20CN网络安全小组论坛 - 菜鸟乐园 - 莫名奇妙的在桌面出来个文件：log1。txt

论坛: 菜鸟乐园标题: 莫名奇妙的在桌面出来个文件：log1。txt

作者: sniper167 [sniper167]

论坛用户

内容如下：

[Version: 1.0]

Snapshot file creation time: Sun Mar 21 01:14:43 2004 (UTC)

[Process Info]
ProcessId: 280
Name: E:\RealOne\RealPlay.exe
Version: 6.0.11.872
WorkingSetSize: 49967104 Bytes
PagefileUsage: 52940800 Bytes

[System Info]
Operating System: Windows XP
Version: 5.1.2600
Primary Monitor Resolution: 1024x768 16-Bit Color
Total Physical RAM: 266846208 Bytes
Free Physical RAM: 63098880 Bytes
Pagefile Commit Limit: 790196224 Bytes
Pagefile Commit Available: 557658112 Bytes
Task List:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
alg.exe
KVSRVX.EXE
explorer.exe
QQ.exe
ctfmon.exe
realsched.exe
IEXPLORE.EXE
IEXPLORE.EXE
realplay.exe

[Exception]
Exception Type: EXCEPTION_ACCESS_VIOLATION
Exception Address: 608F2EFD
Attempted read at address: 00000000
ThreadId: 1436
Thread Callstack:
Address Section:Offset ModuleName FunctionName
608F2EFD 1:21EFD cdpl3210.dll RMAShutdown
60006811 1:5811 rpap3260.dll
60029171 1:28171 rpap3260.dll SetDLLAccessPath
60029325 1:28325 rpap3260.dll SetDLLAccessPath
627729A7 1:19A7 uisy3201.dll
77D13A5F 1:2A5F USER32.dll CreateWindowExA
77D13B2E 1:2B2E USER32.dll CreateWindowExA
77D13D6A 1:2D6A USER32.dll CreateWindowExA
77D141FD 1:31FD USER32.dll DispatchMessageA
600029C9 1:19C9 rpap3260.dll
00401D25 1:D25 RealPlay.exe
00408BF6 1:7BF6 RealPlay.exe
77E5EB69 1:1DB69 kernel32.dll CreateProcessInternalW

[Modules]
GlobalRefCount ProcessRefCount ModuleSize BaseAddress ModulePath
65535 65535 520192 00400000 E:\RealOne\RealPlay.exe (6.0.11.872)
65535 65535 692224 77F50000 D:\WINDOWS\System32\ntdll.dll (5.1.2600.0)
65535 65535 1101824 77E40000 D:\WINDOWS\system32\kernel32.dll (5.1.2600.0)
65535 65535 294912 78000000 D:\WINDOWS\System32\PNCRT.dll (6.0.0.0)
65535 65535 28672 77BD0000 D:\WINDOWS\system32\VERSION.dll (5.1.2600.0)
65535 65535 577536 77D10000 D:\WINDOWS\system32\USER32.dll (5.1.2600.0)
65535 65535 262144 77C40000 D:\WINDOWS\system32\GDI32.dll (5.1.2600.0)
65535 65535 626688 77DA0000 D:\WINDOWS\system32\ADVAPI32.dll (5.1.2600.0)
65535 65535 479232 77C90000 D:\WINDOWS\system32\RPCRT4.dll (5.1.2600.0)
65535 65535 1155072 77180000 D:\WINDOWS\system32\ole32.dll (5.1.2600.0)
3 3 106496 76300000 D:\WINDOWS\System32\IMM32.DLL (5.1.2600.0)
1 1 32768 62C20000 D:\WINDOWS\System32\LPK.DLL (5.1.2600.0)
1 1 368640 72F10000 D:\WINDOWS\System32\USP10.dll (1.407.2600.0)
1 1 307200 74680000 D:\WINDOWS\System32\MSCTF.dll (5.1.2600.0)
9 9 163840 62890000 D:\Program Files\Common Files\Real\Common\objb3201.dll (0.1.0.3389)
129 129 339968 77BE0000 D:\WINDOWS\system32\msvcrt.dll (7.0.2600.0)
51 51 409600 63180000 D:\WINDOWS\system32\SHLWAPI.dll (6.0.2730.1200)
9 9 933888 71950000 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (6.0.2600.0)
28 28 569344 77310000 D:\WINDOWS\system32\comctl32.dll (5.82.2600.0)
1 1 692224 60000000 E:\RealOne\rpplugins\rpap3260.dll (6.0.9.1501)
8 8 421888 60360000 D:\Program Files\Common Files\Real\Common\pngu3267.dll (6.7.0.900)
9 9 282624 76320000 D:\WINDOWS\system32\comdlg32.dll (6.0.2600.0)
29 29 8339456 773A0000 D:\WINDOWS\system32\SHELL32.dll (6.0.2600.0)
43 43 28672 60430000 D:\Program Files\Common Files\Real\Common\pnrs3260.dll (6.0.9.2068)
1 1 40960 65010000 E:\RealOne\lang\cdplay_cn.dll (6.0.4.382)
1 1 32768 65030000 E:\RealOne\lang\dbcomp_cn.dll (6.0.4.382)
1 1 57344 65040000 E:\RealOne\lang\embed_cn.dll (6.0.4.382)
1 1 28672 65060000 E:\RealOne\lang\gemctl_cn.dll (6.0.4.382)
1 1 28672 65090000 E:\RealOne\lang\pngui_cn.dll (6.0.4.382)
1 1 28672 650A0000 E:\RealOne\lang\rjctl_cn.dll (6.0.4.382)
1 1 36864 650F0000 E:\RealOne\lang\rjeq_cn.dll (6.0.4.382)
1 1 557056 65150000 E:\RealOne\lang\rjres_cn.dll (6.0.4.382)
1 1 36864 651E0000 E:\RealOne\lang\rjskin_cn.dll (6.0.4.382)
1 1 32768 651F0000 E:\RealOne\lang\rjviz_cn.dll (6.0.4.382)
1 1 73728 65100000 E:\RealOne\lang\rjfade_cn.dll (6.0.4.382)
1 1 204800 650B0000 E:\RealOne\lang\rjdlg_cn.dll (6.0.4.382)
1 1 131072 65120000 E:\RealOne\lang\rjmisc_cn.dll (6.0.4.382)
1 1 28672 65140000 E:\RealOne\lang\rjprog_cn.dll (6.0.4.382)
1 1 94208 65220000 E:\RealOne\lang\rpapp_cn.dll (6.0.4.382)
1 1 32768 65240000 E:\RealOne\lang\rpclsvc_cn.dll (6.0.4.382)
1 1 172032 65250000 E:\RealOne\lang\rpclutil_cn.dll (6.0.4.382)
1 1 102400 65280000 E:\RealOne\lang\rpdemand_cn.dll (6.0.4.382)
1 1 28672 652A0000 E:\RealOne\lang\rpdsplyr_cn.dll (6.0.4.382)
1 1 53248 652C0000 E:\RealOne\lang\rpgutil_cn.dll (6.0.4.382)
1 1 65536 652D0000 E:\RealOne\lang\rpmnpane_cn.dll (6.0.4.382)
1 1 53248 652E0000 E:\RealOne\lang\rpplylst_cn.dll (6.0.4.382)
1 1 28672 65310000 E:\RealOne\lang\rptrkedt_cn.dll (6.0.4.382)
1 1 28672 65320000 E:\RealOne\lang\rpwebctl_cn.dll (6.0.4.382)
1 1 28672 65340000 E:\RealOne\lang\tcdinfo_cn.dll (6.0.4.382)
1 1 28672 65350000 E:\RealOne\lang\tclsvc_cn.dll (6.0.4.382)
1 1 81920 65360000 E:\RealOne\lang\tdwnmgr_cn.dll (6.0.4.382)
1 1 28672 653B0000 E:\RealOne\lang\tmp3_cn.dll (6.0.4.382)
1 1 28672 653C0000 E:\RealOne\lang\twave_cn.dll (6.0.4.382)
1 1 159744 65380000 E:\RealOne\lang\tmdedit_cn.dll (6.0.4.382)
1 1 24576 65070000 E:\RealOne\lang\mydevices_cn.dll (6.0.4.382)
3 3 442368 60440000 E:\RealOne\rpplugins\rpcl3260.dll (6.0.9.1576)
15 15 180224 76B10000 D:\WINDOWS\System32\WINMM.dll (5.1.2600.0)
1 1 348160 62770000 D:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll (0.1.0.1760)
17 17 569344 770F0000 D:\WINDOWS\system32\OLEAUT32.dll (3.50.5014.0)
1 1 1339392 765E0000 D:\WINDOWS\System32\SETUPAPI.dll (5.1.2600.0)
1 1 266240 609A0000 D:\Program Files\Common Files\Real\Update_OB\setu3270.dll (7.0.0.2311)
2 2 163840 61730000 D:\Program Files\Common Files\Real\Plugins\zipf3260.dll (6.0.7.2536)
1 1 577536 60700000 E:\RealOne\rpplugins\rpct3260.dll (6.0.0.547)
1 1 241664 607B0000 E:\RealOne\rpplugins\rpme3260.dll (6.0.9.1142)
1 1 532480 62670000 D:\Program Files\Common Files\Real\RCAPlugins\gemc3201.dll (0.1.0.3395)
1 1 40960 619F0000 D:\Program Files\Common Files\Real\Plugins\pxcb3210.dll (1.0.0.2128)
1 1 450560 618D0000 D:\Program Files\Common Files\Real\Plugins\imgr3260.dll (6.0.7.3916)
1 1 454656 60160000 E:\RealOne\rpplugins\rpmn3260.dll (6.0.9.1419)
2 2 40960 63000000 E:\RealOne\rpplugins\rpms3260.dll (6.0.0.338)
2 2 143360 62120000 E:\RealOne\rpplugins\rjbe3260.dll (6.0.3.836)
1 1 245760 61C80000 E:\RealOne\rpplugins\MPACore.dll (1.0.2.1139)
2 2 61440 60CD0000 D:\Program Files\Common Files\Real\Plugins\smpl3260.dll (6.0.7.4259)
1 1 290816 656F0000 E:\RealOne\rpplugins\rpwe3260.dll (6.0.0.546)
1 1 40960 71A40000 D:\WINDOWS\System32\WSOCK32.dll (5.1.2600.0)
15 15 86016 012B0000 D:\WINDOWS\System32\WS2_32.dll (5.1.2600.0)
15 15 32768 012D0000 D:\WINDOWS\System32\WS2HELP.dll (5.1.2600.0)
1 1 139264 62730000 D:\Program Files\Common Files\Real\RCAPlugins\gct23201.dll (0.1.0.3395)
1 1 69632 62650000 D:\Program Files\Common Files\Real\RCAPlugins\gema3201.dll (0.1.0.1752)
5 5 610304 012E0000 D:\WINDOWS\system32\wininet.dll (6.0.2737.800)
5 5 565248 76230000 D:\WINDOWS\system32\CRYPT32.dll (5.131.2600.0)
5 5 61440 76210000 D:\WINDOWS\system32\MSASN1.dll (5.1.2600.0)
5 5 495616 1A400000 D:\WINDOWS\system32\urlmon.dll (6.0.2736.2300)
1 1 65536 76F60000 D:\WINDOWS\System32\Secur32.dll (5.1.2600.0)
1 1 73728 61DF0000 E:\RealOne\twebbrowse.dll (1.0.2.311)
2 2 491520 76FA0000 D:\WINDOWS\System32\CLBCATQ.DLL (2001.12.4414.42)
2 2 806912 77020000 D:\WINDOWS\System32\COMRes.dll (2001.12.4414.42)
1 1 1347584 71700000 D:\WINDOWS\System32\shdocvw.dll (6.0.2737.800)
1 1 557056 01430000 D:\WINDOWS\System32\shdoclc.dll (6.0.2715.400)
3 3 585728 746D0000 D:\WINDOWS\System32\mlang.dll (6.0.2600.0)
1 1 233472 702B0000 D:\WINDOWS\System32\c_g18030.dll (5.1.2600.0)
7 7 20480 702A0000 D:\WINDOWS\System32\c_is2022.dll (5.1.2600.0)
1 1 1314816 60AB0000 D:\Program Files\Common Files\Real\Common\pnen3260.dll (6.0.9.2006)
4 4 36864 72C90000 D:\WINDOWS\System32\wdmaud.drv (5.1.2600.0)
2 2 32768 72C80000 D:\WINDOWS\System32\msacm32.drv (5.1.2600.0)
2 2 81920 77BB0000 D:\WINDOWS\System32\MSACM32.dll (5.1.2600.0)
1 1 28672 77BA0000 D:\WINDOWS\System32\midimap.dll (5.1.2600.0)
1 1 106496 630B0000 D:\Program Files\Common Files\Real\Plugins\vsrl3260.dll (6.0.7.3265)
1 1 53248 60F90000 D:\Program Files\Common Files\Real\Plugins\pnxr3260.dll (6.0.7.4552)
1 1 45056 61200000 D:\Program Files\Common Files\Real\Plugins\ramf3260.dll (6.0.7.3451)
1 1 163840 60D40000 D:\Program Files\Common Files\Real\Plugins\rmff3260.dll (6.0.9.1746)
1 1 593920 75BC0000 D:\WINDOWS\System32\jscript.dll (5.6.0.6626)
1 1 208896 65E90000 E:\RealOne\rpplugins\ierpplug.dll (1.0.0.635)
1 1 53248 10000000 E:\Tencent\QQ1\QQHook.dll ()
1 1 135168 60FD0000 D:\Program Files\Common Files\Real\Plugins\rare3260.dll (6.0.9.1570)
1 1 90112 62930000 D:\Program Files\Common Files\Real\Codecs\atrc3260.dll (6.0.1.1651)
1 1 151552 61FE0000 D:\Program Files\Common Files\Real\Common\rjbviz.dll (1.0.2.2362)
1 1 282624 736D0000 D:\WINDOWS\System32\DDRAW.dll (5.1.2600.0)
1 1 24576 73B30000 D:\WINDOWS\System32\DCIMAN32.dll (5.1.2600.0)
1 1 385024 608D0000 E:\RealOne\rpplugins\cdpl3210.dll (1.0.2.1135)
1 1 49152 61DD0000 E:\RealOne\mmcdda32.dll (1.0.2.1136)
1 1 229376 62150000 E:\RealOne\rpplugins\rjbc3260.dll (6.0.0.535)
1 1 45056 76BC0000 D:\WINDOWS\System32\psapi.dll (5.1.2600.0)
1 1 139264 76C60000 D:\WINDOWS\system32\imagehlp.dll (5.1.2600.0)

[Threads]
ThreadId Priority BasePriority RefCount
1436 8 8 0
1344 8 8 0
200 15 15 0
1836 10 10 0
304 8 8 0
548 10 10 0
1776 8 8 0
1456 8 8 0
1276 15 15 0
1908 8 8 0

[ThreadId: 1436]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
77E59D6A 1:18D6A kernel32.dll WaitForSingleObject
77BF6EB7 1:15EB7 msvcrt.dll _unDNameEx
7800D4E7 1:C4E7 PNCRT.dll XcptFilter
77E5EB69 1:1DB69 kernel32.dll CreateProcessInternalW

Registers:
EAX=00000001 EBX=C0000005 ECX=0012D790 EDX=00000000 ESI=00000318 EDI=00000000
EIP=7FFE0304 ESP=0012D704 EBP=0012D768
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=0000003B GS=00000000
EFL=00000202

[ThreadId: 1344]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
60B3B75A 1:8A75A pnen3260.dll CloseEngine
60B49B79 1:98B79 pnen3260.dll CAudioOutWindows::WaveOutWndProc
60B3B7FF 1:8A7FF pnen3260.dll CloseEngine
78009B85 1:8B85 PNCRT.dll beginthreadex
77E602ED 1:1F2ED kernel32.dll OpenConsoleW

Registers:
EAX=7802F3F0 EBX=00000000 ECX=0235FFB0 EDX=00000000 ESI=0235FF04 EDI=0020DCF6
EIP=7FFE0304 ESP=0235FEC8 EBP=0235FEEC
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 200]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
77E54C70 1:13C70 kernel32.dll WaitForMultipleObjects
77E602ED 1:1F2ED kernel32.dll OpenConsoleW

Registers:
EAX=72C92ECC EBX=024AFF1C ECX=77F75520 EDX=00000000 ESI=00000000 EDI=7FFDF000
EIP=7FFE0304 ESP=024AFED4 EBP=024AFF70
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 1836]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
77E59D6A 1:18D6A kernel32.dll WaitForSingleObject
60B24214 1:73214 pnen3260.dll CloseEngine
60B3B7FF 1:8A7FF pnen3260.dll CloseEngine
78009B85 1:8B85 PNCRT.dll beginthreadex
77E602ED 1:1F2ED kernel32.dll OpenConsoleW

Registers:
EAX=0003C8C0 EBX=00647B90 ECX=00000000 EDX=00000000 ESI=00000264 EDI=00000000
EIP=7FFE0304 ESP=025AFEBC EBP=025AFF20
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 304]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
60B3B75A 1:8A75A pnen3260.dll CloseEngine
60B1BE3C 1:6AE3C pnen3260.dll CloseEngine
60B3B7FF 1:8A7FF pnen3260.dll CloseEngine
78009B85 1:8B85 PNCRT.dll beginthreadex
77E602ED 1:1F2ED kernel32.dll OpenConsoleW

Registers:
EAX=78009B20 EBX=00647CD0 ECX=00000000 EDX=00000000 ESI=026AFF04 EDI=00000000
EIP=7FFE0304 ESP=026AFEC8 EBP=026AFEEC
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 548]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
60B3B75A 1:8A75A pnen3260.dll CloseEngine
60B28D39 1:77D39 pnen3260.dll CloseEngine
60B3B7FF 1:8A7FF pnen3260.dll CloseEngine
78009B85 1:8B85 PNCRT.dll beginthreadex
77E602ED 1:1F2ED kernel32.dll OpenConsoleW

Registers:
EAX=00E9E8F8 EBX=00647D30 ECX=0000027A EDX=00000000 ESI=027AFF04 EDI=00647CF0
EIP=7FFE0304 ESP=027AFEC8 EBP=027AFEEC
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 1776]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0
77DAC433 1:B433 ADVAPI32.dll WmiCloseBlock
77E602ED 1:1F2ED kernel32.dll OpenConsoleW

Registers:
EAX=77DAC19B EBX=029CFEF0 ECX=00000000 EDX=00000000 ESI=00000000 EDI=7FFDF000
EIP=7FFE0304 ESP=029CFEA8 EBP=029CFF44
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 1456]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0

Registers:
EAX=77C9165A EBX=0019D898 ECX=77F516F5 EDX=00000000 ESI=00000100 EDI=00000000
EIP=7FFE0304 ESP=02ACFE28 EBP=02ACFF90
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 1276]
Address Section:Offset ModuleName FunctionName
7FFE0304 0:0

Registers:
EAX=00000008 EBX=00000390 ECX=77E531F7 EDX=00000000 ESI=00000390 EDI=00000000
EIP=7FFE0304 ESP=0359FF24 EBP=0359FF88
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=00000038 GS=00000000
EFL=00000202

[ThreadId: 1908]
Address Section:Offset ModuleName FunctionName
0040757C 1:657C RealPlay.exe
015BEDD8 0:0

Registers:
EAX=0040757C EBX=015BEB0C ECX=00000000 EDX=7FFE0304 ESI=00000774 EDI=015BEAEC
EIP=0040757C ESP=015BE814 EBP=015BEAF0
CS=0000001B SS=00000023 DS=00000023 ES=00000023 FS=0000003B GS=00000000
EFL=00000000

不会有事吧？

地主发表时间: 04-03-22 12:29

回复: pnj1226 [pnj1226]

论坛用户

我比你跟烂

B1层发表时间: 04-03-22 13:21

回复: zybzc [zybzc]

论坛用户

估计你安装了什么软件在桌面上
用过它就在桌面生成记录咯`

B2层发表时间: 04-03-22 18:27

论坛: 菜鸟乐园