF} 注册键:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats 注册值:C:\Program Files\QvodPlayer\QvodInsert.dll 类别:4 名称: 注册键:◆ Internet Explorer ActiveX ↓ 注册值: 类别: 名称:{248DD896-BB45-11CF-9ABC-0080C7E7B78D} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\Program Files\日月网络电视\MSWINSCK.OCX 类别:4 名称:{598EBA02-B49A-11D2-A1C1-00609778EA66} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility 注册值:C:\WINDOWS\system32\mp4sds32.ax 类别:4 名称: 注册键:◆ Internet Explorer BHO ↓ 注册值: 类别: 名称:{6A19C29D-ED45-4483-8999-9F939C8161F2} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects 注册值:C:\Program Files\eREAD\eREAD\WebHook.dll 类别:4 名称: 注册键:◆ Explorer ↓ 注册值: 类别: 名称:ic32pp 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\WINDOWS\wc98pp.dll 类别:8 名称:ipp 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\WINDOWS\wc98pp.dll 类别:8 名称:KuGoo 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\WINDOWS\system32\KuGoo3DownXControl.ocx 类别:8 名称:KuGoo3 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler 注册值:C:\WINDOWS\system32\KuGoo3DownXControl.ocx 类别:8 名称:{A2BCFCEE-C939-433F-A32A-7353A6E720DB} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf 类别:7 名称:{BB16CF3F-BAFD-4627-BB94-46974DA2AC68} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Tasks\yKr79dwDnetDX3yQb.inf 类别:7 名称:{51716C09-6B08-4CCF-B526-718E912C0573} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll 类别:7 名称:{6049BC02-7EDA-4C41-B4AB-D5398607C39E} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf 类别:7 名称:{526EB425-7F56-4773-8D70-B8E45AA8E2B6} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur 类别:7 名称:{E1639D0B-CC74-4C22-B662-F2F9367CBEFC} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Downloaded Program Files\NnjrQW5EUm9zePgHXM2eB44E.cur 类别:7 名称:{87DE8A1A-96C5-4420-B222-EF998F697CE7} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf 类别:7 名称:{D55E3C90-C192-411F-85FC-6A8A69D0C634} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\WQVBYhAJ6ADw5qzCY8gv84KTH.inf 类别:7 名称:{F181F067-7046-4DCB-993F-200990736305} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur 类别:7 名称:{8708994F-1758-4C2C-9A3F-FA22D6CCCB41} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\fonts\A97CRaCB.fon 类别:7 名称:{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf 类别:7 名称:{C53C1999-1B56-41BD-8F76-520D618F112C} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Downloaded Program Files\gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur 类别:7 名称:{8A6A5B34-D995-4C5D-9338-B5E264B4A87} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf 类别:7 名称:{74DA2FEC-F68F-4DC7-9A45-9174AC044427} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf 类别:7 名称:{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf 类别:7 名称:{CB661471-055A-4C5B-9ED0-497B9908FEF5} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf 类别:7 名称:{30E05169-5E63-4038-9709-5FAD6E488ED2} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\rb37sCqvGmszGJ3aQYB5qRczx.inf 类别:7 名称:{4F5EEDE5-1687-49D2-8A17-FF0B454FB37B} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\qzp3jTZCSfSh.dll 类别:7 名称:{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\ndxq9awMc.dll 类别:7 名称:{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\08223B03.dll 类别:7 名称:{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\122B901E.dll 类别:7 名称:{F317E464-D4A4-4C79-82E8-CABADF738C7C} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\t9hdtMrwMeQcvYV3CMvhtNZpC.inf 类别:7 名称:{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf 类别:7 名称:{594EFEFB-4932-421C-9C83-A6BEB868E52D} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\fonts\acCjngH97w.fon 类别:7 名称:{05EDDA35-1E5B-4A77-8F68-99AB967CF632} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\bWxJAeWKDxgRfhkaWEfA33C36nr.inf 类别:7 名称:{827E2FB4-1047-43DE-848D-E12BB0C97AAB} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf 类别:7 名称:{8E6D4583-0FA1-41B2-BAAA-63352E6333CA} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll 类别:7 名称:{CD478099-014D-4B3A-A4BB-B518F1019BC7} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\SCEVFJRCmaB7.dll 类别:7 名称:{1719B301-B494-4185-9379-242461F9CF02} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 注册值:C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf 类别:7 名称: 注册键:◆ Explorer ShellEx ↓ 注册值: 类别: 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称:igfxcui 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers 注册值:C:\WINDOWS\system32\igfxpph.dll 类别:9 名称:{42071714-76d4-11d1-8b24-00a0c9068ff3} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:deskpan.dll 类别:7 名称:{B41DB860-8EE4-11D2-9906-E49FADC173CA} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\Program Files\WinRAR\rarext.dll 类别:7 名称:{745B9F19-F9E5-424F-AB07-B1D63AB9D84B} 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved 注册值:C:\PROGRA~1\蓝鸟FL~1\lnfplyext.dll 类别:7 名称: 注册键:◆ ImageFile Hijacks ↓ 注册值: 类别: 名称:NamipanExt 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers 注册值:C:\Program Files\NamiRobot\Data\NamipanExt1.dll 类别:9 名称:WinRAR 注册键:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers 注册值:C:\Program Files\WinRAR\rarext.dll 类别:9 名称: 注册键:◆ Session Manager ↓ 注册值: 类别: 名称: 注册键:◆ Other ↓ 注册值: 类别: ====================================================== 无签名内核模块: 模块基址:ABF75000 模块:\??\c:\documents and settings\administrator\桌面\SnipeSword.sys 模块基址:AC7B7000 模块:\??\C:\WINDOWS\system32\drivers\pcidump.sys 模块基址:B1651000 模块:\SystemRoot\system32\DRIVERS\AntiArpNdisProt.sys 模块基址:BFA36000 模块:\SystemRoot\System32\ialmdd5.DLL 模块基址:BFA05000 模块:\SystemRoot\System32\ialmdev5.DLL 模块基址:BF9D5000 模块:\SystemRoot\System32\ialmrnt5.dll 模块基址:BF9E3000 模块:\SystemRoot\System32\ialmdnt5.dll 模块基址:F7CB0000 模块:\SystemRoot\System32\Drivers\dump_WMILIB.SYS 模块基址:ACB40000 模块:\SystemRoot\System32\Drivers\dump_atapi.sys 模块基址:B1B58000 模块:\SystemRoot\system32\DRIVERS\tcpip.sys 模块基址:B226C000 模块:\SystemRoot\system32\drivers\ialmsbw.sys 模块基址:B228A000 模块:\SystemRoot\system32\drivers\ialmkchw.sys 模块基址:BA490000 模块:\SystemRoot\System32\Drivers\argusrj2.SYS 模块基址:F7B58000 模块:\SystemRoot\System32\Drivers\Alidevice.SYS 模块基址:BA601000 模块:\SystemRoot\system32\DRIVERS\Rtlnic51.sys 模块基址:BA64A000 模块:\SystemRoot\system32\DRIVERS\ialmnt5.sys 模块基址:F764F000 模块:sptd.sys ====================================================== 硬件设备及其支持文件列表: 设备:Intel(R) 82852/82855 GM/GME Graphics Controller 支持文件:oem2.inf 支持文件:tap0801.sys 设备:Intel(R) 82852/82855 GM/GME Graphics Controller 支持文件:oem2.inf 支持文件:tap0801.sys 设备:Realtek AC'97 Audio 支持文件:oem0.inf 支持文件:ALCXWDM.SYS 支持文件:SOUNDMAN.EXE 支持文件:ALSNDMGR.CPL 支持文件:ALSNDMGR.WAV 支持文件:crlds3d.dll 支持文件:Audio3D.dll ====================================================== 当前已安装软件列表: 无 ====================================================== Host文件: 127.0.0.1 localhost 208.43.157.35 www.damipan.com ====================================================== 系统体检全部完成 2009-10-27-16:07:12