求大神帮迅雷看看播放进程崩溃我的hook有什么写错了,导致游戏崩溃

点击联系发帖人 时间:2017-05-24 23:30
美图看看总是崩溃
请完成以下验证码
查看: 2277|回复: 2
API HOOK 入口点错误,请高手帮助看下
tongbai 该用户已被删除
System Repair Engineer 2.8.2.1321
Smallfrogs ()
Windows 7&&(Build 7600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &Sidebar&&C:\Program Files\Windows Sidebar\sidebar.exe /autoRun&&&[(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &MSSE&&&c:\Program Files\Microsoft Security Essentials\msseces.exe& -hide -runkey&&&[(Verified)Microsoft Corporation]
& & &AdobeAAMUpdater-1.0&&&C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe&&&&[(Verified)Adobe Systems Incorporated]
& & &AdobeCS5ServiceManager&&&C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe& -launchedbylogin&&&[(Verified)Adobe Systems Incorporated]
& & &SwitchBoard&&C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe&&&[Adobe Systems Incorporated]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&explorer.exe&&&[(Verified)Microsoft Windows]
& & &Userinit&&C:\Windows\system32\userinit.exe,&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &WebCheck&&&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&%SystemRoot%\system32\unregmp2.exe /ShowWMP&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&C:\Windows\System32\ie4uinit.exe -UserIconConfig&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}]
& & &Browser Customizations&&&C:\Windows\System32\rundll32.exe& &C:\Windows\System32\iedkcs32.dll&,BrandIEActiveSetup SIGNUP&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Windows&&&%ProgramFiles%\Windows Mail\WinMail.exe& OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows Desktop Update&&regsvr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Web Platform Customizations&&C:\Windows\System32\ie4uinit.exe -BaseSettings&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018--5476DBF70820}]
& & &N/A&&C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install&&&[(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[AMD External Events Utility / AMD External Events Utility][Running/Auto Start]
&&&C:\Windows\system32\atiesrxx.exe&&AMD&
[SwitchBoard / SwitchBoard][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe&&&Adobe Systems Incorporated&
==================================
驱动程序
[adp94xx / adp94xx][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\adp94xx.sys&&Adaptec, Inc.&
[adpahci / adpahci][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\adpahci.sys&&Adaptec, Inc.&
[adpu320 / adpu320][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\adpu320.sys&&Adaptec, Inc.&
[aic78xx / aic78xx][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\djsvs.sys&&Adaptec, Inc.&
[aliide / aliide][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\aliide.sys&&Acer Laboratories Inc.&
[amdkmdag / amdkmdag][Running/Manual Start]
&&&system32\DRIVERS\atipmdag.sys&&ATI Technologies Inc.&
[amdkmdap / amdkmdap][Running/Manual Start]
&&&system32\DRIVERS\atikmpag.sys&&Advanced Micro Devices, Inc.&
[amdsata / amdsata][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\amdsata.sys&&Advanced Micro Devices&
[amdsbs / amdsbs][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\amdsbs.sys&&AMD Technologies Inc.&
[amdxata / amdxata][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\amdxata.sys&&Advanced Micro Devices&
[arc / arc][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\arc.sys&&Adaptec, Inc.&
[arcsas / arcsas][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\arcsas.sys&&Adaptec, Inc.&
[atikmdag / atikmdag][Stopped/Manual Start]
&&&system32\DRIVERS\atikmdag.sys&&ATI Technologies Inc.&
[Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\bxvbdx.sys&&Broadcom Corporation&
[Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Stopped/Manual Start]
&&&system32\DRIVERS\b57nd60x.sys&&Broadcom Corporation&
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\BrFiltLo.sys&&Brother Industries, Ltd.&
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\BrFiltUp.sys&&Brother Industries, Ltd.&
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\Brserid.sys&&Brother Industries Ltd.&
[Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\BrSerWdm.sys&&Brother Industries Ltd.&
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\BrUsbMdm.sys&&Brother Industries Ltd.&
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\BrUsbSer.sys&&Brother Industries Ltd.&
[cmdide / cmdide][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\cmdide.sys&&CMD Technology, Inc.&
[Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express][Running/Manual Start]
&&&system32\DRIVERS\e1e6032.sys&&Intel Corporation&
[Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\evbdx.sys&&Broadcom Corporation&
[elxstor / elxstor][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\elxstor.sys&&Emulex&
[Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
&&&\SystemRoot\system32\drivers\hcw85cir.sys&&Hauppauge Computer Works, Inc.&
[HpSAMD / HpSAMD][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\HpSAMD.sys&&Hewlett-Packard Company&
[iaStorV / iaStorV][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\iaStorV.sys&&Intel Corporation&
[iirsp / iirsp][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\iirsp.sys&&Intel Corp./ICP vortex GmbH&
[LSI_FC / LSI_FC][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\lsi_fc.sys&&LSI Corporation&
[LSI_SAS / LSI_SAS][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\lsi_sas.sys&&LSI Corporation&
[LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\lsi_sas2.sys&&LSI Corporation&
[LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\lsi_scsi.sys&&LSI Corporation&
[megasas / megasas][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\megasas.sys&&LSI Corporation&
[MegaSR / MegaSR][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\MegaSR.sys&&LSI Corporation, Inc.&
[nfrd960 / nfrd960][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\nfrd960.sys&&IBM Corporation&
[nvraid / nvraid][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\nvraid.sys&&NVIDIA Corporation&
[nvstor / nvstor][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\nvstor.sys&&NVIDIA Corporation&
[ql2300 / ql2300][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\ql2300.sys&&QLogic Corporation&
[ql40xx / ql40xx][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\ql40xx.sys&&QLogic Corporation&
[SiSRaid2 / SiSRaid2][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\SiSRaid2.sys&&Silicon Integrated Systems Corp.&
[SiSRaid4 / SiSRaid4][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\sisraid4.sys&&Silicon Integrated Systems&
[stexstor / stexstor][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\stexstor.sys&&Promise Technology&
[viaide / viaide][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\viaide.sys&&VIA Technologies, Inc.&
[vsmraid / vsmraid][Stopped/Manual Start]
&&&\SystemRoot\system32\DRIVERS\vsmraid.sys&&VIA Technologies Inc.,Ltd&
==================================
浏览器加载项
[IE2EMBHO Class]
&&{0A0DDBD3--873F-BBDD26D6C14E} &C:\Program Files\easyMule\modules\IE2EM.dll, (Signed) &
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\Windows\system32\Macromed\Flash\Flash10g.ocx, (Signed) Adobe Systems, Inc.&
[IE2EMBHO Class]
&&{0A0DDBD3--873F-BBDD26D6C14E} &C:\Program Files\easyMule\modules\IE2EM.dll, (Signed) &
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &C:\Windows\System32\mshtml.dll, (Signed) Microsoft Corporation&
[XML DOM Document]
&&{B36-11D2-B20E-00C04F983E60} &%SystemRoot%\System32\msxml3.dll, (Signed) N/A&
[QQPYChecker Class]
&&{-9DF7-45ef-88EF-F42C0EA33A43} &C:\Program Files\Tencent\QQWubi\1.0.180.201\QQImeChecker.dll, (Signed) Tencent&
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &%SystemRoot%\system32\wmp.dll, (Signed) N/A&
[XML DOM Document 6.0]
&&{88D96A05-F192-11D4-A65F-E5} &%SystemRoot%\System32\msxml6.dll, (Signed) N/A&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\Windows\system32\Macromed\Flash\Flash10g.ocx, (Signed) Adobe Systems, Inc.&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\System32\msxml3.dll, (Signed) N/A&
==================================
正在运行的进程
[PID: 272 / SYSTEM][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 368 / SYSTEM][C:\Windows\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 440 / SYSTEM][C:\Windows\system32\wininit.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 448 / SYSTEM][C:\Windows\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 488 / SYSTEM][C:\Windows\system32\services.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 504 / SYSTEM][C:\Windows\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 512 / SYSTEM][C:\Windows\system32\lsm.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 644 / SYSTEM][C:\Windows\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 672 / SYSTEM][C:\Windows\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 752 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 812 / SYSTEM][c:\Program Files\Microsoft Security Essentials\MsMpEng.exe]&&[Microsoft Corporation, 2.1.6519.0]
[PID: 884 / SYSTEM][C:\Windows\system32\atiesrxx.exe]&&[AMD, 6.14.11.1051]
[PID: 948 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1004 / SYSTEM][C:\Windows\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1064 / SYSTEM][C:\Windows\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1204 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1300 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1404 / SYSTEM][C:\Windows\system32\atieclxx.exe]&&[AMD, 6.14.11.1051]
& & [C:\Windows\system32\atiadlxx.dll]&&[Advanced Micro Devices, Inc., 6.14.10.1054]
[PID: 1484 / SYSTEM][C:\Windows\System32\spoolsv.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1524 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1872 / Liuyu][C:\Windows\system32\taskhost.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 1916 / Liuyu][C:\Windows\system32\Dwm.exe]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
& & [C:\Windows\system32\atiuxpag.dll]&&[Advanced Micro Devices, Inc. , 8.14.01.6099]
& & [C:\Windows\system32\aticfx32.dll]&&[ATI Technologies Inc. , 8.17.10.0016]
& & [C:\Windows\system32\atidxx32.dll]&&[ATI Technologies Inc. , 8.17.10.0261]
[PID: 384 / Liuyu][C:\Windows\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.1. (win7_rtm.5)]
& & [C:\Windows\system32\FXSAPI.dll]&&[Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 836 / Liuyu][C:\Windows\System32\rundll32.exe]&&[Microsoft Corporation, 6.1. (win7_rtm.5)]
[PID: 2116 / Liuyu][C:\Program Files\Microsoft Security Essentials\msseces.exe]&&[Microsoft Corporation, 1.0.1961.0]
[PID: 2216 / Liuyu][C:\Program Files\Windows Sidebar\sidebar.exe]&&[Microsoft Corporation, 6.1. (win7_rtm.5)]
& & [C:\Windows\system32\atiu9pag.dll]&&[Advanced Micro Devices, Inc. , 8.14.01.6099]
& & [C:\Windows\system32\atiumdag.dll]&&[ATI Technologies Inc. , 8.14.10.0735]
& & [C:\Windows\system32\atiumdva.dll]&&[Advanced Micro Devices, Inc. , 8.14.10.0250]
[PID: 2480 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]&&[(Verified) Microsoft Corporation, 7.00. (win7_rtm.5)]
[PID: 3688 / Liuyu][D:\Program Files\sreng2\SREngLdr.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
[PID: 1364 / Liuyu][D:\Program Files\sreng2\SREbdc1cbb3.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
& & [D:\Program Files\sreng2\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&%SystemRoot%\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS&&OK. [&%SystemRoot%\System32\WScript.exe& &%1& %*]
.JS& &Error. [C:\Windows\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1
127.0.0.1 activate.
127.0.0.1
127.0.0.1 3dns-
127.0.0.1 3dns-
127.0.0.1 adobe-
127.0.0.1 adobe-dns-
127.0.0.1 adobe-dns-
127.0.0.1 ereg.
127.0.0.1 activate-
127.0.0.1 wwis-dubc1-
127.0.0.1 activate-
==================================
进程特权扫描
N/A
==================================
计划任务
[已启用] \\AdobeAAMUpdater-1.0-Liuyu-PC-Liuyu
& && &&&C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
& && &&&N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
& && &&&N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
& && &&&%windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
& && &&&%windir%\system32\appidcertstorecheck.exe
[已启用] \Microsoft\Windows\Application Experience\AitAgent
& && &&&aitagent
[已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
& && &&&%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已启用] \Microsoft\Windows\Autochk\Proxy
& && &&&%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
& && &&&BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
& && &&&N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
& && &&&N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
& && &&&N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
& && &&&%SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
& && &&&%windir%\system32\defrag.exe -c
[已启用] \Microsoft\Windows\Location\Notifications
& && &&&%windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
& && &&&N/A
[已启用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已启用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已启用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ehDRMInit
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已启用] \Microsoft\Windows\Media Center\InstallPlayReady
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已启用] \Microsoft\Windows\Media Center\mcupdate
& && &&&%SystemRoot%\ehome\mcupdate $(Arg0)
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\OCURActivate
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已启用] \Microsoft\Windows\Media Center\OCURDiscovery
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已启用] \Microsoft\Windows\Media Center\PBDADiscovery
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
& && &&&%windir%\ehome\MCUpdate.exe -pscn 0
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
& && &&&%SystemRoot%\ehome\ehrec /RestartRecording
[已启用] \Microsoft\Windows\Media Center\RegisterSearch
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ReindexSearchRoot
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
& && &&&%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
& && &&&%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
& && &&&N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
& && &&&%windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
& && &&&N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
& && &&&%windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
& && &&&N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
& && &&&N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
& && &&&%SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
& && &&&N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
& && &&&N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
& && &&&N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
& && &&&N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
& && &&&N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
& && &&&%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
& && &&&%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
& && &&&%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
& && &&&%windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
& && &&&sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
& && &&&N/A
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
& && &&&%windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
& && &&&&%ProgramFiles%\Windows Media Player\wmpnscfg.exe&
[已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
& && &&&%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
& && &&&N/A
==================================
Windows 安全更新检查
KB979202,&&Microsoft Silverlight (KB979202)
KB979202,&&Windows Live 软件包
KB976422,&&Windows 7 更新程序 (KB976422)
KB972696,&&Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.81.1841.0)
==================================
API HOOK
入口点错误:RegEnumKeyExA (危险等级: 高,&&被下面模块所HOOK: 0x58FF1408)
入口点错误:RegCreateKeyExA (危险等级: 高,&&被下面模块所HOOK: 0x58FF13F0)
==================================
隐藏进程
N/A
==================================
能看懂的兄弟们帮忙看下有什么问题吗,谢谢。
日志没问题的。API应该是杀软劫持的。
tongbai 该用户已被删除
谢谢楼上的兄弟
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.3( 苏ICP备号 ) GMT+8,}

我要回帖

更多关于 美图看看总是崩溃 的文章

更多推荐

版权声明:文章内容来源于网络,版权归原作者所有,如有侵权请点击这里与我们联系,我们将及时删除。

点击添加站长微信