发表于: 2008-01-29 23:30 | 显示全部 短消息 资料
字号: 11楼

N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1080, F:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1160, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1168, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 184, E:\AST\AST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 184, E:\AST\AST.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3336, E:\AST\UPDATE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3336, E:\AST\UPDATE.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: E:\ast\AST.dll)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: E:\ast\AST.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]