HookSys.sys蓝屏版主请进 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛个人产品讨论区 瑞星杀毒软件 瑞星全功能安全软件 HookSys.sys蓝屏版主请进

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[求助] HookSys.sys蓝屏版主请进

zhouji963 初生襁褓狮帖子:3 注册: 2007-10-05 来自:	发表于： 2010-05-15 16:13 \| 只看楼主短消息资料字号：小中大 1楼 HookSys.sys蓝屏版主请进系统:win7旗舰版原版刚才一边浏览网页，一边听歌，接着就蓝屏了 dmp文件（见最下边附件）及瑞星版本截图如下：蓝屏.jpg (261.23 K) 2010-5-15 16:12:48 用 Debugger 分析，如下： Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\051510-25849-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: * Invalid * **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * ************************************************************************** Executable search path is: ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntkrnlpa.exe * ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7600.16539.x86fre.win7_gdr.100226-1909 Machine Name: Kernel base = 0x8444e000 PsLoadedModuleList = 0x84596810 Debug session time: Sat May 15 15:47:33.290 2010 (UTC + 8:00) System Uptime: 0 days 6:58:17.022 ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntkrnlpa.exe * ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe Loading Kernel Symbols ............................................................... ................................................................ ............................................... Loading User Symbols Loading unloaded module list ......... * WARNING: Unable to verify timestamp for halmacpi.dll * ERROR: Module load completed but symbols could not be loaded for halmacpi.dll ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck A, {45, 2, 1, 8441a839} * WARNING: Unable to verify timestamp for fltmgr.sys * ERROR: Module load completed but symbols could not be loaded for fltmgr.sys * WARNING: Unable to verify timestamp for Ntfs.sys * ERROR: Module load completed but symbols could not be loaded for Ntfs.sys * WARNING: Unable to verify timestamp for HookSys.sys * ERROR: Module load completed but symbols could not be loaded for HookSys.sys * Kernel symbols are WRONG. Please fix symbols to do analysis. ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * *********************************************************************** Probably caused by : HookSys.sys ( HookSys+2963a ) Followup: MachineOwner --------- 用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; QQDownload 627; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) 附件: 文件名:051510-25849-01.rar 下载次数:246 文件类型:application/octet-stream 文件大小: 上传时间:2010-5-15 16:12:48 描述:dump文件打包
zhouji963 初生襁褓狮帖子:3 注册: 2007-10-05 来自:	分享到：

木马bbbb 强壮不惑狮帖子:1168 注册: 2008-02-26 来自:瑞星火星用户	发表于： 2010-05-15 19:22 \| 短消息资料字号：小中大 2楼回复：HookSys.sys蓝屏版主请进系统有没有安装其他安全类软件。把瑞星卸载了下载最新版本安装包安装一下。下载地址：http://update.rising.com.cn/personvalidate/pcver/upgrade.htm
木马bbbb 强壮不惑狮帖子:1168 注册: 2008-02-26 来自:瑞星火星用户

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT