2009-04-01,08:56:54
System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [(Verified)Beijing Rising Information Technology Corporation Limited]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll> [(Verified)Microsoft Windows 2000 Publisher]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows 2000 Publisher]
<SysTray><stobject.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows 2000 Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
<EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 5><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> [N/A]
==================================
启动文件夹
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服务
[Kaspersky Anti-Virus / avp][Stopped/Manual Start]
<"><(File is missing)>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[RavAgent / RavAgent][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavAgent.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Net Alert / RavAlert][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavAlert.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising Multi-Center Communication Sender / RavSender][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\RavSender.exe"><Beijing Rising Information Technology Co., Ltd.>
[RavUpdate / RavUpdate][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavUpdate.exe"><Beijing Rising Information Technology Co., Ltd.>
[RNReport / RNReport][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RNReport.exe"><Beijing Rising Information Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
==================================
驱动程序
[360procmon / 360procmon][Running/Manual Start]
<\??\C:\Program Files\360safe\safemon\360procmon.sys><>
[atirage3 / atirage3][Running/Manual Start]
<System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[DwMirror / DwMirror][Running/Manual Start]
<system32\DRIVERS\DamewareMini.sys><DameWare Development, Inc.>
[DameWare Virtual Keyboard 32 bit Driver / dwvkbd][Running/System Start]
<system32\DRIVERS\dwvkbd.sys><DameWare>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100bnt5.sys><Intel Corporation>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINNT\System32\drivers\SafeBoxKrnl.sys><360安全中心>
==================================
浏览器加载项
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
==================================
正在运行的进程
[PID: 180 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 204 / SYSTEM][\??\C:\WINNT\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 228 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.00.2195.6714]
[PID: 256 / SYSTEM][C:\WINNT\system32\services.exe] [(Verified) Microsoft Corporation, 5.00.2195.6700]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 268 / SYSTEM][C:\WINNT\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.00.2195.6695]
[PID: 380 / SYSTEM][C:\WINNT\System32\termsrv.exe] [(Verified) Microsoft Corporation, 5.00.2195.6696]
[PID: 524 / SYSTEM][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 564 / SYSTEM][C:\WINNT\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.00.2195.6659]
[PID: 592 / SYSTEM][C:\WINNT\System32\msdtc.exe] [(Verified) Microsoft Corporation, 1999.9.3421.3]
[PID: 800 / SYSTEM][C:\WINNT\System32\llssrv.exe] [(Verified) Microsoft Corporation, 5.00.2195.6697]
[PID: 876 / SYSTEM][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0311.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.0194.00]
[PID: 1060 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1272 / SYSTEM][C:\WINNT\system32\regsvc.exe] [(Verified) Microsoft Corporation, 5.00.2195.6701]
[PID: 1428 / SYSTEM][C:\WINNT\system32\MSTask.exe] [(Verified) Microsoft Corporation, 4.71.2195.6704]
[PID: 1568 / SYSTEM][C:\WINNT\System32\WBEM\WinMgmt.exe] [(Verified) Microsoft Corporation, 1.50.1085.0100]
[PID: 1604 / SYSTEM][C:\WINNT\system32\Dfssvc.exe] [(Verified) Microsoft Corporation, 5.00.2195.6664]
[PID: 1664 / SYSTEM][C:\WINNT\System32\inetsrv\inetinfo.exe] [(Verified) Microsoft Corporation, 5.00.0984]
[PID: 1744 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0]
[C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.5512.0]
[PID: 1176 / SYSTEM][C:\WINNT\system32\logon.scr] [Microsoft Corporation, 5.00.2195.6601]
[PID: 2872 / SYSTEM][\??\C:\WINNT\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 2892 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.00.2195.6714]
[PID: 2988 / Administrator][C:\WINNT\system32\rdpclip.exe] [(Verified) Microsoft Corporation, 5.00.2174.1]
[PID: 3016 / Administrator][C:\WINNT\Explorer.EXE] [(Verified) Microsoft Corporation, 5.00.3700.6690]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[C:\WINNT\SYSTEM32\DWRCShell.DLL] [DameWare Development LLC, 6, 5, 0, 0]
[PID: 3084 / SYSTEM][C:\WINNT\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 3164 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 3172 / Administrator][C:\WINNT\system32\internat.exe] [(Verified) Microsoft Corporation, 5.00.2920.0000]
[PID: 3188 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[PID: 156 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[PID: 3348 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SRE9b1ac9af.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 876, C:\PROGRA~1\MICROS~3\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1744, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3188, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 156, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
==================================
隐藏进程
N/A
==================================