两款安全工具GMER1.0.13.12551和Rootkit Unhooker 3.7.300.503

iproffice

GMER 1.0.13.12551
http://www.gmer.net/files.php
http://www.gmer.net/gmer.zip

GMER is an application that detects and removes rootkits .
It scans for:
hidden processes
hidden threads
hidden modules
hidden services
hidden files
hidden Alternate Data Streams
hidden registry keys
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls
inline hooks
GMER also allows to monitor the following system functions:
processes creating
drivers loading
libraries loading
file functions
registry entries
TCP/IP connections
GMER runs on Windows NT/W2K/XP/VISTA

Rootkit Unhooker 3.7.300.503
http://rku.nm.ru/
http://rku.nm.ru/rkunhooker_v3/RkU3.7.300.503.zip
Rootkit Unhooker是一款较新的RK检测工具,来自俄罗斯 ! 其检测手段比IceSword可靠得多(虽然功能还不如IceSword齐全)
服务描述表钩子检测和恢复  强大的进程检测  强大的驱动检测  隐藏进程杀除 API钩子检测 驱动转储 生成报告
p.s,刚才Vista把玩了一下,结果系统从蓝屏死机中恢复,hoho,看来微软的内核保护还是有一手的...
09 August 2007
RkUnhooker LE update (several fixes)

powersun29

感谢楼主分享,用了一下觉得挺实用