Po uruchomieniu i pracy na roznych aplikacjach nastepuje samorstart. Nie ma tu jakiej reguly czasu czy konkretnego programy calkowity freestyle. Po restarcie pojawia sie komunikat ze system odzyskal sparwnosc po powaznym bledzie i sa kody tego bledu. Czy mozna gdzies znalezc do czego sie odnosza te kody? Dolanczam logi z “Hijack This” “Silenta” i pomiary temperatury i konfiguracje sprzetowa z “Everesta”. Prosze o pomoc. A i sprawdzalem kilkoma atywirami i nic nie znalazly>

Logfile of HijackThis v1.99.1

Scan saved at 14:07:18, on 2007-02-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOWS\system32\devldr32.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

D:\Program Files\BitComet\BitComet.exe

D:\Documents and Settings\Sylvia\Pulpit\Torrentyt\Filmy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"

O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F86AFDD8-9EDF-47CB-8ABA-BDCA3E55B3AA}: NameServer = 213.241.79.37 83.238.255.76

O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"BitComet" = ""D:\Program Files\BitComet\BitComet.exe"" ["www.BitComet.com"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"(Default)" = "(empty string)" [file not found]

"ATICCC" = ""D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]

"kav" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]

"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"Resume copy" = "copyfstq.exe /startup" [null data]

"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" [file not found]

"DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"

  -> {HKLM...CLSID} = "Web Anti-Virus"

                   \InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"

  -> {HKLM...CLSID} = "QCopy"

                   \InProcServer32\(Default) = "dropcpyr.dll" [null data]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<> klogon\DLLName = "D:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Sylvia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]



Startup items in "Sylvia" & "All Users" startup folders:

--------------------------------------------------------


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"ATI CATALYST System Tray" -> shortcut to: "D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]

"Acrobat Assistant" -> shortcut to: "D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Web Anti-Virus"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Kaspersky Anti-Virus 6.0, AVP, ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

PDF Port\Driver = "D:\WINDOWS\system32\pdfports.dll" ["Adobe Systems Incorporated."]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 27 seconds.

---------- (total run time: 76 seconds)

Wersja EVEREST v2.20.405/pl

    Strona domowa http://www.lavalys.com/

    Typ raportu Kreator raportów

    Komputer SYLKOMP-3BDE7F6 (Buba)

    Generator raportu Sylvia

    System operacyjny Microsoft Windows XP Professional 5.1.2600 (WinXP Retail)

    Data 2007-02-27

    Czas 14:10



--------[Podsumowanie]------------------------------------------------------------------------------------------------


    Komputer:

      System operacyjny Microsoft Windows XP Professional

      Dodatek service pack systemu operacyjnego Dodatek Service Pack 2

      DirectX 4.09.00.0904 (DirectX 9.0c)

      Nazwa komputera SYLKOMP-3BDE7F6 (Buba)

      Nazwa użytkownika Sylvia


    Płyta główna:

      Typ procesora AMD Athlon XP, 1666 MHz (12.5 x 133) 2000+

      Nazwa płyty głównej ASRock K7S8X v3 (5 PCI, 1 AGP, 3 DDR DIMM, Audio, LAN)

      Mikroukład płyty głównej SiS 746FX

      Pamięć fizyczna 384 MB (PC3200 DDR SDRAM)

      Typ BIOS'u AMI (10/07/03)

      Port komunikacyjny Port komunikacyjny (COM1)

      Port komunikacyjny Port drukarki (LPT1)


    Ekran:

      Karta wideo RADEON 9550 Secondary (128 MB)

      Karta wideo RADEON 9550 (128 MB)

      Akcelerator 3D ATI Radeon 9550 (RV350)

      Monitor LG StudioWorks 575C [15" CRT]


    Multimedia:

      Karta dźwiękowa Creative SB Live! Player 1024 Sound Card


    Magazyn:

      Kontroler IDE Kontroler SiS PCI IDE

      Kontroler SCSI/RAID SCSI/RAID Host Controller

      Napęd dyskietek Stacja dyskietek

      Dysk fizyczny ST320423A (20 GB, 5400 RPM, Ultra-ATA/66)

      Napęd dysków optycznych BA3147E PEH332A SCSI CdRom Device

      Napęd dysków optycznych HL-DT-ST CD-RW GCE-8526B (52x/32x/52x CD-RW)

      Napęd dysków optycznych HL-DT-ST DVDRAM GSA-H12N

      Status dysków SMART OK


    Partycje:

      C: (FAT32) 3499 MB (653 MB wolne)

      D: (FAT32) 8001 MB (3031 MB wolne)

      E: (FAT32) 7993 MB (1255 MB wolne)

      Rozmiar całkowity 19493 MB (4939 MB wolne)


    Urządzenia wejściowe:

      Klawiatura Standardowa klawiatura 101/102 klawisze lub Microsoft Natural Keyboard PS/2

      Mysz Mysz Microsoft PS/2


    Sieć:

      Karta sieciowa WAN (PPP/SLIP) Interface (213.238.66.181)


    Urządzenia zewnętrzne:

      Drukarka Acrobat Distiller

      Kontroler USB1 SiS 7001 PCI-USB Open Host Controller

      Kontroler USB1 SiS 7001 PCI-USB Open Host Controller

      Kontroler USB2 SiS 7002 USB 2.0 Enhanced Host Controller

      Urządzenie USB SpeedTouch 330 ADSL Modem

Właściwości czujnika:

      Typ czujnika Winbond W83697HF (ISA 290h)

      Nazwa płyty głównej ASRock K7S8X / K7S8XE / K7VM2 / K7VM4 / K7VT4-4X / K8Upgrade-760GX


    Temperatury:

      Płyta główna 33 °C (91 °F)

      Procesor 42 °C (108 °F)


    Wentylatory:

      Procesor 3444 RPM


    Wartości napięć:

      Napięcie rdzenia procesora 1.60 V

      +3.3 V 3.17 V

      +5 V 4.84 V

      +12 V 12.15 V

      +5 V podczas wstrzymania pracy 4.73 V

      Debug Info F 62 FF FF

      Debug Info T 42 33 255

      Debug Info V 64 00 C6 B4 BD BE BE (01)

http://forum.dzikie.net/index.php?action=show_temat&id=11035

Logi i napięcia są w porządku.

Zwykła wersja programu BearShare posiada w sobie syf dlatego proponuję go usunąć. A jeśli koniecznie chcesz z niego korzystać to zainstaluj wersję Lite, która jest pozbawiona syfu.

Sprawdź czy masz jakieś minidump’y, a jeśli tak to wklej najlepiej zawartość kilku, opis:

http://forum.dobreprogramy.pl/viewtopic … 977#797977

Podaje kilka zawartośc kilku minidumpow znalazłem ich 28:

Microsoft (R) Windows Debugger Version 6.6.0003.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [D]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20

Debug session time: Fri Feb 9 18:40:27.234 2007 (GMT+1)

System Uptime: 0 days 0:39:10.811

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

.......................................................................................................................

Loading User Symbols

Loading unloaded module list

........

Unable to load image win32k.sys, Win32 error 2

*** WARNING: Unable to verify timestamp for win32k.sys

*** ERROR: Module load completed but symbols could not be loaded for win32k.sys

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000008E, {c000001d, bf805810, ee11eb60, 0}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


Probably caused by : win32k.sys ( win32k+5810 )


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.6.0003.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [D]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20

Debug session time: Fri Feb 9 19:26:50.343 2007 (GMT+1)

System Uptime: 0 days 0:09:19.904

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

.......................................................................................................................

Loading User Symbols

Loading unloaded module list

........

Unable to load image ks.sys, Win32 error 2

*** WARNING: Unable to verify timestamp for ks.sys

*** ERROR: Module load completed but symbols could not be loaded for ks.sys

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000007E, {c0000005, f73e0004, f7af0b44, f7af0840}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*** WARNING: Unable to verify timestamp for wdmaud.sys

*** ERROR: Module load completed but symbols could not be loaded for wdmaud.sys

Probably caused by : ks.sys ( ks+2004 )


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.6.0003.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [D]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20

Debug session time: Mon Feb 12 16:36:38.984 2007 (GMT+1)

System Uptime: 0 days 1:43:14.549

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

.......................................................................................................................

Loading User Symbols

Loading unloaded module list

............

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 19, {20, e2072460, e2072490, c060405}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*** WARNING: Unable to verify timestamp for klif.sys

*** ERROR: Module load completed but symbols could not be loaded for klif.sys

Probably caused by : klif.sys ( klif+ede5 )


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.6.0003.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [D]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20

Debug session time: Sun Feb 25 09:42:14.171 2007 (GMT+1)

System Uptime: 0 days 0:09:10.737

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

..........................................................................................................................

Loading User Symbols

Loading unloaded module list

.........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000008E, {c0000005, 805083c2, ee513b54, 0}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*** WARNING: Unable to verify timestamp for win32k.sys

*** ERROR: Module load completed but symbols could not be loaded for win32k.sys

Probably caused by : win32k.sys ( win32k+17a5 )


Followup: MachineOwner

---------

Pierwszy i ostatni log z minidump’a dotyczy

KLIK

Drugi log dotyczy

KLIK

Trzeci log dotyczy

KLIK i KLIK

To mi sie udało znaleźć

I co dalej zrobi z tymi plikami bo nie bardzo wiem??