1   1  /  1  页   跳转

[求助] 帮忙分析下这个日志

收藏
小小爬蔷虎
头像
拙长孩提狮
  • 帖子:97
  • 注册: 2005-12-25
  • 来自:
发表于: 2009-02-16 14:55 | 只看楼主 短消息 资料
字号: 1楼

帮忙分析下这个日志

谁能分析下面的日志。在c盘根目录下找到个文件drwtsn32.log。里面的内容如下:

Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.

发生应用程序意外错误:
        应用程序: C:\Program Files\Rising\Rfw\rfwsrv.exe (pid=1560)
        时间: 2009-2-16 @ 14:47:06.125
        意外情况编号: c0000005 (访问侵犯)
*----> 系统信息 <----*
        计算机名:
        用户名: ŸŸ
        终端会话 Id: 0
        处理器数量: 1
        Windows 版本: 5.1
*----> 任务列表 <----*
  0 System Process
  4 System
796 smss.exe
912 csrss.exe
936 winlogon.exe
980 services.exe
992 lsass.exe
1152 svchost.exe
1216 svchost.exe
1324 svchost.exe
1380 svchost.exe
1500 svchost.exe
1560 rfwsrv.exe
1568 logonui.exe
624 drwtsn32.exe
*----> 模块清单 <----*
(0000000000400000 - 0000000000416000: C:\Program Files\Rising\Rfw\rfwsrv.exe
(0000000000900000 - 000000000091d000: C:\Program Files\Rising\Rfw\MonBase.dll
(0000000000920000 - 0000000000939000: C:\Program Files\Rising\Rfw\MonComm.dll
(0000000000950000 - 00000000009b4000: C:\Program Files\Rising\Rfw\rfwlog.dll
(00000000009e0000 - 00000000009ec000: C:\Program Files\Rising\Rfw\rfwrule.dll
(00000000009f0000 - 0000000000a30000: C:\Program Files\Rising\Rfw\rfwsrv.dll
(0000000000a30000 - 0000000000a49000: C:\Program Files\Rising\Rfw\Syslay.dll
(0000000000a80000 - 0000000000a9b000: C:\Program Files\Rising\Rfw\mPorts.dll
(0000000000ab0000 - 0000000000ac0000: C:\Program Files\Rising\Rfw\rfwdrvc.dll
(0000000000ad0000 - 0000000000ae4000: C:\Program Files\Rising\Rfw\Rfwdrv.dll
(0000000000e10000 - 0000000000e77000: C:\Program Files\Rising\Rfw\rsnetsvr.dll
(0000000000e90000 - 0000000000ebe000: C:\Program Files\Rising\Rfw\comx3.dll
(0000000001200000 - 0000000001228000: C:\Program Files\Rising\Rfw\relibldr.dll
(0000000001290000 - 000000000129e000: C:\Program Files\Rising\Rfw\RSAPPMGR.dll
(00000000012b0000 - 00000000012e1000: C:\Program Files\Rising\Rfw\CfgDll.dll
(0000000001400000 - 0000000001414000: C:\Program Files\Rising\Rfw\urlrule.dll
(0000000001430000 - 000000000146c000: C:\Program Files\Rising\Rfw\recomp.dll
(0000000001480000 - 00000000014b6000: C:\Program Files\Rising\Rfw\refs.dll
(00000000017e0000 - 0000000001810000: C:\Program Files\Rising\Rfw\viruslib.dll
(0000000001820000 - 0000000001a4a000: C:\Program Files\Rising\Rfw\rfwproxy.dll
(0000000001d20000 - 0000000001d30000: C:\Program Files\Rising\Rfw\proccomm.dll
(0000000010000000 - 0000000010029000: C:\Program Files\Rising\Rfw\combase.dll
(000000005adc0000 - 000000005adf7000: C:\WINDOWS\system32\uxtheme.dll
(000000005fdd0000 - 000000005fe25000: C:\WINDOWS\system32\NETAPI32.dll
(0000000060fd0000 - 0000000061025000: C:\WINDOWS\system32\hnetcfg.dll
(0000000062c20000 - 0000000062c29000: C:\WINDOWS\system32\LPK.DLL
(00000000719c0000 - 00000000719fe000: C:\WINDOWS\system32\mswsock.dll
(0000000071a00000 - 0000000071a08000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071a10000 - 0000000071a18000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071a20000 - 0000000071a37000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a40000 - 0000000071a4b000: C:\WINDOWS\system32\WSOCK32.dll
(0000000073640000 - 000000007366e000: C:\WINDOWS\system32\msctfime.ime
(0000000073fa0000 - 000000007400b000: C:\WINDOWS\system32\USP10.dll
(00000000762d0000 - 00000000762e0000: C:\WINDOWS\system32\WINSTA.dll
(0000000076300000 - 000000007631d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076990000 - 0000000076acd000: C:\WINDOWS\system32\ole32.dll
(0000000076bc0000 - 0000000076bcb000: C:\WINDOWS\system32\psapi.dll
(0000000076d30000 - 0000000076d48000: C:\WINDOWS\system32\Iphlpapi.dll
(0000000076d70000 - 0000000076d92000: C:\WINDOWS\system32\Apphelp.dll
(0000000076f20000 - 0000000076f28000: C:\WINDOWS\system32\Wtsapi32.dll
(00000000770f0000 - 000000007717b000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\version.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d10000 - 0000000077da0000: C:\WINDOWS\system32\USER32.dll
(0000000077da0000 - 0000000077e49000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee2000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f39000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll
(000000007c360000 - 000000007c3b6000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c3c0000 - 000000007c43c000: C:\WINDOWS\system32\MSVCP71.dll
(000000007c800000 - 000000007c91e000: C:\WINDOWS\system32\kernel32.dll
(000000007c920000 - 000000007c9b3000: C:\WINDOWS\system32\ntdll.dll
*----> 线程 ID 0x1c0 的状态转储 <----*
eax=01000001 ebx=00e8376c ecx=00000000 edx=01000000 esi=00e83774 edi=00e83648
eip=00e13c72 esp=00cffbc0 ebp=00cffcf0 iopl=0        nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000            efl=00000202
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Rising\Rfw\rsnetsvr.dll -
函数: rsnetsvr
Error 0x80070057
错误 ->00e13c72 8b11            mov    edx,[ecx]        ds:0023:00000000=????????
Error 0x80070057
*----> 堆栈反向跟踪 <---*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Rising\Rfw\rfwsrv.dll -
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr  Args to Child             
00cffcf0 00e159d7 00000000 00a73be8 00000000 rsnetsvr+0x3c72
00cfff80 00a14931 00a73be8 7c932cae 7c932ce4 rsnetsvr+0x59d7
00cfffb4 7c80b713 00a74dc0 7c932cae 7c932ce4 rfwsrv+0x24931
00cfffec 00000000 00a148c2 00a74dc0 00000000 kernel32!GetModuleFileNameA+0x1b4
*----> 原始堆栈转储 <----*
0000000000cffbc0  48 36 e8 00 00 00 00 00 - 7b fe cf 00 4c 36 e8 00  H6......{...L6..
0000000000cffbd0  00 00 00 00 00 00 00 00 - 00 00 00 00 48 36 e8 00  ............H6..
0000000000cffbe0  43 3a 5c 44 6f 63 75 6d - 65 6e 74 73 20 61 6e 64  C:\Documents and
0000000000cffbf0  20 53 65 74 74 69 6e 67 - 73 5c 41 6c 6c 20 55 73  Settings\All Us
0000000000cffc00  65 72 73 5c 41 70 70 6c - 69 63 61 74 69 6f 6e 20  ers\Application
0000000000cffc10  44 61 74 61 5c 52 69 73 - 69 6e 67 5c 63 6f 6d 6d  Data\Rising\comm
0000000000cffc20  6f 6e 5c 00 00 00 5c 00 - 41 00 70 00 70 00 6c 00  on\...\.A.p.p.l.
0000000000cffc30  69 00 63 00 61 00 74 00 - 69 00 6f 00 6e 00 20 00  i.c.a.t.i.o.n. .
0000000000cffc40  44 00 61 00 74 00 61 00 - 5c 00 52 00 69 00 73 00  D.a.t.a.\.R.i.s.
0000000000cffc50  69 00 6e 00 67 00 5c 00 - 63 00 6f 00 6d 00 6d 00  i.n.g.\.c.o.m.m.
0000000000cffc60  6f 00 6e 00 00 00 00 00 - 00 00 00 00 00 00 00 00  o.n.............
0000000000cffc70  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffc80  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffc90  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffca0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffcb0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffcc0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffcd0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0000000000cffce0  00 00 00 00 9b 59 e1 00 - 00 00 00 00 c3 7d cf 00  .....Y.......}..
0000000000cffcf0  80 ff cf 00 d7 59 e1 00 - 00 00 00 00 e8 3b a7 00  .....Y.......;..

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAXTHON 2.0)
分享到:
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2009-02-16 15:04 | 短消息 资料
字号: 2楼

回复:帮忙分析下这个日志

扫SRENG日志发这论坛来,楼主提交的没法看。
下载SRENG2.6版工具:http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
╭∩╮(︶︿︶)╭∩╮
gototop
 
小小爬蔷虎
头像
拙长孩提狮
  • 帖子:97
  • 注册: 2005-12-25
  • 来自:
发表于: 2009-02-16 15:17 | 只看楼主 短消息 资料
字号: 3楼

回复:帮忙分析下这个日志

呵呵。我想让大家看的就是这个系统文件日志。
我怀疑是我删除瑞星防火墙的某个文件后,瑞星防火墙自动修复的日志。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT