|
 | 作者: shangao [shangao]
 论坛用户 |
登录 |
| 我的机子在3月21号被黑了,我是在c盘看到的,请大家帮我看看是怎么回事。 发生应用程序意外错误: 应用程序: explorer.exe (pid=752) 时间: 2004-3-22 @ 21:04:32.656 意外情况编号: c0000005 (访问侵犯) *----> 系统信息 <----* 计算机名: ******* 用户名: Administrator 处理器数量: 1 处理器类型: x86 Family 15 Model 1 Stepping 3 Windows 2000 版本: 5.0 当前内部版本号: 2195 Service Pack: None 当前类型: Uniprocessor Free 注册的单位: ****** 注册的所有者: ******* *----> 任务列表 <----* 0 Idle.exe 8 System.exe 140 smss.exe 164 csrss.exe 160 winlogon.exe 212 services.exe 224 lsass.exe 384 svchost.exe 416 spoolsv.exe 460 svchost.exe 496 regsvc.exe 512 MSTask.exe 764 igfxtray.exe 772 hkcmd.exe 780 SOUNDMAN.exe 788 loadqm.exe 804 realsched.exe 812 rundll32.exe 820 internat.exe 840 MsnMsgr.exe 2928 潇湘传奇登陆器.exe 3056 17126.exe 2808 hyb540.exe 3136 hyb763.exe 884 drwtsn32.exe 752 Explorer.exe 724 drwtsn32.exe 0 _Total.exe (00400000 - 0043C000) (77F80000 - 77FF9000) (77D90000 - 77DEA000) (77E60000 - 77F35000) (77D20000 - 77D8F000) (77F40000 - 77F7C000) (77DF0000 - 77E54000) (70BD0000 - 70C20000) (71730000 - 717BA000) (75E00000 - 75E1A000) (77560000 - 777A0000) (6DD30000 - 6DD36000) (53000000 - 53007000) (78000000 - 78046000) 线程 ID 0x34c 的状态转储 eax=775690ac ebx=00663300 ecx=00000000 edx=7767c2f0 esi=00000000 edi=00078441 eip=77568ee4 esp=0006f7d4 ebp=0006fa20 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 函数: Ordinal19 77568ec4 55 push ebp 77568ec5 56 push esi 77568ec6 57 push edi 77568ec7 80bc242402000067 cmp byte ptr [esp+0x224],0x67 ss:0006f9f8=b5 77568ecf 6485ff test fs:edi,edi 77568ed2 745b jz DllGetClassObject+0x1c04 (77571a2f) 77568ed4 8b9c6a80020000 mov ebx,[edx+ebp*2+0x280] ds:0006fca0=006c006c 77568edb 8b470c mov eax,[edi+0xc] ds:00bc5a17=???????? 77568ede 47 inc edi 77568edf 687c185677 push 0x7756187c 错误 ->77568ee4 668b596a mov bx,[ecx+0x6a] ds:00b4d5d7=???? 77568ee8 3b08 cmp ecx,[eax] ds:775690ac=90900000 77568eea 755b jnz DllGetClassObject+0x141c (77571247) 77568eec 83bc676a02000000 cmp dword ptr [edi+0x26a],0x0 ds:000786ab=00000000 77568ef4 7551 jnz DllGetClassObject+0x91c (77570747) 77568ef6 7864 js Ordinal6+0x1560 (7757515c) 77568ef8 c26777 ret 0x7767 77568efb ffd5 call ebp 77568efd ff696a jmp fword ptr [ecx+0x6a] ds:00b4d5d6=???????????? 77568f00 53 push ebx 77568f01 ff15b01c5677 ds:77561cb0=70be8a65 call dword ptr [Ordinal455+0x1cb0 (77561cb0)] 77568f07 85c0 test eax,eax *----> 堆栈反向跟踪 <---* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0006FA20 77573D38 0006FAC8 00000000 00000000 7767C2F0 shell32!Ordinal19 0006FA54 77573EC2 0006FAC8 00000000 00000000 00000000 shell32!Ordinal6 0006FA7C 775CB77E 00060105 00020101 0006FAA4 00000000 shell32!Ordinal6 0006FEE0 7757330A 00000020 00000020 00000010 00000010 shell32!Ordinal49 0006FF24 0040C91B 00000001 00000000 000205AC 7FFDF000 shell32!Ordinal660 0006FF60 0040C730 00000054 00000000 000205AC 00000005 explorer!<nosymbols> 0006FFC0 77E67903 00000000 00000000 7FFDF000 C0000005 explorer!<nosymbols> 0006FFF0 00000000 0040C6A2 00000000 000000C8 00000100 kernel32!SetUnhandledExceptionFilter *----> 原始堆栈转储 <----* 0006f7d4 7c 18 56 77 00 00 00 00 - 00 00 00 00 20 fa 06 00 |.Vw........ ... 0006f7e4 00 00 00 00 ac 00 6c 77 - 00 00 56 77 24 f8 06 00 ......lw..Vw$... 0006f7f4 04 00 00 00 d3 43 f9 77 - 48 07 07 00 00 00 07 00 .....C.wH....... 0006f804 04 00 00 00 00 00 00 00 - fc f7 06 00 00 02 00 00 ................ 0006f814 b4 f9 06 00 db 80 fb 77 - 18 44 f9 77 ff ff ff ff .......w.D.w.... 0006f824 c4 f9 06 00 50 9a fc 77 - 67 9a fc 77 00 00 00 00 ....P..wg..w.... 0006f834 00 00 00 00 ff ff ff ff - 4e 00 54 00 5c 00 73 00 ........N.T.\.s. 0006f844 79 00 73 00 74 00 65 00 - 6d 00 33 00 32 00 5c 00 y.s.t.e.m.3.2.\. 0006f854 53 00 48 00 45 00 4c 00 - 78 01 07 00 78 01 07 00 S.H.E.L.x...x... 0006f864 40 06 07 00 6c 00 00 00 - 78 01 07 00 40 06 07 00 @...l...x...@... 0006f874 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f884 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f894 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f8a4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f8b4 e4 f8 06 00 00 00 00 00 - 98 98 f8 77 44 71 eb 77 ...........wDq.w 0006f8c4 40 64 eb 77 78 01 07 00 - 78 01 07 00 78 01 07 00 @d.wx...x...x... 0006f8d4 78 01 07 00 78 01 07 00 - 78 01 07 00 78 01 07 00 x...x...x...x... 0006f8e4 b2 77 eb 77 44 71 eb 77 - 88 f9 06 00 01 00 00 00 .w.wDq.w........ 0006f8f4 00 00 00 00 d0 00 e6 77 - ec f8 06 00 84 f9 06 00 .......w........ 0006f904 e0 f9 06 00 01 00 00 00 - 2c f9 06 00 19 ca f8 77 ........,......w  |
| 地主 发表时间: 04-03-26 21:10 |
 | 回复: ice_age [ice_age]  论坛用户 |
登录 |
|
帮你鼎 |
| B1层 发表时间: 04-03-27 07:25 |
 | 回复: q8406654 [q8406654]  论坛用户 |
登录 |
|
igfxtray.exe hkcmd.exe这2个进程有问题吧到注册表看看 |
| B2层 发表时间: 04-03-27 10:01 |
| 回复: shangao [shangao] 论坛用户 |
登录 |
|
怎么看啊注册表那儿看。那么大 |
| B3层 发表时间: 04-03-27 11:13 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 电脑门诊
标题: 救救我吧????