微点交流论坛 - 微点主动防御软件 - 帖出一部分劫持其他杀毒软件的信息，看完像是没有微点的进程

微点交流论坛 » 微点主动防御软件 » 帖出一部分劫持其他杀毒软件的信息，看完像是没有微点的进程

lmnn
新手上路

积分 4
发帖 4
注册 2008-1-16

#1 帖出一部分劫持其他杀毒软件的信息，看完像是没有微点的进程

创建时间键名称原数据新数据创建者
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LUCOMSERVER.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LUALL.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LOOKOUT.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LOCKDOWN2000.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAMAPP.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVPRESCAN.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:41 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KRF.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPPMAIN.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFWSVC.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFW32.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFW32.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAV32.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASMAIN.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-12-07 04:17:40 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KABACKREPORT.EXE\ DEBUGGER SVCHOST.EXE SVCHOST.EXE

※ ※ ※ 本文纯属【lmnn】个人意见，与【微点交流论坛】立场无关※ ※ ※

2008-12-10 20:21

lmnn
新手上路

积分 4
发帖 4
注册 2008-1-16

#2

自己试过导入注册表劫持微点的进程，呵被挡住了，看来微点对自身的防护还不错

※ ※ ※ 本文纯属【lmnn】个人意见，与【微点交流论坛】立场无关※ ※ ※

2008-12-10 20:29

论坛跳转:

可打印版本 | 推荐 | 订阅 | 收藏

[ 联系我们 - 东方微点 ] 北京东方微点信息技术有限责任公司福建东方微点信息安全有限责任公司闽ICP备05030815号