文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 212, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 240, C:\PROGRAM FILES\SAMSUNG\SMARTHRU\PORTCTRL.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 248, C:\WINDOWS\VM303_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 248, C:\WINDOWS\VM303_STI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 256, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 256, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 392, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2464, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2464, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE]
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x012D212D)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x012D2215)
==================================
隐藏进程
N/A
==================================
[/CODE]
