微点交流论坛

标题: 帖出一部分劫持其他杀毒软件的信息，看完像是没有微点的进程 [打印本页]

作者: lmnn 时间: 2008-12-10 20:21 标题: 帖出一部分劫持其他杀毒软件的信息，看完像是没有微点的进程

创建时间键名称原数据新数据创建者
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LUCOMSERVER.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LUALL.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LOOKOUT.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LOCKDOWN2000.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAMAPP.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVPRESCAN.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KRF.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPPMAIN.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFWSVC.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFW32.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFW32.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAV32.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASMAIN.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KABACKREPORT.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE

作者: lmnn 时间: 2008-12-10 20:29
自己试过导入注册表劫持微点的进程，呵被挡住了，看来微点对自身的防护还不错

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn