星空ZQ - 2009-12-5 20:59:00
今天晚上,和朋友视频的时候电脑突然之间蓝屏了,蹦了一大堆的英文,一小时内出了三次,都是在视频的时候,我想是不是摄像头发的原因,可是,原来用的时候没有呀,现在上传日志,高手给看看
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; CIBA; InfoPath.1; .NET CLR 2.0.50727)附件:
SREngLOG.log
夲號ヱ被ジ盜 - 2009-12-5 21:04:00
全盘搜索*.dmp
包括隐藏的文件和文件夹、系统文件夹
搜索的到压缩后附件上传
夲號ヱ被ジ盜 - 2009-12-5 21:05:00
好像是木马群
日志的明显异常....
Autorun.inf
[C:\]
[AutoRun]
Shellexecute=WScript.exe 1747673830.vbs "AutoRun"
shell\open=打开(&O)
shell\open\command=WScript.exe 1747673830.vbs "AutoRun"
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\command=WScript.exe 1747673830.vbs "AutoRun"
星空ZQ - 2009-12-5 21:12:00
不是吧:kaka6: ,我电脑装着瑞星呀,也很正常呀,按你说的,搜索了已上传,就两个文件
附件:
桌面.rar
夲號ヱ被ジ盜 - 2009-12-5 21:22:00
模块加载完成,但不能在ntdll.dll中加载
建议:360和瑞星的监控重复,关闭360的实时监控
用Win RAR清理C盘根目录木马群残留的文件1747673830.vbs
最好右键---编辑
看看是啥内容
Sreng工具重置HOSTS文件,迅雷被屏蔽了- -!
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\lenovo\桌面\1\2009-11-12 17.05.21 Crash.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
WARNING: Minidump contains unknown stream type 0x1000
Windows XP Version 2600 (Service Pack 3, v.5857) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Thu Nov 12 17:05:22.000 2009 (GMT+8)
System Uptime: not available
Process Uptime: 0 days 2:15:51.000
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
..........................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(344.e28): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=00000007 edx=0011ca3d esi=0001e340 edi=00000000
eip=7c92e514 esp=0012dcb4 ebp=0012dd18 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
Unable to load image C:\WINDOWS\system32\ntdll.dll, Win32 error 2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
ntdll+0xe514:
7c92e514 c3 ret
传说中的分割线
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------v
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\lenovo\桌面\1\crush.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Windows XP Version 2600 (Service Pack 3, v.5857) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sun Nov 15 21:51:08.000 2009 (GMT+8)
System Uptime: not available
Process Uptime: 0 days 1:08:46.000
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
........................................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(6f4.114): Access violation - code c0000005 (first/second chance not available)
eax=05310000 ebx=0c534788 ecx=00000007 edx=7c92e514 esi=0c534760 edi=0c5347b8
eip=7c92e514 esp=0170b19c ebp=0170b1ac iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
Unable to load image C:\WINDOWS\system32\ntdll.dll, Win32 error 2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
ntdll+0xe514:
7c92e514 c3 ret
星空ZQ - 2009-12-6 14:13:00
那个*.vbs已经让瑞星给删除了,谢谢你,我想了想应该是摄像头和什么冲突了吧,我今天又用了好长时间都没出现问题,应该是摄像头的问题,哎,以后没的用了
© 2000 - 2025 Rising Corp. Ltd.