Win32k.sys blue screen, proszę o sprawdzenie loga


(Rikamuru) #1

Co jakiś czas wyskakuje mi bluescreen i restart. Podaje loga:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:18:05, on 2011-11-29

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal


Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Ares\Ares.exe

C:\Program Files (x86)\GmoteServer\GmoteServer.exe

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Windows\system\Cm106eye.exe

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S714.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe /autorun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')

O4 - Startup: GmoteServer.lnk = C:\Program Files (x86)\GmoteServer\GmoteServer.exe

O4 - Startup: JDownloader.lnk = C:\Program Files (x86)\JDownloader\JDownloaderD3D.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BizAgi Server Operations Service - Vision Software - C:\Program Files (x86)\BizAgi\BizAgi Xpress\ServerOperationsService\BizAgi.ServerOperationsService.exe

O23 - Service: BizAgibiuropodrozySchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\biuropodrozy\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgiDefaultBizAgiProjectSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\DefaultBizAgiProject\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgierasmusSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\erasmus\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgigownoSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\gowno\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgimiechoooSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\miechooo\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: BizAgiweaSchedulerService - Unknown owner - C:\BizAgi\Xpress\Projects\wea\Scheduler\BizAgi.Scheduler.Services.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 10410 bytes

(Veers) #2

A nie przyszło ci do głowy, że hijack nie jest w stanie diagnozować błędów sprzętowych?

Ja osobiście obstawiam to: http://support.microsoft.com/kb/813818/pl


(Rikamuru) #3

Przyszlo mi to do glowy kolego, ale chcialbym by najpierw wykluczono bledy programow.


(Veers) #4

Błędy programów które mogłyby mieć wpływ na wykładanie się sterownika, są raczej nie do wykrycia przy pomocy dajmy na to takiego Hijacka czy nawet OTL-a. Do wykrycia takich błędów potrzebny byłby raczej debuger.


(Spandau) #5

Przede wszystkim HJT nadaje się tutaj do muzeum i to nie tylko dlatego, że przy obecnych infekcjach nie jest w stanie ich rozpoznawać, tym bardziej usuwać, ale w tym przypadku dlatego, że nie obsługuje 64 bitowych systemów, a taki tutaj mamy. Oczywiście można podać raport OTL'a aby sprawdzić czy nie ma jakiejś infekcji itp Szczególnie raport Extras.txt Obowiązkowo jednak w tym przypadku powinieneś podać odczyt BlueScreenWiev instrukcja szukanie-przyczyny-bsod-pomoca-bluescreenview-t376739.html


(Rikamuru) #6
==================================================

Dump File : 112811-80870-01.dmp

Crash Time : 2011-11-28 01:46:16

Bug Check String : IRQL_NOT_LESS_OR_EQUAL

Bug Check Code : 0x0000000a

Parameter 1 : fffff680`0009cdf8

Parameter 2 : 00000000`00000000

Parameter 3 : 00000000`00000000

Parameter 4 : fffff800`02cb42c7

Caused By Driver : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+7cc40

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)

Processor : x64

Crash Address : ntoskrnl.exe+7cc40

Stack Address 1 : 

Stack Address 2 : 

Stack Address 3 : 

Computer Name : 

Full Path : C:\Windows\Minidump\112811-80870-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 7601

Dump File Size : 274 520

==================================================

(Veers) #7

Co prawda bez analizy zawartości pliku dmp można tylko wróżyć - to w końcu mamy Andrzejki: uruchom system w trybie awaryjnym i odinstaluj Daemona.


(Spandau) #8

No cóż rzeczywiście w takim przypadku trudno rozstrzygnąć, możesz zobaczyć tutaj http://www.hotfix.pl/bledy-systemu-wind ... od-a11.htm druga ramka

Podobny problem http://www.fixitpc.pl/topic/3143-restar ... xc000000e/