大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#1 “梆当”一声响
这几天都经常出现的问题。。
点“升级”。。过了一会儿。。“梆当”一声响。。弹出个窗口。。说MP**.exe应用程序内存不能为read。。让我取消或者确定。。
然后MP就一直处于“准备升级”状态。。把鼠标放在任务栏MP的图标上就是显示“准备升级”。。并且“升级”键变灰。。不可点。。
操作系统:XP
预升级版本
版本号:1.2.10570.0156
病毒库:1.6.375.070706
要我传MP6还是别的什么就说吧。。
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2007-7-10 19:37 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
|
|
2007-7-10 19:38 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#3
这是我的drwtsn32.log里的信息。。就懒的用邮箱发了吧。。
Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.
发生应用程序意外错误:
应用程序: C:\WINDOWS\explorer.exe (pid=1876)
时间: 2007-7-2 @ 12:47:31.861
意外情况编号: c0000005 (访问侵犯)
*----> 系统信息 <----*
计算机名: 大狗狗
用户名: Richard
终端会话 Id: 0
处理器数量: 2
处理器类型: x86 Family 15 Model 4 Stepping 4
Windows 版本: 5.1
当前内部版本号: 2600
Service Pack: 2
当前类型: Multiprocessor Free
注册的单位:
注册的所有者: USER
*----> 任务列表 <----*
0 System Process
4 System
684 smss.exe
736 csrss.exe
764 winlogon.exe
808 services.exe
820 lsass.exe
992 Ati2evxx.exe
1012 svchost.exe
1072 Error 0xD0000005
1108 Error 0xD0000005
1236 Error 0xD0000005
1260 svchost.exe
1568 svchost.exe
1628 svchost.exe
1836 spoolsv.exe
420 Error 0xD0000005
720 svchost.exe
1312 VM303_STI.EXE
1940 ctfmon.exe
1924 svchost.exe
1456 alg.exe
3136 TIMPlatform.exe
2760 Maxthon.exe
288 AcroRd32.exe
2412 QQ.exe
1876 explorer.exe
792 drwtsn32.exe
*----> 模块清单 <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000000d00000 - 0000000000d0f000: C:\WINDOWS\system32\browselc.dll
(0000000001000000 - 00000000010f1000: C:\WINDOWS\explorer.exe
(0000000001550000 - 000000000157b000: F:\Program Files\WinRAR\rarext.dll
(00000000015b0000 - 00000000015c9000: F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
(00000000027d0000 - 00000000027f2000: F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
(0000000002e60000 - 0000000002e77000: C:\WINDOWS\system32\odbcint.dll
(00000000034b0000 - 0000000003594000: F:\Program Files\StormII\Codec\VSFilter.dll
(00000000035b0000 - 00000000035db000: F:\Program Files\StormII\Codec\TTL2Dec.dll
(00000000035e0000 - 000000000361f000: F:\Program Files\StormII\Codec\PmpSplt.ax
(0000000003630000 - 0000000003685000: F:\Program Files\StormII\Codec\MpaSplitter.ax
(00000000036b0000 - 0000000003708000: F:\Program Files\StormII\Codec\RadGtSplitter.ax
(0000000003720000 - 0000000003781000: F:\Program Files\StormII\Codec\AviSplitter.ax
(0000000003900000 - 000000000391e000: F:\Program Files\StormII\Codec\Vid1Dec.dll
(0000000003920000 - 0000000003933000: F:\Program Files\StormII\Codec\xvid.ax
(0000000003940000 - 0000000003997000: C:\WINDOWS\system32\LCodcCMP.dll
(0000000003ec0000 - 0000000003ec5000: C:\WINDOWS\system32\ff_vfw.dll
(0000000004010000 - 000000000413f000: F:\Program Files\StormII\Codec\xvidcore.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 000000001001c000: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll
(0000000014070000 - 000000001408b000: C:\WINDOWS\system32\wmpshell.dll
(0000000014c00000 - 0000000014c4d000: C:\WINDOWS\system32\icmw_32.dll
(0000000015000000 - 0000000015019000: C:\Program Files\AntiVirus\Micropoint\mp110031.dll
(0000000020000000 - 0000000020549000: C:\WINDOWS\system32\xpsp2res.dll
(0000000022250000 - 000000002225c000: F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll
(0000000022280000 - 0000000022289000: F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll
(0000000030bf0000 - 0000000030e79000: C:\WINDOWS\system32\ffdshow.ax
(00000000325c0000 - 00000000325d2000: F:\Program Files\Microsoft Office\OFFICE11\msohev.dll
(0000000041d50000 - 0000000041d95000: C:\WINDOWS\system32\iertutil.dll
(0000000041fd0000 - 000000004209f000: C:\WINDOWS\system32\WININET.dll
(00000000420b0000 - 00000000421d4000: C:\WINDOWS\system32\urlmon.dll
(0000000042200000 - 000000004223c000: C:\WINDOWS\system32\webcheck.dll
(00000000422b0000 - 000000004287b000: C:\WINDOWS\system32\ieframe.dll
(000000004ae90000 - 000000004b033000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(0000000058fb0000 - 000000005917a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(000000005a540000 - 000000005a5d0000: C:\WINDOWS\system32\wiashext.dll
(000000005adc0000 - 000000005adf7000: C:\WINDOWS\system32\UxTheme.dll
(000000005b680000 - 000000005b6ee000: C:\WINDOWS\system32\themeui.dll
(000000005cb90000 - 000000005cbb6000: C:\WINDOWS\system32\shmedia.dll
(000000005cc30000 - 000000005cc56000: C:\WINDOWS\system32\ShimEng.dll
(000000005d170000 - 000000005d20a000: C:\WINDOWS\system32\comctl32.dll
(000000005fdd0000 - 000000005fe24000: C:\WINDOWS\system32\NETAPI32.dll
(000000005fe40000 - 000000005fe71000: C:\WINDOWS\system32\msutb.dll
(0000000060a80000 - 0000000060b72000: G:\Tencent\QQ\MFC42.DLL
(0000000060e00000 - 0000000060e1b000: G:\Tencent\QQ\qdshm.dll
(0000000061be0000 - 0000000061bed000: C:\WINDOWS\system32\MFC42LOC.DLL
(0000000062c20000 - 0000000062c29000: C:\WINDOWS\system32\LPK.DLL
(0000000069a20000 - 0000000069aac000: C:\WINDOWS\system32\qedit.dll
(000000006c520000 - 000000006c56d000: C:\WINDOWS\system32\DUSER.dll
(0000000071a10000 - 0000000071a18000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071a20000 - 0000000071a37000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a90000 - 0000000071aa2000: C:\WINDOWS\system32\MPR.dll
(0000000071b70000 - 0000000071b83000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071b90000 - 0000000071b9e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c00000 - 0000000071c07000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c10000 - 0000000071c50000: C:\WINDOWS\System32\NETUI1.dll
(0000000071c50000 - 0000000071c65000: C:\WINDOWS\System32\NETUI0.dll
(0000000071cc0000 - 0000000071cdc000: C:\WINDOWS\system32\actxprxy.dll
(0000000072210000 - 0000000072238000: C:\WINDOWS\system32\DINPUT.dll
(0000000072f70000 - 0000000072f96000: C:\WINDOWS\system32\WINSPOOL.DRV
(0000000073540000 - 000000007357d000: C:\WINDOWS\system32\ODBC32.dll
(0000000073640000 - 000000007366e000: C:\WINDOWS\system32\msctfime.ime
(0000000073ac0000 - 0000000073ad7000: C:\WINDOWS\system32\AVIFIL32.dll
(0000000073b10000 - 0000000073b23000: C:\WINDOWS\system32\sti.dll
(0000000073b40000 - 0000000073b60000: C:\WINDOWS\system32\MSVFW32.dll
(0000000073fa0000 - 000000007400b000: C:\WINDOWS\system32\USP10.dll
(0000000074680000 - 00000000746cb000: C:\WINDOWS\system32\MSCTF.dll
(0000000074770000 - 000000007490a000: C:\WINDOWS\system32\NETSHELL.dll
(0000000074a30000 - 0000000074a38000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074a40000 - 0000000074a47000: C:\WINDOWS\system32\CFGMGR32.dll
(0000000074a50000 - 0000000074a5a000: C:\WINDOWS\system32\BatMeter.dll
(0000000074a60000 - 0000000074a80000: C:\WINDOWS\system32\stobject.dll
(0000000074cf0000 - 0000000074d81000: C:\WINDOWS\system32\MLANG.dll
(0000000075430000 - 00000000754a1000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000758d0000 - 00000000759c0000: C:\WINDOWS\system32\MSGINA.dll
(00000000759d0000 - 0000000075a7e000: C:\WINDOWS\system32\USERENV.dll
(0000000075af0000 - 0000000075b01000: C:\WINDOWS\system32\devenum.dll
(0000000075ed0000 - 0000000075ed7000: C:\WINDOWS\System32\drprov.dll
(0000000075ee0000 - 0000000075ee9000: C:\WINDOWS\System32\davclnt.dll
(0000000075ef0000 - 0000000075fed000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000075ff0000 - 0000000076055000: C:\WINDOWS\system32\MSVCP60.dll
(0000000076060000 - 00000000761b6000: C:\WINDOWS\system32\SETUPAPI.dll
(00000000762d0000 - 00000000762e0000: C:\WINDOWS\system32\WINSTA.dll
(00000000762f0000 - 00000000762f5000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076300000 - 000000007631d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076320000 - 0000000076367000: C:\WINDOWS\system32\comdlg32.dll
(0000000076570000 - 000000007658c000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076590000 - 00000000765de000: C:\WINDOWS\System32\cscui.dll
(00000000765e0000 - 0000000076672000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076950000 - 0000000076958000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076960000 - 0000000076984000: C:\WINDOWS\system32\ntshrui.dll
(0000000076990000 - 0000000076acd000: C:\WINDOWS\system32\ole32.dll
(0000000076af0000 - 0000000076b01000: C:\WINDOWS\system32\ATL.DLL
(0000000076b10000 - 0000000076b3a000: C:\WINDOWS\system32\WINMM.dll
(0000000076bc0000 - 0000000076bcb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076bd0000 - 0000000076bfd000: C:\WINDOWS\system32\credui.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c60000 - 0000000076c88000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d30000 - 0000000076d48000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076d70000 - 0000000076d92000: C:\WINDOWS\system32\appHelp.dll
(0000000076db0000 - 0000000076dc2000: C:\WINDOWS\system32\MSASN1.dll
(0000000076e50000 - 0000000076e5e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f20000 - 0000000076f28000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f30000 - 0000000076f5c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fa0000 - 000000007701f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077020000 - 00000000770ba000: C:\WINDOWS\system32\COMRes.dll
(00000000770f0000 - 000000007717c000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077180000 - 0000000077283000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-10 19:45 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#4
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d10000 - 0000000077d9f000: C:\WINDOWS\system32\USER32.dll
(0000000077da0000 - 0000000077e49000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee1000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f37000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c91d000: C:\WINDOWS\system32\kernel32.dll
(000000007c920000 - 000000007c9b4000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007cc7e000: C:\WINDOWS\system32\msi.dll
(000000007cf70000 - 000000007d0d7000: C:\WINDOWS\system32\quartz.dll
(000000007d590000 - 000000007dd82000: C:\WINDOWS\system32\SHELL32.dll
(000000007e550000 - 000000007e6c1000: C:\WINDOWS\system32\SHDOCVW.dll
*----> 线程 ID 0xeb0 的状态转储 <----*
eax=00000000 ebx=00000003 ecx=7ffdf000 edx=7c92eb94 esi=00111af8 edi=00000000
eip=7c92eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
函数: ntdll!KiFastSystemCallRet
7c92eb89 90 nop
7c92eb8a 90 nop
ntdll!KiFastSystemCall:
7c92eb8b 8bd4 mov edx,esp
7c92eb8d 0f34 sysenter
7c92eb8f 90 nop
7c92eb90 90 nop
7c92eb91 90 nop
7c92eb92 90 nop
7c92eb93 90 nop
ntdll!KiFastSystemCallRet:
7c92eb94 c3 ret
7c92eb95 8da42400000000 lea esp,[esp]
7c92eb9c 8d642400 lea esp,[esp]
7c92eba0 90 nop
7c92eba1 90 nop
7c92eba2 90 nop
7c92eba3 90 nop
7c92eba4 90 nop
ntdll!KiIntSystemCall:
7c92eba5 8d542408 lea edx,[esp+0x8]
7c92eba9 cd2e int 2e
*----> 堆栈反向跟踪 <---*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7d5dbe9c 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 00111af8 7ffdd000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 0002064a explorer+0x16e95
0007ffc0 7c816fd7 0007f730 0006e890 7ffdd000 explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49
*----> 原始堆栈转储 <----*
000000000007fef0 18 94 d1 77 02 3c 5f 7d - 9c 92 80 7c f8 1a 11 00 ...w.<_}...|....
000000000007ff00 f8 1a 11 00 14 ff 07 00 - 14 ff 07 00 9c be 5d 7d ..............]}
000000000007ff10 00 00 00 00 5c ff 07 00 - 95 6e 01 01 f8 1a 11 00 ....\....n......
000000000007ff20 00 d0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 ............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 92 7c 65 ac 80 7c P.......'..|e..|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 53 80 1c 00 ............S...
000000000007ff50 d0 00 00 00 01 00 00 00 - f8 1a 11 00 c0 ff 07 00 ................
000000000007ff60 b6 e2 01 01 00 00 00 00 - 00 00 00 00 4a 06 02 00 ............J...
000000000007ff70 05 00 00 00 30 f7 07 00 - 90 e8 06 00 44 00 00 00 ....0.......D...
000000000007ff80 9c 06 02 00 7c 06 02 00 - 4c 06 02 00 00 00 00 00 ....|...L.......
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00 ................
000000000007ffa0 00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00 ....:...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 d7 6f 81 7c - 30 f7 07 00 90 e8 06 00 .....o.|0.......
000000000007ffd0 00 d0 fd 7f 00 00 00 00 - c8 ff 07 00 c0 b4 84 84 ................
000000000007ffe0 ff ff ff ff a8 9a 83 7c - e0 6f 81 7c 00 00 00 00 .......|.o.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00 ........N.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 b8 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...
*----> 线程 ID 0x3a4 的状态转储 <----*
eax=00000001 ebx=008dfed0 ecx=7c809512 edx=7c92eb94 esi=00000000 edi=7ffdd000
eip=7c92eb94 esp=008dfea8 ebp=008dff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
函数: ntdll!KiFastSystemCallRet
7c92eb89 90 nop
7c92eb8a 90 nop
ntdll!KiFastSystemCall:
7c92eb8b 8bd4 mov edx,esp
7c92eb8d 0f34 sysenter
7c92eb8f 90 nop
7c92eb90 90 nop
7c92eb91 90 nop
7c92eb92 90 nop
7c92eb93 90 nop
ntdll!KiFastSystemCallRet:
7c92eb94 c3 ret
7c92eb95 8da42400000000 lea esp,[esp]
7c92eb9c 8d642400 lea esp,[esp]
7c92eba0 90 nop
7c92eba1 90 nop
7c92eba2 90 nop
7c92eba3 90 nop
7c92eba4 90 nop
ntdll!KiIntSystemCall:
7c92eba5 8d542408 lea edx,[esp+0x8]
7c92eba9 cd2e int 2e
*----> 堆栈反向跟踪 <---*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
008dff44 77dc9b26 00000002 008dff6c 00000000 ntdll!KiFastSystemCallRet
008dffb4 7c80b683 00000000 7c9340bb 00000000 ADVAPI32!RegDeleteKeyW+0x2a2
008dffec 00000000 77dc9981 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> 原始堆栈转储 <----*
00000000008dfea8 ab e9 92 7c e2 94 80 7c - 02 00 00 00 d0 fe 8d 00 ...|...|........
00000000008dfeb8 01 00 00 00 01 00 00 00 - 04 ff 8d 00 e0 2e a4 00 ................
00000000008dfec8 40 65 e1 77 00 10 00 00 - 70 00 00 00 7c 00 00 00 @e.w....p...|...
00000000008dfed8 c0 fe 8d 00 c4 08 00 00 - dc ff 8d 00 a8 9a 83 7c ...............|
00000000008dfee8 b0 0a 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 ...|............
00000000008dfef8 c8 c6 09 00 00 00 00 00 - 00 00 00 00 00 a2 2f 4d ............../M
00000000008dff08 ff ff ff ff 00 10 00 00 - 00 d0 fd 7f 00 e0 fd 7f ................
00000000008dff18 dc ff 8d 00 04 ff 8d 00 - d0 fe 8d 00 06 00 00 00 ................
00000000008dff28 02 00 00 00 c4 fe 8d 00 - 06 00 00 00 dc ff 8d 00 ................
00000000008dff38 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 b4 ff 8d 00 ...|...|........
00000000008dff48 26 9b dc 77 02 00 00 00 - 6c ff 8d 00 00 00 00 00 &..w....l.......
00000000008dff58 e0 93 04 00 01 00 00 00 - bb 40 93 7c 00 00 00 00 .........@.|....
00000000008dff68 00 00 00 00 70 00 00 00 - 7c 00 00 00 00 10 00 00 ....p...|.......
00000000008dff78 e0 2e a4 00 00 00 00 00 - 00 10 00 00 e8 3e a4 00 .............>..
00000000008dff88 a0 66 e1 77 58 00 00 00 - 80 66 e1 77 00 10 00 00 .f.wX....f.w....
00000000008dff98 00 00 00 00 a0 66 e1 77 - e0 2e a4 00 80 66 e1 77 .....f.w.....f.w
00000000008dffa8 e5 03 00 00 00 10 00 00 - e8 3e a4 00 ec ff 8d 00 .........>......
00000000008dffb8 83 b6 80 7c 00 00 00 00 - bb 40 93 7c 00 00 00 00 ...|.....@.|....
00000000008dffc8 00 00 00 00 00 e0 fd 7f - 00 d6 7a 86 c0 ff 8d 00 ..........z.....
00000000008dffd8 90 54 88 84 ff ff ff ff - a8 9a 83 7c 90 b6 80 7c .T.........|...|
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-10 19:46 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#5
*----> 线程 ID 0xee0 的状态转储 <----*
eax=00000102 ebx=15012758 ecx=00f5fc2c edx=7c92eb94 esi=00000110 edi=00000000
eip=7c92eb94 esp=00f5fc2c ebp=00f5fc90 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297
函数: ntdll!KiFastSystemCallRet
7c92eb89 90 nop
7c92eb8a 90 nop
ntdll!KiFastSystemCall:
7c92eb8b 8bd4 mov edx,esp
7c92eb8d 0f34 sysenter
7c92eb8f 90 nop
7c92eb90 90 nop
7c92eb91 90 nop
7c92eb92 90 nop
7c92eb93 90 nop
ntdll!KiFastSystemCallRet:
7c92eb94 c3 ret
7c92eb95 8da42400000000 lea esp,[esp]
7c92eb9c 8d642400 lea esp,[esp]
7c92eba0 90 nop
7c92eba1 90 nop
7c92eba2 90 nop
7c92eba3 90 nop
7c92eba4 90 nop
ntdll!KiIntSystemCall:
7c92eba5 8d542408 lea edx,[esp+0x8]
7c92eba9 cd2e int 2e
*----> 堆栈反向跟踪 <---*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for C:\Program Files\AntiVirus\Micropoint\mp110031.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\AntiVirus\Micropoint\mp110031.dll -
ChildEBP RetAddr Args to Child
00f5fc90 7c802532 00000110 00001388 00000000 ntdll!KiFastSystemCallRet
00f5fca4 15001248 00000110 00001388 02480248 kernel32!WaitForSingleObject+0x12
00f5ffb4 7c80b683 15012758 02480248 02480248 mp110031+0x1248
00f5ffec 00000000 150011a9 15012758 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> 原始堆栈转储 <----*
0000000000f5fc2c c0 e9 92 7c cb 25 80 7c - 10 01 00 00 00 00 00 00 ...|.%.|........
0000000000f5fc3c 60 fc f5 00 48 02 48 02 - 48 02 48 02 58 27 01 15 `...H.H.H.H.X'..
0000000000f5fc4c 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fc5c 10 00 00 00 80 0f 05 fd - ff ff ff ff 00 d0 fd 7f ................
0000000000f5fc6c 00 c0 fd 7f 60 fc f5 00 - 02 01 00 00 40 fc f5 00 ....`.......@...
0000000000f5fc7c 10 01 00 00 dc ff f5 00 - a8 9a 83 7c f8 25 80 7c ...........|.%.|
0000000000f5fc8c 00 00 00 00 a4 fc f5 00 - 32 25 80 7c 10 01 00 00 ........2%.|....
0000000000f5fc9c 88 13 00 00 00 00 00 00 - b4 ff f5 00 48 12 00 15 ............H...
0000000000f5fcac 10 01 00 00 88 13 00 00 - 48 02 48 02 58 27 01 15 ........H.H.X'..
0000000000f5fcbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fccc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fcdc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fcec 00 c0 fd 7f 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fcfc 00 00 00 00 00 00 00 00 - b0 fc f5 00 00 00 00 00 ................
0000000000f5fd0c ff ff ff ff 18 ee 92 7c - 00 8e 93 7c ff ff ff ff .......|...|....
0000000000f5fd1c fa 8d 93 7c 25 d6 92 7c - cf ea 92 7c 30 fd f5 00 ...|%..|...|0...
0000000000f5fd2c 01 00 00 00 17 00 01 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fd5c 00 00 00 00 00 cc 74 86 - 9c d5 7e 84 bc db 00 f2 ......t...~.....
*----> 线程 ID 0xe24 的状态转储 <----*
eax=00fbfce4 ebx=00000000 ecx=0000d495 edx=00fbfd0c esi=000930b8 edi=0009315c
eip=7c92eb94 esp=00fbfe1c ebp=00fbff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
函数: ntdll!KiFastSystemCallRet
7c92eb89 90 nop
7c92eb8a 90 nop
ntdll!KiFastSystemCall:
7c92eb8b 8bd4 mov edx,esp
7c92eb8d 0f34 sysenter
7c92eb8f 90 nop
7c92eb90 90 nop
7c92eb91 90 nop
7c92eb92 90 nop
7c92eb93 90 nop
ntdll!KiFastSystemCallRet:
7c92eb94 c3 ret
7c92eb95 8da42400000000 lea esp,[esp]
7c92eb9c 8d642400 lea esp,[esp]
7c92eba0 90 nop
7c92eba1 90 nop
7c92eba2 90 nop
7c92eba3 90 nop
7c92eba4 90 nop
ntdll!KiIntSystemCall:
7c92eba5 8d542408 lea edx,[esp+0x8]
7c92eba9 cd2e int 2e
*----> 堆栈反向跟踪 <---*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00fbff80 77e56c22 00fbffa8 77e56a3b 000930b8 ntdll!KiFastSystemCallRet
00fbff88 77e56a3b 000930b8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5ea
00fbffa8 77e56c0a 000ad4d8 00fbffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x403
00fbffb4 7c80b683 000bb880 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x5d2
00fbffec 00000000 77e56bf0 000bb880 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> 原始堆栈转储 <----*
0000000000fbfe1c 99 e3 92 7c 03 67 e5 77 - e4 01 00 00 70 ff fb 00 ...|.g.w....p...
0000000000fbfe2c 00 00 00 00 a0 0f 16 00 - 4c ff fb 00 01 00 00 00 ........L.......
0000000000fbfe3c 01 00 00 00 40 25 8b f7 - 00 00 00 00 1a c4 4f 80 ....@%........O.
0000000000fbfe4c 88 bb 56 f2 02 fe 3f c0 - 00 00 fd 7f 00 00 00 00 ..V...?.........
0000000000fbfe5c d8 fe 3f 02 64 bb 56 f2 - 77 3b 52 80 00 b0 fd 7f ..?.d.V.w;R.....
0000000000fbfe6c 01 00 00 00 00 00 00 00 - d8 fe 3f c0 00 00 00 00 ..........?.....
0000000000fbfe7c 00 00 00 00 f8 1f 60 c0 - 24 bc 56 f2 d6 42 52 80 ......`.$.V..BR.
0000000000fbfe8c 88 bb 56 f2 00 00 00 00 - 00 00 00 00 00 00 00 00 ..V.............
0000000000fbfe9c a0 0c dc 84 43 5d 6e 80 - 28 bc 56 f2 27 54 6e 80 ....C]n.(.V.'Tn.
0000000000fbfeac 00 0d db ba 00 00 00 00 - d2 32 50 80 20 75 ba 84 .........2P. u..
0000000000fbfebc 00 00 00 00 00 01 00 00 - b8 bb 56 f2 1d 00 50 80 ..........V...P.
0000000000fbfecc 01 00 00 00 00 00 00 00 - cc bb 56 f2 01 00 00 00 ..........V.....
0000000000fbfedc 9f d3 4f 80 00 00 00 00 - 00 00 00 00 00 00 00 00 ..O.............
0000000000fbfeec 1f 00 00 00 ff ff ff ff - 40 25 8b f7 00 00 00 00 ........@%......
0000000000fbfefc 10 54 6e 80 3c 57 49 86 - 28 bc 56 f2 00 00 00 00 .Tn.<WI.(.V.....
0000000000fbff0c 27 54 6e 80 08 00 00 00 - 46 02 00 00 48 3d 50 80 'Tn.....F...H=P.
0000000000fbff1c 10 56 49 86 a0 55 49 86 - 20 bf 4f 80 0c 57 49 86 .VI..UI. .O..WI.
0000000000fbff2c a0 55 49 86 80 ff fb 00 - 99 66 e5 77 4c ff fb 00 .UI......f.wL...
0000000000fbff3c a9 66 e5 77 ed 10 92 7c - b8 c1 0b 00 80 b8 0b 00 .f.w...|........
0000000000fbff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......
*----> 线程 ID 0xe28 的状态转储 <----*
eax=769ae429 ebx=00007530 ecx=7ffdd000 edx=00000000 esi=00000000 edi=0113ff50
eip=7c92eb94 esp=0113ff20 ebp=0113ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-10 19:47 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
|
|
2007-7-10 19:47 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#7
函数: ntdll!KiFastSystemCallRet
7c92eb89 90 nop
7c92eb8a 90 nop
ntdll!KiFastSystemCall:
7c92eb8b 8bd4 mov edx,esp
7c92eb8d 0f34 sysenter
7c92eb8f 90 nop
7c92eb90 90 nop
7c92eb91 90 nop
7c92eb92 90 nop
7c92eb93 90 nop
ntdll!KiFastSystemCallRet:
7c92eb94 c3 ret
7c92eb95 8da42400000000 lea esp,[esp]
7c92eb9c 8d642400 lea esp,[esp]
7c92eba0 90 nop
7c92eba1 90 nop
7c92eba2 90 nop
7c92eba3 90 nop
7c92eba4 90 nop
ntdll!KiIntSystemCall:
7c92eba5 8d542408 lea edx,[esp+0x8]
7c92eba9 cd2e int 2e
*----> 堆栈反向跟踪 <---*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
0113ff78 7c802451 0000ea60 00000000 0113ffb4 ntdll!KiFastSystemCallRet
0113ff88 769ae31d 0000ea60 000bf1b0 769ae3dc kernel32!Sleep+0xf
0113ffb4 7c80b683 000bf1b0 00000000 7c93094e ole32!StringFromGUID2+0x51b
0113ffec 00000000 769ae429 000bf1b0 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> 原始堆栈转储 <----*
000000000113ff20 5c d8 92 7c ed 23 80 7c - 00 00 00 00 50 ff 13 01 \..|.#.|....P...
000000000113ff30 40 25 80 7c f8 6d ab 76 - 30 75 00 00 14 00 00 00 @%.|.m.v0u......
000000000113ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
000000000113ff50 00 ba 3c dc ff ff ff ff - fc fe 13 01 50 ff 13 01 ..<.........P...
000000000113ff60 30 ff 13 01 fc fe 13 01 - dc ff 13 01 a8 9a 83 7c 0..............|
000000000113ff70 58 24 80 7c 00 00 00 00 - 88 ff 13 01 51 24 80 7c X$.|........Q$.|
000000000113ff80 60 ea 00 00 00 00 00 00 - b4 ff 13 01 1d e3 9a 76 `..............v
000000000113ff90 60 ea 00 00 b0 f1 0b 00 - dc e3 9a 76 00 00 00 00 `..........v....
000000000113ffa0 00 00 00 00 b0 f1 0b 00 - 00 00 99 76 44 e4 9a 76 ...........vD..v
000000000113ffb0 4e 09 93 7c ec ff 13 01 - 83 b6 80 7c b0 f1 0b 00 N..|.......|....
000000000113ffc0 00 00 00 00 4e 09 93 7c - b0 f1 0b 00 00 a0 fd 7f ....N..|........
000000000113ffd0 00 f6 7a 86 c0 ff 13 01 - 18 8b c5 84 ff ff ff ff ..z.............
000000000113ffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000113fff0 00 00 00 00 29 e4 9a 76 - b0 f1 0b 00 00 00 00 00 ....)..v........
0000000001140000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001140010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001140020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001140030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001140040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001140050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> 线程 ID 0x71c 的状态转储 <----*
eax=00000001 ebx=7ffd96cc ecx=0117fae4 edx=7c92eb94 esi=005aaf20 edi=000b009a
eip=7c92eb94 esp=0117f8c4 ebp=0117f90c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
函数: ntdll!KiFastSystemCallRet
7c92eb89 90 nop
7c92eb8a 90 nop
ntdll!KiFastSystemCall:
7c92eb8b 8bd4 mov edx,esp
7c92eb8d 0f34 sysenter
7c92eb8f 90 nop
7c92eb90 90 nop
7c92eb91 90 nop
7c92eb92 90 nop
7c92eb93 90 nop
ntdll!KiFastSystemCallRet:
7c92eb94 c3 ret
7c92eb95 8da42400000000 lea esp,[esp]
7c92eb9c 8d642400 lea esp,[esp]
7c92eba0 90 nop
7c92eba1 90 nop
7c92eba2 90 nop
7c92eba3 90 nop
7c92eba4 90 nop
ntdll!KiIntSystemCall:
7c92eba5 8d542408 lea edx,[esp+0x8]
7c92eba9 cd2e int 2e
*----> 堆栈反向跟踪 <---*
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-10 19:48 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#8
| Quote: | Originally posted by Legend at 2007-7-10 19:47:
请楼主将 C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 文件和mp6文件压缩后发送到support@micropoint.com.cn我们帮您分析一下
请在来信中附上这个帖 ... |
|
555。。害我白粘贴了半天。。原来还要MP6。。
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-10 19:50 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
#9
请楼主打开微点主界面--【进程综合信息】--【应用软件】--【安全软件】下选中mpsvc2进程,将这个进程调用的其他模块信息(下边的模块信息,右键选择"隐藏已知的模块信息“)抓个图或者记录具体的程序文件和其路径,以及微点安装目录下的mpsvc2文件(现将其拷贝到桌面压缩)一起发到support@micropoint.com.cn,请楼主在邮件中附带本链接,谢谢楼主的反馈。
[ Last edited by Legend on 2007-7-13 at 10:48 ]
| |
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
|
微点官方认证新浪微博:欢迎进入 微点新浪微博
微点技术支持邮箱: support@micropoint.com.cn
给Legend发短消息 |
|
|
|
2007-7-13 10:32 |
|
大狗狗
注册用户
积分 57
发帖 60
注册 2007-6-22
来自 UTSC
|
#10
| Quote: | Originally posted by Legend at 2007-7-13 10:32:
请楼主打开微点主界面--【进程综合信息】--【应用软件】--【安全软件】下选中mpsvc2进程,将这个进程调用的其他模块信息(下边的模块信息,右键选择"隐藏已知的模块信息“)抓个图或者记录具体的程序文件和其 ... |
|
你对我的要求好象不低哦。。那下面的模块有好多好多好多。。估计得抓至少5,6张图。。我又没找出有什么办法可以保存它的具体信息。。只能抓图。。晕哦。。
| |
※ ※ ※ 本文纯属【大狗狗】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-16 01:00 |
|
