Resetowanie systemu

Noxe · 8 Styczeń 2007 18:38

Witam

Od czasu kupna nowego sprzętu mam problemy z resetowaniem sie systemu po wykonaniu roznych czynnosci zwiazanych z netem.

Podobny problem znalazlem w temacie zielonego http://forum.dobreprogramy.pl/viewtopic.php?t=117284 jednak nie moglem skorzystac z pomocy ze wzgledu na brak uslugi podanej przez Joana. Podejrzewam wiec ze jest pewna roznica w tych problemach mimo podobnych objawow.

Ponizej zamieszczam raport bledu ktory otrzymuje po zaladowaniu sie systemu po bledzie:

Oczywiscie dodaje loga:

Logfile of HijackThis v1.99.1

Scan saved at 19:23:06, on 2007-01-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\[noxe]\[FIREFOX DOWNLOAD]\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Pozwole sobie rowniez dodac pare informacji dotyczacych problemu.

System resetuje sie bez zadnego erroru, poprostu nagle ukazuje sie przede mna czarny ekran po czym widze ekran biosa i system laduje sie od nowa. Znalazlem tez przyczyne ktora ZAWSZE powoduje ten reset. Jest to sciaganie plikow dzieki p2p. Wystarczy ze zassam 1kb a reset jest juz nieuchroniony, nastepuje on po okolo 4-6 minutach. Jest rowniez wiele innych przyczyn jednak ich nie moge wskazac. Wiem tyle ze sa to rozne czynnosci zwiazane z pobieraniem rzeczy z sieci, niekoniecznie plikow ale rowniez podczas surfowania po stronach. Np udalo mi sie “recznie” zresetowac system wchodzac na stronke gdzie podczas sciagania pliku na stronce zaczelo sie wczytywac bardzo duzo obrazow z duza szybkoscia. Reset nastepuje rowniez kiedy sciagam 2+ pliki jednoczesnie ( nie zawsze ale przewaznie ).

Plus inne randomowe sytuacje zwiazane z internetem. Chyba to tyle. Reszte zostawiam komus kto ma pojecie o tej sytuacji. Podejrzewam ze Joan bedzie w stanie mi pomoc poniewaz ten problem wyglada podobnie o ile nie tak samo co problem zielonego.

Z gory dzieki. Czekam na odpowiedz

Joan · 8 Styczeń 2007 21:33

Przez Joan, nie wszyscy tutaj to faceci :lol:

Wpisy zafixuj w HJT, folder usuń z dysku ręcznie.

Po zabiegach nowe logi z HiJacka oraz Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle).

Przeczytaj to: KLIK i wklej zawartość pliku minidump

Noxe · 9 Styczeń 2007 15:09

Silent Runners :

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]

"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]

"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{60BF5EE3-0105-4858-AD98-17C19F86B042}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Burn4Free Toolbar Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll" [file not found]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" = "ShellPlusContextMenu"

  -> {HKLM...CLSID} = "Burn4Freecontext menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\b4fm.dll" [null data]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

ShellPlusContextMenu\(Default) = "{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}"

  -> {HKLM...CLSID} = "Burn4Freecontext menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\b4fm.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Noxe\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 12 seconds.

---------- (total run time: 58 seconds)

Obecny log Hijacka :

Logfile of HijackThis v1.99.1

Scan saved at 16:13:29, on 2007-01-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\[noxe]\[FIREFOX DOWNLOAD]\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

nie moge otworzyc strony w tym momencie

Joan · 9 Styczeń 2007 15:24

Usuń wpis w HJT.

Serwer se już działa, więc strona powinna się otworzyć.

Noxe · 9 Styczeń 2007 15:46

Minidump ( z dzisiaj )

Microsoft (R) Windows Debugger Version 6.6.0007.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0

Debug session time: Tue Jan 9 16:03:45.875 2007 (GMT+1)

System Uptime: 0 days 0:05:59.589

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

............................................................................................................

Loading User Symbols

Loading unloaded module list

........

Unable to load image USBPORT.SYS, Win32 error 2

*** WARNING: Unable to verify timestamp for USBPORT.SYS

*** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck FE, {2, 88011958, 880b0b70, 8933cdc8}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_KPRCB***

******

*************************************************************************

*** WARNING: Unable to verify timestamp for usbhub.sys

*** ERROR: Module load completed but symbols could not be loaded for usbhub.sys

*** WARNING: Unable to verify timestamp for NetMotCM.sys

*** ERROR: Module load completed but symbols could not be loaded for NetMotCM.sys

Probably caused by : NetMotCM.sys ( NetMotCM+bcd )


Followup: MachineOwner

---------

Aktualny log Hijacka

Logfile of HijackThis v1.99.1

Scan saved at 16:50:08, on 2007-01-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Debugging Tools for Windows\windbg.exe

E:\[noxe]\[FIREFOX DOWNLOAD]\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

plik FIX.REG stworzony i wpisany do rejestru, system zrestartowany

Joan · 9 Styczeń 2007 15:56

Przeinstaluj sterowniki od modemu Motoroli

Log ok. Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie.

Noxe · 9 Styczeń 2007 15:59

rozumie ze to jest ten glowny problem?

Joan · 9 Styczeń 2007 16:03

Na to wygląda, że tak. I zgadzałoby się z objawami.

Noxe · 9 Styczeń 2007 17:26

Wiec tak. Przeinstalowalem sterowniki czterokrotnie co chwila na takie z innego zrodla i niestety efekt jest ten sam :-/

Tutaj zamieszczam minidump z ostatniego reseta i jednoczescie zapytanie: Czy USB moze miec z tym cos wspolnego? tzn czy moze byc cos z nimi nie tak ( uzywam 2 portow do obecnego modemu motoroli )

Microsoft (R) Windows Debugger Version 6.6.0007.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0

Debug session time: Tue Jan 9 18:19:45.421 2007 (GMT+1)

System Uptime: 0 days 0:20:29.128

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

............................................................................................................

Loading User Symbols

Loading unloaded module list

..........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck C2, {7, cd4, 20a0001, 89585240}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*** WARNING: Unable to verify timestamp for NetMotCM.sys

*** ERROR: Module load completed but symbols could not be loaded for NetMotCM.sys

*** WARNING: Unable to verify timestamp for USBPORT.SYS

*** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!PVOID***

******

*************************************************************************

unable to get nt!MmSpecialPoolStart

unable to get nt!MmSpecialPoolEnd

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_POOL_HEADER***

******

*************************************************************************

unable to get nt!MmPoolCodeStart

unable to get nt!MmPoolCodeEnd

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_POOL_HEADER***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_POOL_TRACKER_BIG_PAGES***

******

*************************************************************************

Cannot get _POOL_TRACKER_BIG_PAGES type size

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!KPRCB***

******

*************************************************************************

*************************************************************************

******

******

***Your debugger is not using the correct symbols***

******

***In order for this command to work properly, your symbol path***

***must point to .pdb files that have full type information.***

******

***Certain .pdb files (such as the public OS symbols) do not***

***contain the required information. Contact the group that***

***provided you with these symbols if you need this command to***

***work.***

******

***Type referenced: nt!_KPRCB***

******

*************************************************************************

Probably caused by : NetMotCM.sys ( NetMotCM+2181 )


Followup: MachineOwner

---------

Chociaz podejrzewam ze wystarczy juz minidump ale zamieszczam rowniez ostatni log Hijacka:

Logfile of HijackThis v1.99.1

Scan saved at 18:28:33, on 2007-01-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\[noxe]\[FIREFOX DOWNLOAD]\old\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Joan · 9 Styczeń 2007 17:31

Log ok, ale problem dalej ten sam. Ściągałeś najnowsze stery?

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344. po deinstalacji. Jeśli porty normalnie dobrze się sprawują to raczej usb nie ma tu nic do rzeczy, tym bardziej że jest wskazanie na plik sterownika. Wejdź ppm na “Mój komputer” > Właściwości > Sprzęt > Menedżer urządzeń" i sprawdź czy nie ma jakichś wykrzykników i problemów sprzętowych.

Sprawdź błędy w podglądzie zdarzeń:

Start => Panel Sterowania => Narzędzia Administracyjne => Podgląd zdarzeń

Jeśli będą jakieś na czerwono, to wklej szczegóły.

Noxe · 9 Styczeń 2007 20:10

Jesli chodzi o sterowniki. Sciagnalem ze strony swojego dostawcy neta ( chello upc ) oraz ze strony motoroli, nie znalazlem opisu dat ale podejrzewam ze na tych stronach znajduja sie najnowsze. Na plytce dolaczonej do modemu mialem 2 rodzaje sterow. Oba zawiodly. Nie mozna aktualizowac obecnych sterownikow ani nie widac zadnego bledu ( menadzer urzadzen )
Czyscilem rejestr, ale nie zrobilem tego po deinstalacji sterow, zrobie to za moment
Z USB to racja podlaczalem wielokrotnie koma oraz aparat cyfrowy i wszystko bylo dobrze. No i racja blad wyraznie wskazuje na sterowniki i to musi byc ten problem aczkolwiek byc moze problem lezy w samym modemie? Swoje juz przezyl ma prawie 7 lat =)

Skoro wiemy ze problem to driver motoroli i nie skutkuje reinstalacja driverow moze powinienem sie skontaktowac z chello upc? Chcialem tylko zapytac czy z tych wpisow minidump mozna wywnioskowac ze wina lezy po stronie samego modemu?

Złączono Posta : 09.01.2007 (Wto) 19:26

oto 4 dzisiejsze bledy w podgladzie zdarzen

EDIT: po deinstalacji wyczyscilem rejestr… zainstalowalem ponownie… problem nie ustapil =(

Joan · 9 Styczeń 2007 21:36

No będzie to problem z hardware na pewno. Możliwe że jest konflikt sterowników, masz inne dumpy?

Zobacz tu: http://forum.dobreprogramy.pl/viewtopic.php?t=49085

Tzn jak to nie da się zaktaulizować plików sterownika? Masz wersję podaną w “Menedżerze urządzeń”, tak jak pisałam, zobacz tam w szczegółach dla modemu. Podaj model i wersję sterów.

Noxe · 13 Styczeń 2007 00:29

jesli chodzi o sterownik modemu:

to sa te z plytki ktore obecnie wgralem ponownie

jesli chodzi o dumpy to tylko jedna przyczyna

aha i co do konfliktu sterow… nie ma raczej o tym mowy poniewaz tuz po reinstalu systemu wgralem tylko modem i odpalilem torrenta… restart nastapil

EDIT : Dostalem odpowiedz od chello ze jest mozliwosc podlaczenia kabla ethernet dzieki temu modemowi ktory posiadam obecnie. Ale sterownik pozostaje ten sam… chcialem wiec zapytac czy mimo tego samego sterownika ale zmiany polaczenia z usb na karte sieciowa jest mozliwosc naprawienia tego problemu? lub to nie ma znaczenia i liczy sie tylko sterownik w tym wypadku?