最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[求助] 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了

上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:	发表于： 2009-03-19 17:26 \| 只看楼主短消息资料字号：小中大 1楼最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了这里有一份扫描报告,麻烦哪位好心的高人能看下出什么问题了用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 附件: 文件名:SREngLOG.log 下载次数:109 文件类型:application/octet-stream 文件大小: 上传时间:2009-3-19 17:26:05 描述:log
上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:	分享到：

鬼鬼小猫咪高贵耄耋狮帖子:60938 注册: 2008-04-22 来自:喵星	发表于： 2009-03-19 17:51 \| 短消息资料字号：小中大 2楼回复：最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了蓝屏后把DUMP文件发上来 1.右键点击“计算机”，打开系统属性窗口，选择“高级”， 2.点击“启动和故障恢复”栏的“设置”按钮 3.在『系统失败』的写入调试信息中进行选择， 4.有3个选项：核心内存转储：%systemroot%\memory.dmp 完全内存转储：%systemroot%\memory.dmp 小内存转储：%systemroot%\minidump 在此可以选择“ 小内存转储”，下次出现蓝屏时，会在C:\WINDOWS生成一个minidump的文件夹，将这个文件夹压缩后上报瑞星分析。
鬼鬼小猫咪高贵耄耋狮帖子:60938 注册: 2008-04-22 来自:喵星

上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:	发表于： 2009-03-19 17:54 \| 只看楼主短消息资料字号：小中大 3楼回复: 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了请问,是这个吗,我打包了,里面有两个附件: 文件名:Minidump.rar 下载次数:148 文件类型:application/octet-stream 文件大小: 上传时间:2009-3-19 17:53:53 描述:rar
上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:

超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:	发表于： 2009-03-19 18:01 \| 短消息资料字号：小中大 4楼回复: 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了 =========================================== Loading Dump File [E:\Minidump\Mini031809-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: * Invalid * **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * ************************************************************************** Executable search path is: ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055b6a0 Debug session time: Wed Mar 18 13:20:56.921 2009 (GMT+8) System Uptime: 0 days 2:35:04.526 ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... .................................................... Loading User Symbols Loading unloaded module list .............. ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck A7, {280, e1083318, 86741e99, 86741e99} * Kernel symbols are WRONG. Please fix symbols to do analysis. ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Probably caused by : ntoskrnl.exe ( nt+5c56e ) Followup: MachineOwner --------- ======================================= Loading Dump File [E:\Minidump\Mini031809-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: * Invalid * ************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * ************************************************************************** Executable search path is: ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055b6a0 Debug session time: Wed Mar 18 22:55:50.968 2009 (GMT+8) System Uptime: 0 days 9:34:22.542 ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... .................................................. Loading User Symbols Loading unloaded module list ................................ ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck 1000000A, {0, 2, 1, 804ec4d0} * Kernel symbols are WRONG. Please fix symbols to do analysis. * WARNING: Unable to verify timestamp for Fastfat.sys * ERROR: Module load completed but symbols could not be loaded for Fastfat.sys * WARNING: Unable to verify timestamp for HookSys.sys * ERROR: Module load completed but symbols could not be loaded for HookSys.sys * WARNING: Unable to verify timestamp for safeboxkrnl.sys * ERROR: Module load completed but symbols could not be loaded for safeboxkrnl.sys ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Probably caused by : HookSys.sys ( HookSys+1407a )** Followup: MachineOwner --------- ========================================== 两个DUMP分析结果如上，第一个属于内核错误，第二个显示与瑞星杀软的文件有关，但并不意味着是瑞星导致。超级游戏迷最后编辑于 2009-03-19 18:02:29 打酱油的……
超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:

超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:	发表于： 2009-03-19 18:06 \| 短消息资料字号：小中大 5楼回复: 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了你的机上是否有什么电子书阅读器啥的软件，可以卸载后观察是否故障已排除…… 打酱油的……
超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:

超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:	发表于： 2009-03-19 18:10 \| 短消息资料字号：小中大 6楼回复: 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了日志已看，个人认为没啥问题…… 打酱油的……
超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:

上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:	发表于： 2009-03-19 18:15 \| 只看楼主短消息资料字号：小中大 7楼回复: 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了先谢谢两位,这是当前开放的端口,太恐怖了``135.445,请问我是不是被入侵了当前开放端口.JPG (46.82 K) 2009-3-19 18:14:54 附件: 文件名:当前开放端口.JPG 下载次数:510 文件类型:image/pjpeg 文件大小: 上传时间:2009-3-19 18:14:54 描述:jpg 上A网2中木马最后编辑于 2009-03-19 18:16:32
上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:

夲號ヱ被ジ盜叱咤花甲狮帖子:7083 注册: 2008-08-21 来自:昆仑琼华派	发表于： 2009-03-19 18:40 \| 短消息资料字号：小中大 8楼回复: 最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了瑞星引起含有HookSys.sys Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Documents and Settings\lenovo\桌面\Minidump\Minidump\Mini031809-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: * Invalid * **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * ************************************************************************** Executable search path is: ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055b6a0 Debug session time: Wed Mar 18 22:55:50.968 2009 (GMT+8) System Uptime: 0 days 9:34:22.542 ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... .................................................. Loading User Symbols Loading unloaded module list ................................ ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck 1000000A, {0, 2, 1, 804ec4d0} * Kernel symbols are WRONG. Please fix symbols to do analysis. * WARNING: Unable to verify timestamp for Fastfat.sys * ERROR: Module load completed but symbols could not be loaded for Fastfat.sys * WARNING: Unable to verify timestamp for HookSys.sys * ERROR: Module load completed but symbols could not be loaded for HookSys.sys * WARNING: Unable to verify timestamp for safeboxkrnl.sys * ERROR: Module load completed but symbols could not be loaded for safeboxkrnl.sys ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Probably caused by : HookSys.sys ( HookSys+1407a ) Followup: MachineOwner ---------
夲號ヱ被ジ盜叱咤花甲狮帖子:7083 注册: 2008-08-21 来自:昆仑琼华派

上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:	发表于： 2009-03-19 18:56 \| 只看楼主短消息资料字号：小中大 9楼回复：最近系统老是蓝屏,或者出错,昨天居然发现terminal服务被打开了瑞星引起? 这样子,前几天按键精灵用的时候出现了第一次蓝屏,不晓得是怎么回事.我是头一次用按建精灵~后来它给我删了,然后蓝屏问题就一直存在了另外前些天也中过盗号木马,用360杀掉了,但之后系统一直不稳定
上A网2中木马拙长孩提狮帖子:99 注册: 2008-06-14 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT