发表于: 2008-03-18 14:44 | 显示全部 短消息 资料
字号: 11楼

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=ebvldhc.exe
shell\open=打开(&O)
shell\open\Command=ebvldhc.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ebvldhc.exe
[K:\]
[AutoRun]
open=ebvldhc.exe
shell\open=打开(&O)
shell\open\Command=ebvldhc.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ebvldhc.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1996, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\OPROTSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 204, C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 244, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\IFRMEWRK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EOUWIZ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 648, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2288, C:\PROGRAM FILES\COMMON FILES\SYSTEM\LFKXAOR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2304, C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SALBHFD.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]