Robi sie nieciekawie z moim kompem, ale po kolei. uTorrent w przypadku złego wyłączenia programu ma procedurę sprawdzania niedokończonych plików. Mam jedno zadanie do ściągnięcia które zajmuje 8GB, więc sprawdzanie tego pliku trwa kilka minut. Jesli podczas tego sparwdzania włączę film lub przeglądam www to zobaczę najprawdopodobniej jeden z BlueScreen’ów:
1
BugCheck 1000000A, {0, 2, 1, 804dc11d}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : win32k.sys ( win32k+2a9b )
2
BugCheck 1000008E, {c0000005, 2c01001e, f50efc1c, 0}
Probably caused by : sptd.sys ( sptd+6c86 )
3
BugCheck 10000050, {934e63f4, 0, bf80ded5, 0}
Probably caused by : win32k.sys ( win32k+ded5 )
4
BugCheck 19, {20, 22, c5a, b87f000}
Cannot get _POOL_TRACKER_BIG_PAGES type size
Probably caused by : ntoskrnl.exe ( nt+5c54e )
5
BugCheck 100000D1, {45f1b01c, 6, 0, f8cf6de3}
Probably caused by : P17.sys ( P17+1ede3 )
6
BugCheck 100000D1, {701d24e, 2, 0, 701d24e}
Probably caused by : USBPORT.SYS ( USBPORT+ab57 )
7
BugCheck 100000D1, {701d24e, 2, 0, 701d24e}
Probably caused by : USBPORT.SYS ( USBPORT+ab57 )
8
BugCheck C2, {7, cd4, 81863308, 81a58008}
Cannot get _POOL_TRACKER_BIG_PAGES type size
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
*** WARNING: Unable to verify timestamp for e4usbaw.sys
*** ERROR: Module load completed but symbols could not be loaded for e4usbaw.sys
*** WARNING: Unable to verify timestamp for USBPORT.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS
Probably caused by : wanarp.sys ( wanarp+1cd5 )
Po takim resecie ciężko jest uruchomić kompa. Zwykle miga BlueScreen podczas uruchamiania komputera i procedura od nowa. Przed chwila było jeszcze gorzej: pozwoliłem podczas uruchamiania sprawdzić dysk. Scandisk sprawdził i było wszystko OK. Następnie system nie przeszedł już do wyboru użytkownika tylko się zawiesił. Po resecie komputer sie w ogóle nie uruchamiał. Na monitor nic nie było wysyłane (nawet ładowanie BIOSu). Pomogło zresetowanie ustawień BIOSu. Po zresetowaniu BIOSu doszło mi nowe, nieznane urządzenie “Kontroler PCI Simple Communication” Dysk sprawdzony programem Victoria 4.2 beta wolny od błędów Napięcia sprawdzone programem SpeedFan 4.33 : 3,3 - 3,25V 5 - 4,78V temp. proc. 55 stopni Log z HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:13, on 2007-10-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Debugging Tools for Windows\windbg.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\TC PowerPack\totalcmd.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/pl/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFA1B4DF-BC9D-4A87-9D12-05EF32387822}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6183 bytes
Log z Silent Runners
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"autoclk" = "autoclk.exe" [file not found]
"adiras" = "adiras.exe" [file not found]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}" = "Wyślij na Fotosik.pl"
-> {HKLM...CLSID} = "Wyślij na Fotosik.pl"
\InProcServer32\(Default) = "C:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook"
-> {HKLM...CLSID} = "SmartFTP Copy Hook"
\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}\(Default) = "{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}"
-> {HKLM...CLSID} = "Wyślij na Fotosik.pl"
\InProcServer32\(Default) = "C:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"
Startup items in "Artur" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"" ["Executive Software International, Inc."]
France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1000\Driver = "CNMLM6e.DLL" ["CANON INC."]
hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]
---------- (launch time: 2007-10-07 18:53:28)
<>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 100 seconds, including 18 seconds for message boxes)
Konfiguracja mojego dziadka to: - MSI K7T266 Pro2, - AMD Athlon XP 1700+ - 256 MB DDR - HDD Seagate 120 GB - NVIDIA GeForce2 MX400 Podgląd zdarzeń Aplikacja:
Typ zdarzenia: Błąd
Źródło zdarzenia: Application Error
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 1000
Data: 2007-10-08
Godzina: 02:25:15
Użytkownik: Brak
Komputer: AR2REK
Opis:
Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.3156, moduł powodujący błąd user32.dll, wersja 5.1.2600.3099, adres błędu 0x000218c8.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Dane:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 33 31 35 36 20 00.3156
0030: 69 6e 20 75 73 65 72 33 in user3
0038: 32 2e 64 6c 6c 20 35 2e 2.dll 5.
0040: 31 2e 32 36 30 30 2e 33 1.2600.3
0048: 30 39 39 20 61 74 20 6f 099 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 30 32 31 38 63 38 0d 0a 0218c8..
Typ zdarzenia: Błąd
Źródło zdarzenia: Application Error
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 1000
Data: 2007-10-07
Godzina: 19:08:36
Użytkownik: Brak
Komputer: AR2REK
Opis:
Aplikacja powodująca błąd comcomp.exe, wersja 11.1.0.7, moduł powodujący błąd user32.dll, wersja 5.1.2600.3099, adres błędu 0x00008539.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Dane:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 63 6f 6d ure com
0018: 63 6f 6d 70 2e 65 78 65 comp.exe
0020: 20 31 31 2e 31 2e 30 2e 11.1.0.
0028: 37 20 69 6e 20 75 73 65 7 in use
0030: 72 33 32 2e 64 6c 6c 20 r32.dll
0038: 35 2e 31 2e 32 36 30 30 5.1.2600
0040: 2e 33 30 39 39 20 61 74 .3099 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 30 38 35 33 39 00008539
0058: 0d 0a ..
Typ zdarzenia: Błąd
Źródło zdarzenia: Application Error
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 1000
Data: 2007-10-07
Godzina: 18:56:09
Użytkownik: Brak
Komputer: AR2REK
Opis:
Aplikacja powodująca błąd opera.exe, wersja 9.22.8801.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x0001213e.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Dane:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6f 70 65 ure ope
0018: 72 61 2e 65 78 65 20 39 ra.exe 9
0020: 2e 32 32 2e 38 38 30 31 .22.8801
0028: 2e 30 20 69 6e 20 6e 74 .0 in nt
0030: 64 6c 6c 2e 64 6c 6c 20 dll.dll
0038: 35 2e 31 2e 32 36 30 30 5.1.2600
0040: 2e 32 31 38 30 20 61 74 .2180 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 31 32 31 33 65 0001213e
0058: 0d 0a ..
Typ zdarzenia: Błąd
Źródło zdarzenia: Application Error
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 1000
Data: 2007-10-07
Godzina: 18:56:03
Użytkownik: Brak
Komputer: AR2REK
Opis:
Aplikacja powodująca błąd opera.exe, wersja 9.22.8801.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0161b7f8.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Dane:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6f 70 65 ure ope
0018: 72 61 2e 65 78 65 20 39 ra.exe 9
0020: 2e 32 32 2e 38 38 30 31 .22.8801
0028: 2e 30 20 69 6e 20 75 6e .0 in un
0030: 6b 6e 6f 77 6e 20 30 2e known 0.
0038: 30 2e 30 2e 30 20 61 74 0.0.0 at
0040: 20 6f 66 66 73 65 74 20 offset
0048: 30 31 36 31 62 37 66 38 0161b7f8
0050: 0d 0a ..
Typ zdarzenia: Błąd
Źródło zdarzenia: Application Error
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 1000
Data: 2007-10-07
Godzina: 18:55:10
Użytkownik: Brak
Komputer: AR2REK
Opis:
Aplikacja powodująca błąd opera.exe, wersja 9.22.8801.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x0001207a.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Dane:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6f 70 65 ure ope
0018: 72 61 2e 65 78 65 20 39 ra.exe 9
0020: 2e 32 32 2e 38 38 30 31 .22.8801
0028: 2e 30 20 69 6e 20 6e 74 .0 in nt
0030: 64 6c 6c 2e 64 6c 6c 20 dll.dll
0038: 35 2e 31 2e 32 36 30 30 5.1.2600
0040: 2e 32 31 38 30 20 61 74 .2180 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 31 32 30 37 61 0001207a
0058: 0d 0a ..
System:
Typ zdarzenia: Błąd
Źródło zdarzenia: Service Control Manager
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 7000
Data: 2007-10-08
Godzina: 01:10:17
Użytkownik: Brak
Komputer: AR2REK
Opis:
Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu:
Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Typ zdarzenia: Błąd
Źródło zdarzenia: Service Control Manager
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 7034
Data: 2007-10-08
Godzina: 00:01:36
Użytkownik: Brak
Komputer: AR2REK
Opis:
Usługa France Telecom Routing Table Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Typ zdarzenia: Błąd
Źródło zdarzenia: Service Control Manager
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 7034
Data: 2007-10-08
Godzina: 00:01:25
Użytkownik: Brak
Komputer: AR2REK
Opis:
Usługa Creative Service for CDROM Access niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Typ zdarzenia: Błąd
Źródło zdarzenia: Service Control Manager
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 7034
Data: 2007-10-08
Godzina: 00:01:01
Użytkownik: Brak
Komputer: AR2REK
Opis:
Usługa Diskeeper niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Typ zdarzenia: Błąd
Źródło zdarzenia: Service Control Manager
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 7034
Data: 2007-10-08
Godzina: 00:00:43
Użytkownik: Brak
Komputer: AR2REK
Opis:
Usługa StarWind AE Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
Typ zdarzenia: Błąd
Źródło zdarzenia: Service Control Manager
Kategoria zdarzenia: Brak
Identyfikator zdarzenia: 7034
Data: 2007-10-08
Godzina: 00:00:41
Użytkownik: Brak
Komputer: AR2REK
Opis:
Usługa WMDM PMSP Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.
W wolnej chwili sprawdzę memtestem pamięć RAM. Skaner on-line mks zawiesza się na rtcres.dll. Logi z GMERa :http://wklej.org/id/cb37508354http://wklej.org/id/861801c3f3Całość czwartego MiniDump’a
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: ***Invalid***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Sun Oct 7 18:15:54.015 2007 (GMT+2)
System Uptime: 0 days 0:00:59.578
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 22, c5a, b87f000}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!PVOID***
******
*************************************************************************
unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_POOL_HEADER***
******
*************************************************************************
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_POOL_HEADER***
******
*************************************************************************
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_POOL_TRACKER_BIG_PAGES***
******
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
Probably caused by : ntoskrnl.exe ( nt+5c54e )
Followup: MachineOwner