发表于: 2007-07-06 13:39 | 只看楼主 短消息 资料
字号: 11楼


==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1964, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1980, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 256, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 296, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 324, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1944, D:\程序\杀毒软件\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1944, D:\程序\杀毒软件\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2016, C:\WINDOWS\SYSTEM32\BGSWITCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 420, C:\PROGRAM FILES\QQ2006\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 456, C:\PROGRAM FILES\QQ2006\TIMPLATFORM.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2692, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2692, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2900, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 680, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: D:\程序\杀毒软件\360safe\safemon\safemon.dll)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: D:\程序\杀毒软件\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]