|
本帖最后由 小杨过 于 5-4-2011 01:16 PM 编辑
Anti-Rootkit:
XueTr:
一个强大的手工杀毒工具,支持32位的2000、xp、2003、vista、2008和Win7操作系统。
本工具目前初步实现如下功能:
1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除
9.注册表编辑
10.进程iat、eat、inline hook、patches检测和恢复
11.文件系统查看,支持基本的文件操作
12.查看(编辑)IE插件、SPI、启动项、服务、Host文件、映像劫持、文件关联、系统防火墙规则、IME
13.ObjectType Hook检测和恢复
14.DPC定时器检测和删除
15.MBR Rootkit检测和修复
16.内核对象劫持检测
17.WorkerThread枚举
下载:http://xuetr.com/download/XueTr.zip
天琊:
“天琊 V1.0(测试版)”是一款集进程管理,文件管理,SSDT服务表管理,SHADOW服务表管理,内核模块察看,Inline Hook扫描,日志导出,保险箱,主动防御(主要针对保险箱功能)于一身的强大的安全反病毒辅助工具。
下载:官方网站是论坛,要下载可以Google
冰刃:
Wsyscheck:
ATool:
GMER:
GMER is an application that detects and removes rootkits .
It scans for:
hidden processes
hidden threads
hidden modules
hidden services
hidden files
hidden Alternate Data Streams
hidden registry keys
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls
inline hooks
下载:http://www.gmer.net/
RootkitUnhooker:
RootKit UnHooker features:
Public version
SSDT Hooks Detection and Restoring
Shadow SSDT Hooks Detection and Restoring
Hidden Processes Detection/Terminating/Dumping
Hidden Drivers Detection and Dumping
Hidden Files Detection/Copying/Deleting
Code hooks Detection and Restoring
Report generation
Supported operation systems:
x86 32 bit Windows 2000 SP4
x86 32 bit Windows XP +SP1, SP2
x86 32 bit Windows 2003 +SP1, +SP2
x86 32 bit Windows Vista
Note: RkU requires Administrator rights to launch and work.
下载:http://www.antirootkit.com/software/RootKit-Unhooker.htm
Kernel Detective :
Kernel Detective is a free tool that help you detect, analyze, manually modify and fix some Windows NT kernel modifications. Kernel Detective gives you the access to the kernel directly so it's not oriented for newbies. Changing essential kernel-mode objects without enough knowledge will lead you to only one result ... BSoD !
下载:http://www.at4re.com/download.php?view.2
SysReveal:
Rootkit Scanner:
Avira Rootkit Detection :
Avira AntiVir Rootkit Protection recognizes active rootkits. However, there also exist rootskits, which are used legally in programs. Avira AntiVir Rootkit Protection also detects those. Please note that using reported rootkits is at your own risk and it can cause program errors.
下载:http://www.avira.com/en/support-download-avira-antirootkit-tool
RootkitRevealer:
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows XP (32-bit) and Windows Server 2003 (32-bit), and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.
下载:http://download.sysinternals.com/Files/RootkitRevealer.zip |
|
|
|
|
|
|
|
楼主 |
发表于 5-4-2011 11:46 AM
|
显示全部楼层
本帖最后由 小杨过 于 6-4-2011 10:04 AM 编辑
System Scanner:
SREng:
System Repair Engineer (SREng) 是一款计算机安全辅助和系统维护辅助软件。主要用于发现、发掘潜在的系统故障和大多数由于计算机病毒造成的破坏,并提供一系列的修改建议和自动修复方法。
在 System Repair Engineer (SREng) 的帮助下,您可以自己诊断您操作系统可能存在的普遍性问题,即使您是计算机的初学者,您也可以使用 System Repair Engineer (SREng) 的智能扫描功能将您系统的概况生成一份简要的日志,然后将该日志传送给对操作系统熟悉的朋友或网友,在他们的帮助下解决您系统可能存在的问题。
下载:http://www.kztechs.com/sreng/download.html
Autoruns:
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.
下载:http://download.sysinternals.com/Files/Autoruns.zip
RunScanner:
RunScanner is a freeware windows system utility which scans your system for all running programs, autostart locations, drivers, services and hijack points.
You can use Runscanner to detect changes and misconfigurations in your system caused by spyware, virusses or human errors.
下载:http://www.runscanner.net/
ESET SysInspector:
ESET SysInspector® is a free, state of the art diagnostic tool for Windows systems. It is also an integral part of ESET Smart Security 4 and ESET NOD32 Antivirus 4. It peers into your operating system and captures details such as running processes, registry content, startup items and network connections. Once a snapshot of the system is made, ESET SysInspector applies heuristics to assign a risk level for each object logged. Its intuitive graphical user interface enables the user to easily slice through the large volume of data using a slider to select objects of a particular color coded risk level for closer examination. ESET SysInspector is a convenient utility for the tool box of every IT expert and first responder.
下载:http://www.eset.com/us/download/free-antivirus-utilities
ServiWin:
ServiWin utility displays the list of installed drivers and services on your system. For some of them, additional useful information is displayed: file description, version, product name, company that created the driver file, and more.
In addition, ServiWin allows you to easily stop, start, restart, pause, and continue service or driver, change the startup type of service or driver (automatic, manual, disabled, boot or system), save the list of services and drivers to file, or view HTML report of installed services/drivers in your default browser.
下载:http://www.nirsoft.net/utils/serviwin.zip
File Eraser:
360文件粉碎器:
费尔木马强力清除助手:
超级巡警暴力文件删除工具:
本工具采用内核技术删除文件,能删除运行中文件或者被占用文件,可以用来查看文件被哪些程序占用,也可以在病毒分析中对一些顽固病毒木马衍生文件的删除。
本软件产品为免费软件,用户可以非商业性地下载、安装、复制和散发本软件产品。如果需要进行商业性的销售、复制和散发,必须获得DSWLAB的授权和许可,商业公司及团队使用本软件必须获得DSWLAB的授权和许可。
下载:http://a1.sucop.com/FileForceKiller.zip
Unlocker:
PowerTool:
|
|
|
|
|
|
|
|
发表于 6-4-2011 02:45 PM
|
显示全部楼层
|
|
|
|
|
|
|
楼主 |
发表于 6-4-2011 03:18 PM
|
显示全部楼层
|
|
|
|
|
|
| |
本周最热论坛帖子
|