据称过了微点

蓝色牛仔裤

我的实机操作也是这样。。。

zzh161

pcc

jlennon

原帖由 solcroft 于 2007-5-30 12:29 发表
运行后自行退出？
等jlennon来看看

我来也

jlennon

Processes:
PID ParentPID User Path
--------------------------------------------------
1448 228 MSEOSJD88JED:Administrator C:\Documents and Settings\Administrator\桌面\avp\avp.exe
Ports:
Port PID Type Path
--------------------------------------------------
Explorer Dlls:
DLL Path Company Name File Description
--------------------------------------------------
No changes Found   
IE Dlls:
DLL Path Company Name File Description
--------------------------------------------------
No changes Found   
Loaded Drivers:
Driver File Company Name Description
--------------------------------------------------
Monitored RegKeys
Registry Key Value
--------------------------------------------------
Kernel31 Api Log

--------------------------------------------------
***** Installing Hooks *****
71a270df     RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\WinSock2\Parameters)
71a27cc4     RegOpenKeyExA (Protocol_Catalog9)
71a2737e     RegOpenKeyExA (0000010C)
71a2724d     RegOpenKeyExA (Catalog_Entries)
71a278ea     RegOpenKeyExA (000000000001)
71a278ea     RegOpenKeyExA (000000000002)
71a278ea     RegOpenKeyExA (000000000003)
71a278ea     RegOpenKeyExA (000000000004)
71a278ea     RegOpenKeyExA (000000000005)
71a278ea     RegOpenKeyExA (000000000006)
71a278ea     RegOpenKeyExA (000000000007)
71a278ea     RegOpenKeyExA (000000000008)
71a278ea     RegOpenKeyExA (000000000009)
71a278ea     RegOpenKeyExA (000000000010)
71a278ea     RegOpenKeyExA (000000000011)
71a278ea     RegOpenKeyExA (000000000012)
71a278ea     RegOpenKeyExA (000000000013)
71a22623     WaitForSingleObject(7a0,0)
71a283c6     RegOpenKeyExA (NameSpace_Catalog5)
71a2737e     RegOpenKeyExA (00000004)
71a27f5b     RegOpenKeyExA (Catalog_Entries)
71a280ef     RegOpenKeyExA (000000000001)
71a280ef     RegOpenKeyExA (000000000002)
71a280ef     RegOpenKeyExA (000000000003)
71a22623     WaitForSingleObject(798,0)
71a11afa     RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters)
71a11996     GlobalAlloc()
7c80b689     ExitThread()
411f21     LoadLibraryA(KERNEL32.DLL)=7c800000
411f21     LoadLibraryA(ADVAPI32.dll)=77da0000
411f21     LoadLibraryA(USER32.dll)=77d10000
157ff0     LoadLibraryA(KERNEL32.DLL)=7c800000
157ff0     LoadLibraryA(ADVAPI32.dll)=77da0000
157ff0     LoadLibraryA(USER32.dll)=77d10000
15194e     CreateFileA(C:\windows\explorer.exe)
1518e6     GetVersionExA()
77db5f5e     WaitForSingleObject(7e8,2bf20)
77e7fb8e     RegOpenKeyExA (HKLM\Software\Microsoft\Rpc)
4105a4     LoadLibraryA(kernel32.dll)=7c800000
4105a4     LoadLibraryA(user32.dll)=77d10000
4105a4     LoadLibraryA(advapi32.dll)=77da0000
4105a4     LoadLibraryA(oleaut32.dll)=770f0000
71a4108d     GetCurrentProcessId()=1448
4105a4     LoadLibraryA(wsock32.dll)=71a40000
4105a4     LoadLibraryA(ws2_32.dll)=71a20000
4044fc     GetCommandLineA()
77dbbd59     RegOpenKeyExA (HKLM\System\CurrentControlSet\Control\ServiceCurrent)
403693     ExitProcess()
***** Injected Process Terminated *****
DirwatchData

--------------------------------------------------
WatchDir Initilized OK
Watching C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Watching C:\windows
Watching C:\Program Files
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET8FBF.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET8.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET8.tmp
Modifed: C:\windows\Debug\UserMode\userenv.log
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET8FBF.tmp
Modifed: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFC199.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFC199.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD08C.tmp
Modifed: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD08C.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD08C.tmp
Modifed: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF8207.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF8207.tmp

jlennon

野马

谁有旧版的微点试一下？

solcroft

加载一大把dll，创建一批tmp便没举动了

野马

用了个3月份的微点，运行了一下，确实如楼上所言！