Win32k.sys blue screen, proszę o sprawdzenie loga

Co jakiś czas wyskakuje mi bluescreen i restart. Podaje loga:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:18:05, on 2011-11-29

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal


Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Ares\Ares.exe

C:\Program Files (x86)\GmoteServer\GmoteServer.exe

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Windows\system\Cm106eye.exe

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S714.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe /autorun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')

O4 - Startup: GmoteServer.lnk = C:\Program Files (x86)\GmoteServer\GmoteServer.exe

O4 - Startup: JDownloader.lnk = C:\Program Files (x86)\JDownloader\JDownloaderD3D.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BizAgi Server Operations Service - Vision Software - C:\Program Files (x86)\BizAgi\BizAgi Xpress\ServerOperationsService\BizAgi.ServerOperationsService.exe

O23 - Service: BizAgibiuropodrozySchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\biuropodrozy\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgiDefaultBizAgiProjectSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\DefaultBizAgiProject\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgierasmusSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\erasmus\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgigownoSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\gowno\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgimiechoooSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\miechooo\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgiweaSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\wea\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 10410 bytes

A nie przyszło ci do głowy, że hijack nie jest w stanie diagnozować błędów sprzętowych?

Ja osobiście obstawiam to: http://support.microsoft.com/kb/813818/pl

Przyszlo mi to do glowy kolego, ale chcialbym by najpierw wykluczono bledy programow.

Błędy programów które mogłyby mieć wpływ na wykładanie się sterownika, są raczej nie do wykrycia przy pomocy dajmy na to takiego Hijacka czy nawet OTL-a. Do wykrycia takich błędów potrzebny byłby raczej debuger.

Przede wszystkim HJT nadaje się tutaj do muzeum i to nie tylko dlatego, że przy obecnych infekcjach nie jest w stanie ich rozpoznawać, tym bardziej usuwać, ale w tym przypadku dlatego, że nie obsługuje 64 bitowych systemów, a taki tutaj mamy. Oczywiście można podać raport OTL’a aby sprawdzić czy nie ma jakiejś infekcji itp Szczególnie raport Extras.txt Obowiązkowo jednak w tym przypadku powinieneś podać odczyt BlueScreenWiev instrukcja szukanie-przyczyny-bsod-pomoca-bluescreenview-t376739.html

==================================================

Dump File : 112811-80870-01.dmp

Crash Time : 2011-11-28 01:46:16

Bug Check String : IRQL_NOT_LESS_OR_EQUAL

Bug Check Code : 0x0000000a

Parameter 1 : fffff680`0009cdf8

Parameter 2 : 00000000`00000000

Parameter 3 : 00000000`00000000

Parameter 4 : fffff800`02cb42c7

Caused By Driver : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+7cc40

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)

Processor : x64

Crash Address : ntoskrnl.exe+7cc40

Stack Address 1 : 

Stack Address 2 : 

Stack Address 3 : 

Computer Name : 

Full Path : C:\Windows\Minidump\112811-80870-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 7601

Dump File Size : 274 520

==================================================

Co prawda bez analizy zawartości pliku dmp można tylko wróżyć - to w końcu mamy Andrzejki: uruchom system w trybie awaryjnym i odinstaluj Daemona.

No cóż rzeczywiście w takim przypadku trudno rozstrzygnąć, możesz zobaczyć tutaj http://www.hotfix.pl/bledy-systemu-wind … od-a11.htm druga ramka

Podobny problem http://www.fixitpc.pl/topic/3143-restar … xc000000e/