本文来自死性不改的博客
由于机器硬件比较老,经常出现奇奇怪怪的问题,另外加上如今流行的机器狗,让蓝屏的说法也有了改变~ 比如0X0000008E,有时中毒也会引发这个蓝屏代码。以下是摘自“太平洋 论坛 ”的贴子内容
引用内容 一位朋友的电脑昨天在系统登录前后这段时间里出现0x0000008E蓝屏错误,请偶帮忙检修。
一、分析 一般当程序引用不正确的内存地址时,可能会引起0x0000008E蓝屏错误。当这种错误发生成系统登录时,那很可能是开机启动项引起的。
二、检测 为了跳过开机启动项,我们在开机时按住F8键,选择以带网络连接的安全模式启动。 结果可以正常登录~ 看来问题真的出在开机启动项上。 运行msconfig.exe,检查启动项,发现了下面 pe_xscan 的 log 中的几个O4项,确认是电脑中了病毒。
下载 pe_xscan 扫描log并分析,发现如下可疑项(进程模块中相同的部分有省略): /=== pe_xscan 08-03-03 by Purple Endurer 2008-3-13 12:34:0 Windows XP Service Pack 2(5.1.2600) 管理员用户组 带网络连接的安全模式 [System Process] * 0 C:WINDOWSSYSTEM32FYOM.DLL | 2008-3-12 10:22:26 C:WINDOWSSYSTEM32TAIJOAD.DLL | 2008-3-12 10:22:58 C:WINDOWSSYSTEM32ATGNEHZ.DLL | 2008-3-12 10:21:46 C:WINDOWSSYSTEM32TSQC.DLL | 2008-3-12 10:22:52 C:WINDOWSSYSTEM32MNAUYGNIQAIXNAIJ.DLL | 2008-3-12 10:25:0 C:WINDOWSSYSTEM32OQNAUHC.DLL | 2008-3-12 10:22:46 C:WINDOWSSYSTEM32GNOLNAIT.DLL | 2008-3-12 10:22:0 C:WINDOWSSYSTEM32DUYGNEF.DLL | 2008-3-12 10:23:24 C:WINDOWSSYSTEM32SLCS.DLL | 2008-3-12 10:24:54 C:WINDOWSSYSTEM32IEMNAW.DLL | 2008-3-12 10:22:24 C:WINDOWSSYSTEM32WINLOGON.EXE* 220 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE C:WINDOWSSYSTEM32MNAUYGNIQAIXNAIJ.DLL | 2008-3-12 10:25:0 C:WINDOWSSYSTEM32OQNAUHC.DLL | 2008-3-12 10:22:46 C:WINDOWSSYSTEM32GNOLNAIT.DLL | 2008-3-12 10:22:0 C:WINDOWSSYSTEM32DUYGNEF.DLL | 2008-3-12 10:23:24 C:WINDOWSSYSTEM32FYOM.DLL | 2008-3-12 10:22:26 C:WINDOWSSYSTEM32TAIJOAD.DLL | 2008-3-12 10:22:58 C:WINDOWSSYSTEM32ATGNEHZ.DLL | 2008-3-12 10:21:46 C:WINDOWSSYSTEM32TSQC.DLL | 2008-3-12 10:22:52 C:WINDOWSSYSTEM32SLCS.DLL | 2008-3-12 10:24:54 C:WINDOWSSYSTEM32IEMNAW.DLL | 2008-3-12 10:22:24 C:WINDOWSSYSTEM32SERVICES.EXE* 392 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe C:WINDOWSSYSTEM32MNAUYGNIQAIXNAIJ.DLL | 2008-3-12 10:25:0 C:WINDOWSSYSTEM32OQNAUHC.DLL | 2008-3-12 10:22:46 C:WINDOWSSYSTEM32GNOLNAIT.DLL | 2008-3-12 10:22:0 C:WINDOWSSYSTEM32DUYGNEF.DLL | 2008-3-12 10:23:24 C:WINDOWSSYSTEM32FYOM.DLL | 2008-3-12 10:22:26 C:WINDOWSSYSTEM32TAIJOAD.DLL | 2008-3-12 10:22:58 C:WINDOWSSYSTEM32ATGNEHZ.DLL | 2008-3-12 10:21:46 C:WINDOWSSYSTEM32TSQC.DLL | 2008-3-12 10:22:52 C:WINDOWSSYSTEM32SLCS.DLL | 2008-3-12 10:24:54 C:WINDOWSSYSTEM32LSASS.EXE* 412 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe C:WINDOWSSYSTEM32MNAUYGNIQAIXNAIJ.DLL | 2008-3-12 10:25:0 C:WINDOWSSYSTEM32OQNAUHC.DLL | 2008-3-12 10:22:46 C:WINDOWSSYSTEM32GNOLNAIT.DLL | 2008-3-12 10:22:0 C:WINDOWSSYSTEM32DUYGNEF.DLL | 2008-3-12 10:23:24 C:WINDOWSSYSTEM32FYOM.DLL | 2008-3-12 10:22:26 C:WINDOWSSYSTEM32TAIJOAD.DLL | 2008-3-12 10:22:58 C:WINDOWSSYSTEM32ATGNEHZ.DLL | 2008-3-12 10:21:46 C:WINDOWSSYSTEM32TSQC.DLL | 2008-3-12 10:22:52 C:WINDOWSSYSTEM32SLCS.DLL | 2008-3-12 10:24:54 C:WINDOWSSYSTEM32SVCHOST.EXE* 968 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | s vc host.exe | svchost.exe C:WINDOWSSYSTEM32MNAUYGNIQAIXNAIJ.DLL | 2008-3-12 10:25:0 C:WINDOWSSYSTEM32OQNAUHC.DLL | 2008-3-12 10:22:46 C:WINDOWSSYSTEM32GNOLNAIT.DLL | 2008-3-12 10:22:0 C:WINDOWSSYSTEM32DUYGNEF.DLL | 2008-3-12 10:23:24 C:WINDOWSSYSTEM32FYOM.DLL | 2008-3-12 10:22:26 C:WINDOWSSYSTEM32TAIJOAD.DLL | 2008-3-12 10:22:58 C:WINDOWSSYSTEM32ATGNEHZ.DLL | 2008-3-12 10:21:46 C:WINDOWSSYSTEM32TSQC.DLL | 2008-3-12 10:22:52 C:WINDOWSSYSTEM32SLCS.DLL | 2008-3-12 10:24:54 C:WINDOWSSYSTEM32CONIME.EXE* 456 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | Console | CONIME.EXE C:WINDOWSSYSTEM32FYOM.DLL | 2008-3-12 10:22:26 C:WINDOWSSYSTEM32TAIJOAD.DLL | 2008-3-12 10:22:58 C:WINDOWSSYSTEM32ATGNEHZ.DLL | 2008-3-12 10:21:46 C:WINDOWSSYSTEM32TSQC.DLL | 2008-3-12 10:22:52 C:WINDOWSSYSTEM32MNAUYGNIQAIXNAIJ.DLL | 2008-3-12 10:25:0 C:WINDOWSSYSTEM32OQNAUHC.DLL | 2008-3-12 10:22:46 C:WINDOWSSYSTEM32GNOLNAIT.DLL | 2008-3-12 10:22:0 C:WINDOWSSYSTEM32DUYGNEF.DLL | 2008-3-12 10:23:24 C:WINDOWSSYSTEM32SLCS.DLL | 2008-3-12 10:24:54 O2 - BHO - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:PROGRAM FILESINTERNET EXPLORERPLUGINSNS_SYS55.SYS O4 - HKLM..RUN: [UPXDND] C:WINDOWSUPXDND.EXE O4 - HKLM..RUN: [KVSC3] C:WINDOWSKVSC3.EXE O4 - HKLM..RUN: [MSCCRT] C:WINDOWSMSCCRT.EXE O4 - HKLM..RUN: [CMDBCS] C:WINDOWSCMDBCS.EXE O4 - HKLM..RUN: [DBGHLP32] C:WINDOWSDBGHLP32.EXE O4 - HKLM..RUN: [LOTUSHLP] C:WINDOWSLOTUSHLP.EXE O4 - HKLM..RUN: [SHAPROC] C:WINDOWSSHAPROC.EXE O4 - HKLM..RUN: [WINSVR32] C:WINDOWSWINSVR32.EXE O4 - HKLM..RUN: [WSOCKDRV32] C:WINDOWSWSOCKDRV32.EXE O4 - HKLM..POLICIESEXPLORERRUN: [COMREPL32] C:WINDOWSSYSTEM32COMCOMRECFG.EXE O4 - HKLM..POLICIESEXPLORERRUN: [VISIN] C:WINDOWSSYSTEM32VISIN.EXE
O20 - AppInit_DLLs = fyom.dll,taijoad.dll,atgnehz.dll,tsqc.dll,mnauygniqaixnaij.dll,oqnauhc.dll,gnolnait.dll ,duygnef.dll,slcs.dll,iemnaw.dll
O23 - 服务: ASYNCMAC (RAS ASYNCHRONOUS MEDIA DRIVER) - SYSTEM32DRIVERSCOMINT32.SYS (自动) O23 - 服务: COMINT32 (COMINT32) - C:WINDOWSSYSTEM32DRIVERSCOMINT32.SYS | 2007-12-3 9:49:4(手动) O23 - 服务: MSERT (MSERT) - SYSTEM32DRIVERSMSELK.SYS (自动) O23 - 服务: NPF (NETGROUP PACKET FILTER) - SYSTEM32DRIVERSNPF.SYS | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动) O23 - 服务: PCIHARDDISK (PCIHARDDISK) - C:WINDOWSSYSTEM32DRIVERSFAT32.SYS(手动) O23 - 服务: WINDOWSDOWN (WINDOWS_SYSTEMDOWN) - C:WINDOWSSYSTEM32SERVET.EXE(禁用) O24 - SHLEXECHOOK: [MICROSOFT] - {7914E0AA-ECCB-4311-B584-C49538227824} = C:WINDOWSSYSTEM32JHFRXZ.DLL O24 - SHLEXECHOOK: [] - {D29DCEE0-457B-45A2-A92D-741B95B7723B} = C:PROGRAM FILESINTERNET EXPLORERPLUGINSNS_SYS55.SYS O24 - SHLEXECHOOK: [MICROSOFT] - {84143967-B645-4BFF-B873-DA1DC886E9A7} = C:WINDOWSSYSTEM32CEDAFB.DLL O24 - SHLEXECHOOK: [MICROSOFT] - {5E907A48-400E-4EA8-9792-FFAE052D59E9} = C:WINDOWSSYSTEM32PEDADT.DLL O24
查看更多关于关于蓝屏代码0x0000008E和0x000000A5 - Windows操作系统的详细内容...