Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
77.77.77.77
www.527gm.com77.77.77.77 527gm.com
77.77.77.77
www.53741.com77.77.77.77 53741.com
77.77.77.77
www.53771.com77.77.77.77 53771.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1824, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1460, D:\PROGRAM FILES\SHUTTER\SHUTTER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1180, D:\PROGRAM FILES\MAXTHON1.6.3.80-PSGL\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3500, D:\PROGRAM FILES\BITSPIRIT209-PSGL\BITSPIRIT.EXE]
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================****
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)