Nieaktywny pulpit i/lub pasek zadań

marcin01 · 23 Styczeń 2007 13:40

witam. mam wielki problem otóz dosyć często po pewnym czasie po włączeniu komputera przestaje reagować pasek zadań lub pulpit a czasami i to i to. Pomaga dopiero zamkniecie jakiejś aplikacji. Nie wiecie czym moze to byc spowodowane? sprawdziłem komputer antivirem i nic nie znalazł. Sytuacja ta zdarza się praktycznie po kazdym włączeniu komputera po kilkunastu kilkudziesięciu minutach. bardzo proszę o pomoc

Joan · 23 Styczeń 2007 14:03

Jaki konfig? Jaki zasilacz (firma i moc)?

Sprawdź błędy w podglądzie zdarzeń:

Start => Panel Sterowania => Narzędzia Administracyjne => Podgląd zdarzeń

Jeśli będą jakieś na czerwono, to wklej szczegóły.

Sprawdź RAM programem --> Memtest86

Sprawdź temperatury programem --> EVEREST Home Edition

Jaka aplikacja to powoduje? Czy dzieje się tak przy każdej?

Skan AVG AntySpyware 7.5 po update, wklej raport.

marcin01 · 23 Styczeń 2007 14:38

Temperatury:

Płyta główna 38 °C (100 °F)  

   Procesor 49 °C (120 °F)  

   Procesor graficzny 50 °C (122 °F)  

   WDC WD2000JB-00REA0 36 °C (97 °F)

błędy z podgladu zdarzeń:

Typ zdarzenia:	Błąd

Źródło zdarzenia:	Application Error

Kategoria zdarzenia:	Brak

Identyfikator zdarzenia:	1000

Data: 2007-01-23

Godzina: 13:16:54

Użytkownik: Brak

Komputer:	NAZWA-CWHVKISZ3

Opis:

Aplikacja powodująca błąd miranda32.exe, wersja 0.5.0.100, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x014fffc6.



Typ zdarzenia:	Błąd

Źródło zdarzenia:	Application Hang

Kategoria zdarzenia:	(101)

Identyfikator zdarzenia:	1002

Data: 2007-01-22

Godzina: 19:05:09

Użytkownik: Brak

Komputer:	NAZWA-CWHVKISZ3

Opis:

Aplikacja zawieszająca fm.exe, wersja 7.0.0.23761, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Typ zdarzenia:	Błąd

Źródło zdarzenia:	Service Control Manager

Kategoria zdarzenia:	Brak

Identyfikator zdarzenia:	7034

Data: 2007-01-23

Godzina: 14:18:46

Użytkownik: Brak

Komputer:	NAZWA-CWHVKISZ3

Opis:

Usługa Usługa bramy warstwy aplikacji niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 15:43:04 2007-01-23 + Scan result:

D:\System Volume Information\_restore{81BD79C8-C3A6-4942-8018-572CA116EF37}\RP130\A0020712.exe -> Adware.SaveNow : No action taken.

C:\Documents and Settings\m\Cookies\m@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\m\Cookies\m@ad.adocean[2].txt -> TrackingCookie.Adocean : No action taken.

Joan · 23 Styczeń 2007 14:43

Wywal to, co Ewido znalazło. Przeinstaluj Mirandę.

Krzychuu · 23 Styczeń 2007 14:44

marcin01 wygląda na to, że masz wirusa w przywracaniu systemu. Wyłącz przywracanie, włącz i powinien się skasować. Daj logi z HJT i SR.

Joan · 23 Styczeń 2007 14:55

Nie wirusa a Adware i jeśli jest dostęp do folderu to Ewido sobie z nim poradzi.

marcin01 · 23 Styczeń 2007 15:00

Logfile of HijackThis v1.99.1

Scan saved at 15:56:30, on 2007-01-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

D:\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

d:\AVG Anti-Spyware 7.5\guard.exe

D:\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Documents and Settings\m\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.actina.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.actina.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.actina.pl

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165673445140

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4944/mcfscan.cab

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"RaidTool" = "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"AVP" = ""D:\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]

"(Default)" = "(empty string)" [file not found]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"!AVG Anti-Spyware" = ""d:\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "d:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"

  -> {HKLM...CLSID} = "Web Anti-Virus"

                   \InProcServer32\(Default) = "D:\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


" ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{Prevent access to registry editing tools}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Web Anti-Virus"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL=www.actina.pl


Missing lines (compared with English-language version):

[Strings]: 1 line



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "d:\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

Kaspersky Anti-Virus 6.0, AVP, "D:\Kaspersky Anti-Virus 6.0\avp.exe -r" ["Kaspersky Lab"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Sunbelt Kerio Personal Firewall 4, KPF4, "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" ["Sunbelt Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 38 seconds, including 11 seconds for message boxes)

Joan · 23 Styczeń 2007 15:20

Jest ok zresztą logi były zbędne :roll:

Przeczytaj to: KLIK i wklej zawartość pliku minidump

marcin01 · 23 Styczeń 2007 15:49

Microsoft (R) Windows Debugger Version 6.6.0007.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Kernel Complete Dump File: Full address space is available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to read PsLoadedModuleList

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

KdDebuggerData.KernBase < SystemRangeStart

Windows XP Kernel Version 2600 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Kernel base = 0x00000000 PsLoadedModuleList = 0x805624a0

Debug session time: Wed Jan 10 10:21:08.484 2007 (GMT+1)

System Uptime: 0 days 0:01:58.093

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to read PsLoadedModuleList

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

KdDebuggerData.KernBase < SystemRangeStart

Loading Kernel Symbols

Unable to read PsLoadedModuleList

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

CS descriptor lookup failed

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get program counterGetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck A, {1c, 2, 1, 806ffa16}


***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.


GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to read selector for PCR for processor 0

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )


Followup: MachineOwner

---------


GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

?: kd> .restart /f

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147


Loading Dump File [C]

Kernel Complete Dump File: Full address space is available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to read PsLoadedModuleList

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

KdDebuggerData.KernBase < SystemRangeStart

Windows XP Kernel Version 2600 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Kernel base = 0x00000000 PsLoadedModuleList = 0x805624a0

Debug session time: Wed Jan 10 10:21:08.484 2007 (GMT+1)

System Uptime: 0 days 0:01:58.093

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to read PsLoadedModuleList

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

KdDebuggerData.KernBase < SystemRangeStart

Loading Kernel Symbols

Unable to read PsLoadedModuleList

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

CS descriptor lookup failed

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get program counterGetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck A, {1c, 2, 1, 806ffa16}


***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.


GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to read selector for PCR for processor 0

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

Unable to get current machine context, NTSTATUS 0xC0000147

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )


Followup: MachineOwner

---------


GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

GetContextState failed, 0xD0000147

ps przed chwilą znowu zawias i pojawiło mi się w podglądzie zdarzen takie coś:

Typ zdarzenia:	Błąd

Źródło zdarzenia:	Service Control Manager

Kategoria zdarzenia:	Brak

Identyfikator zdarzenia:	7034

Data: 2007-01-23

Godzina: 17:48:31

Użytkownik: Brak

Komputer:	NAZWA-CWHVKISZ3

Opis:

Usługa Usługa bramy warstwy aplikacji niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.


Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej.

qrczak13 · 23 Styczeń 2007 19:36

Usługa bramy warstwy aplikacji wyłącz w usługach jeżeli masz sp2.

ppm na mój komp > właściwości > zaawansowane > uruchamianie i odzyskiwanie > ustawienia > odptasz automatycznie uruchom ponownie.

Jak będzie zwiech to po restarcie BSOD i przepisz błąd.

marcin01 · 24 Styczeń 2007 10:25

wygląda na to ze juz jest ok dzięki wszystkim za pomoc