标题: “梆当”一声响 [打印本页]

---

作者: 大狗狗     时间: 2007-7-10 19:37    标题: “梆当”一声响

这几天都经常出现的问题。。

点“升级”。。过了一会儿。。“梆当”一声响。。弹出个窗口。。说MP**.exe应用程序内存不能为read。。让我取消或者确定。。

然后MP就一直处于“准备升级”状态。。把鼠标放在任务栏MP的图标上就是显示“准备升级”。。并且“升级”键变灰。。不可点。。

操作系统：XP
预升级版本
版本号：1.2.10570.0156
病毒库：1.6.375.070706

要我传MP6还是别的什么就说吧。。

---

作者: 大狗狗     时间: 2007-7-10 19:38
转了一圈。。发现我的问题和这位朋友的问题完全一样。。

http://bbs.micropoint.com.cn/showthread.asp?tid=13093&fpage=1

---

作者: 大狗狗     时间: 2007-7-10 19:45
这是我的drwtsn32.log里的信息。。就懒的用邮箱发了吧。。



Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.



发生应用程序意外错误:
        应用程序: C:\WINDOWS\explorer.exe (pid=1876)
        时间: 2007-7-2 @ 12:47:31.861
        意外情况编号: c0000005 (访问侵犯)

*----> 系统信息 <----*
        计算机名: 大狗狗
        用户名: Richard
        终端会话 Id: 0
        处理器数量: 2
        处理器类型: x86 Family 15 Model 4 Stepping 4
        Windows 版本: 5.1
        当前内部版本号: 2600
        Service Pack: 2
        当前类型: Multiprocessor Free
        注册的单位:
        注册的所有者: USER

*----> 任务列表 <----*
   0 System Process
   4 System
684 smss.exe
736 csrss.exe
764 winlogon.exe
808 services.exe
820 lsass.exe
992 Ati2evxx.exe
1012 svchost.exe
1072 Error 0xD0000005
1108 Error 0xD0000005
1236 Error 0xD0000005
1260 svchost.exe
1568 svchost.exe
1628 svchost.exe
1836 spoolsv.exe
420 Error 0xD0000005
720 svchost.exe
1312 VM303_STI.EXE
1940 ctfmon.exe
1924 svchost.exe
1456 alg.exe
3136 TIMPlatform.exe
2760 Maxthon.exe
288 AcroRd32.exe
2412 QQ.exe
1876 explorer.exe
792 drwtsn32.exe

*----> 模块清单 <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000000d00000 - 0000000000d0f000: C:\WINDOWS\system32\browselc.dll
(0000000001000000 - 00000000010f1000: C:\WINDOWS\explorer.exe
(0000000001550000 - 000000000157b000: F:\Program Files\WinRAR\rarext.dll
(00000000015b0000 - 00000000015c9000: F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
(00000000027d0000 - 00000000027f2000: F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
(0000000002e60000 - 0000000002e77000: C:\WINDOWS\system32\odbcint.dll
(00000000034b0000 - 0000000003594000: F:\Program Files\StormII\Codec\VSFilter.dll
(00000000035b0000 - 00000000035db000: F:\Program Files\StormII\Codec\TTL2Dec.dll
(00000000035e0000 - 000000000361f000: F:\Program Files\StormII\Codec\PmpSplt.ax
(0000000003630000 - 0000000003685000: F:\Program Files\StormII\Codec\MpaSplitter.ax
(00000000036b0000 - 0000000003708000: F:\Program Files\StormII\Codec\RadGtSplitter.ax
(0000000003720000 - 0000000003781000: F:\Program Files\StormII\Codec\AviSplitter.ax
(0000000003900000 - 000000000391e000: F:\Program Files\StormII\Codec\Vid1Dec.dll
(0000000003920000 - 0000000003933000: F:\Program Files\StormII\Codec\xvid.ax
(0000000003940000 - 0000000003997000: C:\WINDOWS\system32\LCodcCMP.dll
(0000000003ec0000 - 0000000003ec5000: C:\WINDOWS\system32\ff_vfw.dll
(0000000004010000 - 000000000413f000: F:\Program Files\StormII\Codec\xvidcore.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 000000001001c000: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll
(0000000014070000 - 000000001408b000: C:\WINDOWS\system32\wmpshell.dll
(0000000014c00000 - 0000000014c4d000: C:\WINDOWS\system32\icmw_32.dll
(0000000015000000 - 0000000015019000: C:\Program Files\AntiVirus\Micropoint\mp110031.dll
(0000000020000000 - 0000000020549000: C:\WINDOWS\system32\xpsp2res.dll
(0000000022250000 - 000000002225c000: F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll
(0000000022280000 - 0000000022289000: F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll
(0000000030bf0000 - 0000000030e79000: C:\WINDOWS\system32\ffdshow.ax
(00000000325c0000 - 00000000325d2000: F:\Program Files\Microsoft Office\OFFICE11\msohev.dll
(0000000041d50000 - 0000000041d95000: C:\WINDOWS\system32\iertutil.dll
(0000000041fd0000 - 000000004209f000: C:\WINDOWS\system32\WININET.dll
(00000000420b0000 - 00000000421d4000: C:\WINDOWS\system32\urlmon.dll
(0000000042200000 - 000000004223c000: C:\WINDOWS\system32\webcheck.dll
(00000000422b0000 - 000000004287b000: C:\WINDOWS\system32\ieframe.dll
(000000004ae90000 - 000000004b033000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(0000000058fb0000 - 000000005917a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(000000005a540000 - 000000005a5d0000: C:\WINDOWS\system32\wiashext.dll
(000000005adc0000 - 000000005adf7000: C:\WINDOWS\system32\UxTheme.dll
(000000005b680000 - 000000005b6ee000: C:\WINDOWS\system32\themeui.dll
(000000005cb90000 - 000000005cbb6000: C:\WINDOWS\system32\shmedia.dll
(000000005cc30000 - 000000005cc56000: C:\WINDOWS\system32\ShimEng.dll
(000000005d170000 - 000000005d20a000: C:\WINDOWS\system32\comctl32.dll
(000000005fdd0000 - 000000005fe24000: C:\WINDOWS\system32\NETAPI32.dll
(000000005fe40000 - 000000005fe71000: C:\WINDOWS\system32\msutb.dll
(0000000060a80000 - 0000000060b72000: G:\Tencent\QQ\MFC42.DLL
(0000000060e00000 - 0000000060e1b000: G:\Tencent\QQ\qdshm.dll
(0000000061be0000 - 0000000061bed000: C:\WINDOWS\system32\MFC42LOC.DLL
(0000000062c20000 - 0000000062c29000: C:\WINDOWS\system32\LPK.DLL
(0000000069a20000 - 0000000069aac000: C:\WINDOWS\system32\qedit.dll
(000000006c520000 - 000000006c56d000: C:\WINDOWS\system32\DUSER.dll
(0000000071a10000 - 0000000071a18000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071a20000 - 0000000071a37000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a90000 - 0000000071aa2000: C:\WINDOWS\system32\MPR.dll
(0000000071b70000 - 0000000071b83000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071b90000 - 0000000071b9e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c00000 - 0000000071c07000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c10000 - 0000000071c50000: C:\WINDOWS\System32\NETUI1.dll
(0000000071c50000 - 0000000071c65000: C:\WINDOWS\System32\NETUI0.dll
(0000000071cc0000 - 0000000071cdc000: C:\WINDOWS\system32\actxprxy.dll
(0000000072210000 - 0000000072238000: C:\WINDOWS\system32\DINPUT.dll
(0000000072f70000 - 0000000072f96000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073540000 - 000000007357d000: C:\WINDOWS\system32\ODBC32.dll
(0000000073640000 - 000000007366e000: C:\WINDOWS\system32\msctfime.ime
(0000000073ac0000 - 0000000073ad7000: C:\WINDOWS\system32\AVIFIL32.dll
(0000000073b10000 - 0000000073b23000: C:\WINDOWS\system32\sti.dll
(0000000073b40000 - 0000000073b60000: C:\WINDOWS\system32\MSVFW32.dll
(0000000073fa0000 - 000000007400b000: C:\WINDOWS\system32\USP10.dll
(0000000074680000 - 00000000746cb000: C:\WINDOWS\system32\MSCTF.dll
(0000000074770000 - 000000007490a000: C:\WINDOWS\system32\NETSHELL.dll
(0000000074a30000 - 0000000074a38000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074a40000 - 0000000074a47000: C:\WINDOWS\system32\CFGMGR32.dll
(0000000074a50000 - 0000000074a5a000: C:\WINDOWS\system32\BatMeter.dll
(0000000074a60000 - 0000000074a80000: C:\WINDOWS\system32\stobject.dll
(0000000074cf0000 - 0000000074d81000: C:\WINDOWS\system32\MLANG.dll
(0000000075430000 - 00000000754a1000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000758d0000 - 00000000759c0000: C:\WINDOWS\system32\MSGINA.dll
(00000000759d0000 - 0000000075a7e000: C:\WINDOWS\system32\USERENV.dll
(0000000075af0000 - 0000000075b01000: C:\WINDOWS\system32\devenum.dll
(0000000075ed0000 - 0000000075ed7000: C:\WINDOWS\System32\drprov.dll
(0000000075ee0000 - 0000000075ee9000: C:\WINDOWS\System32\davclnt.dll
(0000000075ef0000 - 0000000075fed000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000075ff0000 - 0000000076055000: C:\WINDOWS\system32\MSVCP60.dll
(0000000076060000 - 00000000761b6000: C:\WINDOWS\system32\SETUPAPI.dll
(00000000762d0000 - 00000000762e0000: C:\WINDOWS\system32\WINSTA.dll
(00000000762f0000 - 00000000762f5000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076300000 - 000000007631d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076320000 - 0000000076367000: C:\WINDOWS\system32\comdlg32.dll
(0000000076570000 - 000000007658c000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076590000 - 00000000765de000: C:\WINDOWS\System32\cscui.dll
(00000000765e0000 - 0000000076672000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076950000 - 0000000076958000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076960000 - 0000000076984000: C:\WINDOWS\system32\ntshrui.dll
(0000000076990000 - 0000000076acd000: C:\WINDOWS\system32\ole32.dll
(0000000076af0000 - 0000000076b01000: C:\WINDOWS\system32\ATL.DLL
(0000000076b10000 - 0000000076b3a000: C:\WINDOWS\system32\WINMM.dll
(0000000076bc0000 - 0000000076bcb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076bd0000 - 0000000076bfd000: C:\WINDOWS\system32\credui.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c60000 - 0000000076c88000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d30000 - 0000000076d48000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076d70000 - 0000000076d92000: C:\WINDOWS\system32\appHelp.dll
(0000000076db0000 - 0000000076dc2000: C:\WINDOWS\system32\MSASN1.dll
(0000000076e50000 - 0000000076e5e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f20000 - 0000000076f28000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f30000 - 0000000076f5c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fa0000 - 000000007701f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077020000 - 00000000770ba000: C:\WINDOWS\system32\COMRes.dll
(00000000770f0000 - 000000007717c000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077180000 - 0000000077283000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll

---

作者: 大狗狗     时间: 2007-7-10 19:46
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d10000 - 0000000077d9f000: C:\WINDOWS\system32\USER32.dll
(0000000077da0000 - 0000000077e49000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee1000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f37000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c91d000: C:\WINDOWS\system32\kernel32.dll
(000000007c920000 - 000000007c9b4000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007cc7e000: C:\WINDOWS\system32\msi.dll
(000000007cf70000 - 000000007d0d7000: C:\WINDOWS\system32\quartz.dll
(000000007d590000 - 000000007dd82000: C:\WINDOWS\system32\SHELL32.dll
(000000007e550000 - 000000007e6c1000: C:\WINDOWS\system32\SHDOCVW.dll

*----> 线程 ID 0xeb0 的状态转储 <----*

eax=00000000 ebx=00000003 ecx=7ffdf000 edx=7c92eb94 esi=00111af8 edi=00000000
eip=7c92eb94 esp=0007fef0 ebp=0007ff08 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
函数: ntdll!KiFastSystemCallRet
        7c92eb89 90               nop
        7c92eb8a 90               nop
        ntdll!KiFastSystemCall:
        7c92eb8b 8bd4             mov     edx,esp
        7c92eb8d 0f34             sysenter
        7c92eb8f 90               nop
        7c92eb90 90               nop
        7c92eb91 90               nop
        7c92eb92 90               nop
        7c92eb93 90               nop
        ntdll!KiFastSystemCallRet:
        7c92eb94 c3               ret
        7c92eb95 8da42400000000   lea     esp,[esp]
        7c92eb9c 8d642400         lea     esp,[esp]
        7c92eba0 90               nop
        7c92eba1 90               nop
        7c92eba2 90               nop
        7c92eba3 90               nop
        7c92eba4 90               nop
        ntdll!KiIntSystemCall:
        7c92eba5 8d542408         lea     edx,[esp+0x8]
        7c92eba9 cd2e             int     2e

*----> 堆栈反向跟踪 <---*
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr  Args to Child              
0007ff08 7d5dbe9c 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 00111af8 7ffdd000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 0002064a explorer+0x16e95
0007ffc0 7c816fd7 0007f730 0006e890 7ffdd000 explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> 原始堆栈转储 <----*
000000000007fef0  18 94 d1 77 02 3c 5f 7d - 9c 92 80 7c f8 1a 11 00  ...w.<_}...|....
000000000007ff00  f8 1a 11 00 14 ff 07 00 - 14 ff 07 00 9c be 5d 7d  ..............]}
000000000007ff10  00 00 00 00 5c ff 07 00 - 95 6e 01 01 f8 1a 11 00  ....\....n......
000000000007ff20  00 d0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00  ............$...
000000000007ff30  50 ff 07 00 e0 ff 07 00 - 27 e0 92 7c 65 ac 80 7c  P.......'..|e..|
000000000007ff40  ff ff ff ff 0c 00 00 00 - 00 00 00 00 53 80 1c 00  ............S...
000000000007ff50  d0 00 00 00 01 00 00 00 - f8 1a 11 00 c0 ff 07 00  ................
000000000007ff60  b6 e2 01 01 00 00 00 00 - 00 00 00 00 4a 06 02 00  ............J...
000000000007ff70  05 00 00 00 30 f7 07 00 - 90 e8 06 00 44 00 00 00  ....0.......D...
000000000007ff80  9c 06 02 00 7c 06 02 00 - 4c 06 02 00 00 00 00 00  ....|...L.......
000000000007ff90  00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00  ................
000000000007ffa0  00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00  ....:...........
000000000007ffb0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
000000000007ffc0  f0 ff 07 00 d7 6f 81 7c - 30 f7 07 00 90 e8 06 00  .....o.|0.......
000000000007ffd0  00 d0 fd 7f 00 00 00 00 - c8 ff 07 00 c0 b4 84 84  ................
000000000007ffe0  ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00  .......|.o.|....
000000000007fff0  00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00  ........N.......
0000000000080000  41 63 74 78 20 00 00 00 - 01 00 00 00 b8 24 00 00  Actx ........$..
0000000000080010  c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00  ........ .......
0000000000080020  14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00  ............4...

*----> 线程 ID 0x3a4 的状态转储 <----*

eax=00000001 ebx=008dfed0 ecx=7c809512 edx=7c92eb94 esi=00000000 edi=7ffdd000
eip=7c92eb94 esp=008dfea8 ebp=008dff44 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

函数: ntdll!KiFastSystemCallRet
        7c92eb89 90               nop
        7c92eb8a 90               nop
        ntdll!KiFastSystemCall:
        7c92eb8b 8bd4             mov     edx,esp
        7c92eb8d 0f34             sysenter
        7c92eb8f 90               nop
        7c92eb90 90               nop
        7c92eb91 90               nop
        7c92eb92 90               nop
        7c92eb93 90               nop
        ntdll!KiFastSystemCallRet:
        7c92eb94 c3               ret
        7c92eb95 8da42400000000   lea     esp,[esp]
        7c92eb9c 8d642400         lea     esp,[esp]
        7c92eba0 90               nop
        7c92eba1 90               nop
        7c92eba2 90               nop
        7c92eba3 90               nop
        7c92eba4 90               nop
        ntdll!KiIntSystemCall:
        7c92eba5 8d542408         lea     edx,[esp+0x8]
        7c92eba9 cd2e             int     2e

*----> 堆栈反向跟踪 <---*
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr  Args to Child              
008dff44 77dc9b26 00000002 008dff6c 00000000 ntdll!KiFastSystemCallRet
008dffb4 7c80b683 00000000 7c9340bb 00000000 ADVAPI32!RegDeleteKeyW+0x2a2
008dffec 00000000 77dc9981 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> 原始堆栈转储 <----*
00000000008dfea8  ab e9 92 7c e2 94 80 7c - 02 00 00 00 d0 fe 8d 00  ...|...|........
00000000008dfeb8  01 00 00 00 01 00 00 00 - 04 ff 8d 00 e0 2e a4 00  ................
00000000008dfec8  40 65 e1 77 00 10 00 00 - 70 00 00 00 7c 00 00 00  @e.w....p...|...
00000000008dfed8  c0 fe 8d 00 c4 08 00 00 - dc ff 8d 00 a8 9a 83 7c  ...............|
00000000008dfee8  b0 0a 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00  ...|............
00000000008dfef8  c8 c6 09 00 00 00 00 00 - 00 00 00 00 00 a2 2f 4d  ............../M
00000000008dff08  ff ff ff ff 00 10 00 00 - 00 d0 fd 7f 00 e0 fd 7f  ................
00000000008dff18  dc ff 8d 00 04 ff 8d 00 - d0 fe 8d 00 06 00 00 00  ................
00000000008dff28  02 00 00 00 c4 fe 8d 00 - 06 00 00 00 dc ff 8d 00  ................
00000000008dff38  a8 9a 83 7c d8 95 80 7c - 00 00 00 00 b4 ff 8d 00  ...|...|........
00000000008dff48  26 9b dc 77 02 00 00 00 - 6c ff 8d 00 00 00 00 00  &..w....l.......
00000000008dff58  e0 93 04 00 01 00 00 00 - bb 40 93 7c 00 00 00 00  .........@.|....
00000000008dff68  00 00 00 00 70 00 00 00 - 7c 00 00 00 00 10 00 00  ....p...|.......
00000000008dff78  e0 2e a4 00 00 00 00 00 - 00 10 00 00 e8 3e a4 00  .............>..
00000000008dff88  a0 66 e1 77 58 00 00 00 - 80 66 e1 77 00 10 00 00  .f.wX....f.w....
00000000008dff98  00 00 00 00 a0 66 e1 77 - e0 2e a4 00 80 66 e1 77  .....f.w.....f.w
00000000008dffa8  e5 03 00 00 00 10 00 00 - e8 3e a4 00 ec ff 8d 00  .........>......
00000000008dffb8  83 b6 80 7c 00 00 00 00 - bb 40 93 7c 00 00 00 00  ...|.....@.|....
00000000008dffc8  00 00 00 00 00 e0 fd 7f - 00 d6 7a 86 c0 ff 8d 00  ..........z.....
00000000008dffd8  90 54 88 84 ff ff ff ff - a8 9a 83 7c 90 b6 80 7c  .T.........|...|

---

作者: 大狗狗     时间: 2007-7-10 19:47
*----> 线程 ID 0xee0 的状态转储 <----*

eax=00000102 ebx=15012758 ecx=00f5fc2c edx=7c92eb94 esi=00000110 edi=00000000
eip=7c92eb94 esp=00f5fc2c ebp=00f5fc90 iopl=0         nv up ei ng nz ac po cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

函数: ntdll!KiFastSystemCallRet
        7c92eb89 90               nop
        7c92eb8a 90               nop
        ntdll!KiFastSystemCall:
        7c92eb8b 8bd4             mov     edx,esp
        7c92eb8d 0f34             sysenter
        7c92eb8f 90               nop
        7c92eb90 90               nop
        7c92eb91 90               nop
        7c92eb92 90               nop
        7c92eb93 90               nop
        ntdll!KiFastSystemCallRet:
        7c92eb94 c3               ret
        7c92eb95 8da42400000000   lea     esp,[esp]
        7c92eb9c 8d642400         lea     esp,[esp]
        7c92eba0 90               nop
        7c92eba1 90               nop
        7c92eba2 90               nop
        7c92eba3 90               nop
        7c92eba4 90               nop
        ntdll!KiIntSystemCall:
        7c92eba5 8d542408         lea     edx,[esp+0x8]
        7c92eba9 cd2e             int     2e

*----> 堆栈反向跟踪 <---*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for C:\Program Files\AntiVirus\Micropoint\mp110031.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\AntiVirus\Micropoint\mp110031.dll -
ChildEBP RetAddr  Args to Child              
00f5fc90 7c802532 00000110 00001388 00000000 ntdll!KiFastSystemCallRet
00f5fca4 15001248 00000110 00001388 02480248 kernel32!WaitForSingleObject+0x12
00f5ffb4 7c80b683 15012758 02480248 02480248 mp110031+0x1248
00f5ffec 00000000 150011a9 15012758 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> 原始堆栈转储 <----*
0000000000f5fc2c  c0 e9 92 7c cb 25 80 7c - 10 01 00 00 00 00 00 00  ...|.%.|........
0000000000f5fc3c  60 fc f5 00 48 02 48 02 - 48 02 48 02 58 27 01 15  `...H.H.H.H.X'..
0000000000f5fc4c  14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fc5c  10 00 00 00 80 0f 05 fd - ff ff ff ff 00 d0 fd 7f  ................
0000000000f5fc6c  00 c0 fd 7f 60 fc f5 00 - 02 01 00 00 40 fc f5 00  ....`.......@...
0000000000f5fc7c  10 01 00 00 dc ff f5 00 - a8 9a 83 7c f8 25 80 7c  ...........|.%.|
0000000000f5fc8c  00 00 00 00 a4 fc f5 00 - 32 25 80 7c 10 01 00 00  ........2%.|....
0000000000f5fc9c  88 13 00 00 00 00 00 00 - b4 ff f5 00 48 12 00 15  ............H...
0000000000f5fcac  10 01 00 00 88 13 00 00 - 48 02 48 02 58 27 01 15  ........H.H.X'..
0000000000f5fcbc  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fccc  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fcdc  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fcec  00 c0 fd 7f 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fcfc  00 00 00 00 00 00 00 00 - b0 fc f5 00 00 00 00 00  ................
0000000000f5fd0c  ff ff ff ff 18 ee 92 7c - 00 8e 93 7c ff ff ff ff  .......|...|....
0000000000f5fd1c  fa 8d 93 7c 25 d6 92 7c - cf ea 92 7c 30 fd f5 00  ...|%..|...|0...
0000000000f5fd2c  01 00 00 00 17 00 01 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fd3c  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fd4c  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000f5fd5c  00 00 00 00 00 cc 74 86 - 9c d5 7e 84 bc db 00 f2  ......t...~.....

*----> 线程 ID 0xe24 的状态转储 <----*

eax=00fbfce4 ebx=00000000 ecx=0000d495 edx=00fbfd0c esi=000930b8 edi=0009315c
eip=7c92eb94 esp=00fbfe1c ebp=00fbff80 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

函数: ntdll!KiFastSystemCallRet
        7c92eb89 90               nop
        7c92eb8a 90               nop
        ntdll!KiFastSystemCall:
        7c92eb8b 8bd4             mov     edx,esp
        7c92eb8d 0f34             sysenter
        7c92eb8f 90               nop
        7c92eb90 90               nop
        7c92eb91 90               nop
        7c92eb92 90               nop
        7c92eb93 90               nop
        ntdll!KiFastSystemCallRet:
        7c92eb94 c3               ret
        7c92eb95 8da42400000000   lea     esp,[esp]
        7c92eb9c 8d642400         lea     esp,[esp]
        7c92eba0 90               nop
        7c92eba1 90               nop
        7c92eba2 90               nop
        7c92eba3 90               nop
        7c92eba4 90               nop
        ntdll!KiIntSystemCall:
        7c92eba5 8d542408         lea     edx,[esp+0x8]
        7c92eba9 cd2e             int     2e

*----> 堆栈反向跟踪 <---*
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr  Args to Child              
00fbff80 77e56c22 00fbffa8 77e56a3b 000930b8 ntdll!KiFastSystemCallRet
00fbff88 77e56a3b 000930b8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
00fbffa8 77e56c0a 000ad4d8 00fbffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x403
00fbffb4 7c80b683 000bb880 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
00fbffec 00000000 77e56bf0 000bb880 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> 原始堆栈转储 <----*
0000000000fbfe1c  99 e3 92 7c 03 67 e5 77 - e4 01 00 00 70 ff fb 00  ...|.g.w....p...
0000000000fbfe2c  00 00 00 00 a0 0f 16 00 - 4c ff fb 00 01 00 00 00  ........L.......
0000000000fbfe3c  01 00 00 00 40 25 8b f7 - 00 00 00 00 1a c4 4f 80  ....@%........O.
0000000000fbfe4c  88 bb 56 f2 02 fe 3f c0 - 00 00 fd 7f 00 00 00 00  ..V...?.........
0000000000fbfe5c  d8 fe 3f 02 64 bb 56 f2 - 77 3b 52 80 00 b0 fd 7f  ..?.d.V.w;R.....
0000000000fbfe6c  01 00 00 00 00 00 00 00 - d8 fe 3f c0 00 00 00 00  ..........?.....
0000000000fbfe7c  00 00 00 00 f8 1f 60 c0 - 24 bc 56 f2 d6 42 52 80  ......`.$.V..BR.
0000000000fbfe8c  88 bb 56 f2 00 00 00 00 - 00 00 00 00 00 00 00 00  ..V.............
0000000000fbfe9c  a0 0c dc 84 43 5d 6e 80 - 28 bc 56 f2 27 54 6e 80  ....C]n.(.V.'Tn.
0000000000fbfeac  00 0d db ba 00 00 00 00 - d2 32 50 80 20 75 ba 84  .........2P. u..
0000000000fbfebc  00 00 00 00 00 01 00 00 - b8 bb 56 f2 1d 00 50 80  ..........V...P.
0000000000fbfecc  01 00 00 00 00 00 00 00 - cc bb 56 f2 01 00 00 00  ..........V.....
0000000000fbfedc  9f d3 4f 80 00 00 00 00 - 00 00 00 00 00 00 00 00  ..O.............
0000000000fbfeec  1f 00 00 00 ff ff ff ff - 40 25 8b f7 00 00 00 00  ........@%......
0000000000fbfefc  10 54 6e 80 3c 57 49 86 - 28 bc 56 f2 00 00 00 00  .Tn.<WI.(.V.....
0000000000fbff0c  27 54 6e 80 08 00 00 00 - 46 02 00 00 48 3d 50 80  'Tn.....F...H=P.
0000000000fbff1c  10 56 49 86 a0 55 49 86 - 20 bf 4f 80 0c 57 49 86  .VI..UI. .O..WI.
0000000000fbff2c  a0 55 49 86 80 ff fb 00 - 99 66 e5 77 4c ff fb 00  .UI......f.wL...
0000000000fbff3c  a9 66 e5 77 ed 10 92 7c - b8 c1 0b 00 80 b8 0b 00  .f.w...|........
0000000000fbff4c  00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff  ../M.....]......

*----> 线程 ID 0xe28 的状态转储 <----*

eax=769ae429 ebx=00007530 ecx=7ffdd000 edx=00000000 esi=00000000 edi=0113ff50
eip=7c92eb94 esp=0113ff20 ebp=0113ff78 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206

---

作者: Legend     时间: 2007-7-10 19:47
请楼主将 C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 文件和mp6文件压缩后发送到support@micropoint.com.cn我们帮您分析一下
请在来信中附上这个帖子的地址，方便我们跟踪为您解决问题

---

作者: 大狗狗     时间: 2007-7-10 19:48
函数: ntdll!KiFastSystemCallRet
        7c92eb89 90               nop
        7c92eb8a 90               nop
        ntdll!KiFastSystemCall:
        7c92eb8b 8bd4             mov     edx,esp
        7c92eb8d 0f34             sysenter
        7c92eb8f 90               nop
        7c92eb90 90               nop
        7c92eb91 90               nop
        7c92eb92 90               nop
        7c92eb93 90               nop
        ntdll!KiFastSystemCallRet:
        7c92eb94 c3               ret
        7c92eb95 8da42400000000   lea     esp,[esp]
        7c92eb9c 8d642400         lea     esp,[esp]
        7c92eba0 90               nop
        7c92eba1 90               nop
        7c92eba2 90               nop
        7c92eba3 90               nop
        7c92eba4 90               nop
        ntdll!KiIntSystemCall:
        7c92eba5 8d542408         lea     edx,[esp+0x8]
        7c92eba9 cd2e             int     2e

*----> 堆栈反向跟踪 <---*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr  Args to Child              
0113ff78 7c802451 0000ea60 00000000 0113ffb4 ntdll!KiFastSystemCallRet
0113ff88 769ae31d 0000ea60 000bf1b0 769ae3dc kernel32!Sleep+0xf
0113ffb4 7c80b683 000bf1b0 00000000 7c93094e ole32!StringFromGUID2+0x51b
0113ffec 00000000 769ae429 000bf1b0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> 原始堆栈转储 <----*
000000000113ff20  5c d8 92 7c ed 23 80 7c - 00 00 00 00 50 ff 13 01  \..|.#.|....P...
000000000113ff30  40 25 80 7c f8 6d ab 76 - 30 75 00 00 14 00 00 00  @%.|.m.v0u......
000000000113ff40  01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00  ................
000000000113ff50  00 ba 3c dc ff ff ff ff - fc fe 13 01 50 ff 13 01  ..<.........P...
000000000113ff60  30 ff 13 01 fc fe 13 01 - dc ff 13 01 a8 9a 83 7c  0..............|
000000000113ff70  58 24 80 7c 00 00 00 00 - 88 ff 13 01 51 24 80 7c  X$.|........Q$.|
000000000113ff80  60 ea 00 00 00 00 00 00 - b4 ff 13 01 1d e3 9a 76  `..............v
000000000113ff90  60 ea 00 00 b0 f1 0b 00 - dc e3 9a 76 00 00 00 00  `..........v....
000000000113ffa0  00 00 00 00 b0 f1 0b 00 - 00 00 99 76 44 e4 9a 76  ...........vD..v
000000000113ffb0  4e 09 93 7c ec ff 13 01 - 83 b6 80 7c b0 f1 0b 00  N..|.......|....
000000000113ffc0  00 00 00 00 4e 09 93 7c - b0 f1 0b 00 00 a0 fd 7f  ....N..|........
000000000113ffd0  00 f6 7a 86 c0 ff 13 01 - 18 8b c5 84 ff ff ff ff  ..z.............
000000000113ffe0  a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00  ...|...|........
000000000113fff0  00 00 00 00 29 e4 9a 76 - b0 f1 0b 00 00 00 00 00  ....)..v........
0000000001140000  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000001140010  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000001140020  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000001140030  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000001140040  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000001140050  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................

*----> 线程 ID 0x71c 的状态转储 <----*

eax=00000001 ebx=7ffd96cc ecx=0117fae4 edx=7c92eb94 esi=005aaf20 edi=000b009a
eip=7c92eb94 esp=0117f8c4 ebp=0117f90c iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

函数: ntdll!KiFastSystemCallRet
        7c92eb89 90               nop
        7c92eb8a 90               nop
        ntdll!KiFastSystemCall:
        7c92eb8b 8bd4             mov     edx,esp
        7c92eb8d 0f34             sysenter
        7c92eb8f 90               nop
        7c92eb90 90               nop
        7c92eb91 90               nop
        7c92eb92 90               nop
        7c92eb93 90               nop
        ntdll!KiFastSystemCallRet:
        7c92eb94 c3               ret
        7c92eb95 8da42400000000   lea     esp,[esp]
        7c92eb9c 8d642400         lea     esp,[esp]
        7c92eba0 90               nop
        7c92eba1 90               nop
        7c92eba2 90               nop
        7c92eba3 90               nop
        7c92eba4 90               nop
        ntdll!KiIntSystemCall:
        7c92eba5 8d542408         lea     edx,[esp+0x8]
        7c92eba9 cd2e             int     2e

*----> 堆栈反向跟踪 <---*

---

作者: 大狗狗     时间: 2007-7-10 19:50

Quote:

Originally posted by Legend at 2007-7-10 19:47: 请楼主将 C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 文件和mp6文件压缩后发送到support@micropoint.com.cn我们帮您分析一下 请在来信中附上这个帖 ...

555。。害我白粘贴了半天。。原来还要MP6。。

---

作者: Legend     时间: 2007-7-13 10:32
请楼主打开微点主界面--【进程综合信息】--【应用软件】--【安全软件】下选中mpsvc2进程，将这个进程调用的其他模块信息（下边的模块信息，右键选择"隐藏已知的模块信息“）抓个图或者记录具体的程序文件和其路径，以及微点安装目录下的mpsvc2文件（现将其拷贝到桌面压缩）一起发到support@micropoint.com.cn，请楼主在邮件中附带本链接，谢谢楼主的反馈。

[ Last edited by Legend on 2007-7-13 at 10:48 ]

---

作者: 大狗狗     时间: 2007-7-16 01:00

Quote:

Originally posted by Legend at 2007-7-13 10:32: 请楼主打开微点主界面--【进程综合信息】--【应用软件】--【安全软件】下选中mpsvc2进程，将这个进程调用的其他模块信息（下边的模块信息，右键选择"隐藏已知的模块信息“）抓个图或者记录具体的程序文件和其 ...

你对我的要求好象不低哦。。那下面的模块有好多好多好多。。估计得抓至少5，6张图。。我又没找出有什么办法可以保存它的具体信息。。只能抓图。。晕哦。。

---

作者: 大狗狗     时间: 2007-7-16 01:09
你要的mpsvc2文件是.exe文件还是什么文件？

---

作者: 大狗狗     时间: 2007-7-16 01:10
OK。。已经发送。。随信附上另外一个问题。。

---

欢迎光临 微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn