pomocy - wpis z loga!

[Gość: coto]

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

ten wpis wydaje mi sie podejrzany, reszta wyglada ok - usunac...?
ostatnio restartuje mi sie komputer, z niewiadomych przyczyn, wirusow brak...

[Gość: Kolobos]

Ten wpis to nic podejrzanego, poawil sie po resecie.

[Gość: coto]

dzięki za odpowiedz :) to juz nie wiem co moze byc przyczyna tych restartow... Wirusow wg avasta nie ma, lavasost tez nic nie wykazala. Dzisiaj sie zrestartowal 2 razy, przy wchodzeniu do internetu, i z obawa czekam na dalsze "przyjemnosci"....

[Gość: Kolobos]

Komputer resetuje sie nagale? Czy moze przed tym jest niebieski ekran albo cos
jeszcze innego?

[Gość: coto]

Nagle, albo przy wejsciu dio sieci albo przy wylaczaniu systemu. Po zastartowaniu na nowo pojawia sie komunikat:
Sytem Windows odzyskal sprawnosc po powaznym bledzie, blablabla
i takie pliki sie pojawiaja:
C:\Dokume~1\user\Ustawi~1\Temp\wer7179.dir00\Mini050705-01.dmp
C:\Dokume~1\user\Ustawi~1\Temp\wer7179.dir00\sysdata.xml

ps

[Gość: coto]

w ogole znalazlam jakis dziwny katalog C:\WINDOWS\Minidump

[Gość: Kolobos]

Po kazdym resecie windows robi zrzut i trzyma je wlasnie w katalogu:
C:\WINDOWS\Minidump

Poczytaj to:
forum.tweak.pl/index.php?showtopic=104416
I zastosuj sie do tego, moze bedzie napisane w ktoryms ze zrzutow co
spowodowalo reset.

[Gość: coto]

dzieki :))) znowu mnie wywalilo...
Teraz tego nie sprowadze, za wolny transfer, ale sprobuje pozniej. I jeszcze bede zagladac i prosic ;)

pelny log

[Gość: coto]

nie jestem ekspertem wiec wklejam calosc

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\programy\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\Tlen.pl\tlen.exe
D:\Programy\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\Opera\Opera.exe
D:\Programy\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gazeta.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.53.255.174:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programy\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "D:\Programy\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2C7CEA-E4DE-4B6A-AFAE-121CDDA68522}: NameServer = 194.204.152.34 194.204.159.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

[Gość: Kolobos]

Log jest ok, co raczej nie jest zaskoczeniem.U Ciebie wystepuje jakis problem
ze sterownikami (oprogramowaniem) lub sprzetem.Spyware i virusy mozna raczej
wykluczyc.

[Gość: coto]

Nic nowego nie bylo instalowane poza avastem...
Pojutrze przynosza neostrade, jak widze czeka mnie tydzien pelen wrazen ;/

nic z tego nie rozumiem....

[Gość: coto]

Loading Dump File [C:\WINDOWS\Minidump\Mini050805-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Sun May 8 21:39:30.718 2005 (GMT+2)
System Uptime: 0 days 3:21:59.301
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................................................................................
Loading unloaded module list
..............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, ce4, 81546318}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Unable to load image Ntfs.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
unable to get nt!MiSessionPoolStart
unable to get nt!MiSessionPoolEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you w

[Gość: coto]

Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size

Followup: MachineOwner

[Gość: Kolobos]

Doinstaluj symbole:
Gdy otworzymy nasz program WinDbg.exe klikamy File- Symbol File Path (Ctrl+S) i
w okienko wpisujemy:
SRV*c:\symbols*msdl.microsoft.com/download/symbols

I wklej nowy log z tego, wszystko jest opisane na stronie, ktora wczesniej
podalem.

chyba nic z tego...

[Gość: coto]

BugCheck C2, {7, cd4, ce4, 81546318}

GetUlongFromAddress: unable to read from 80562970
*** WARNING: Unable to verify timestamp for ati2dvag.dll
*** ERROR: Module load completed but symbols could not be loaded for ati2dvag.dll
*** WARNING: Unable to verify timestamp for ati2cqag.dll
*** ERROR: Module load completed but symbols could not be loaded for ati2cqag.dll
*** WARNING: Unable to verify timestamp for ati3duag.dll
*** ERROR: Module load completed but symbols could not be loaded for ati3duag.dll
*** WARNING: Unable to verify timestamp for ativvaxx.dll
*** ERROR: Module load completed but symbols could not be loaded for ativvaxx.dll
*** WARNING: Unable to verify timestamp for aswRdr.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswRdr.SYS
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for aswMon2.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswMon2.SYS
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for cmaudio.sys
*** ERROR: Module load completed but symbols could not be loaded for cmaudio.sys
*** WARNING: Unable to verify timestamp for ati2mtag.sys
*** ERROR: Module load completed but symbols could not be loaded for ati2mtag.sys
*** WARNING: Unable to verify timestamp for fltmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
*** WARNING: Unable to verify timestamp for fasttrak.sys
*** ERROR: Module load completed but symbols could not be loaded for fasttrak.sys
*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for fdc.sys
*** ERROR: Module load completed but symbols could not be loaded for fdc.sys
*** WARNING: Unable to verify timestamp for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** WARNING: Unable to verify timestamp for Aavmker4.SYS
*** ERROR: Module load completed but symbols could not be loaded for Aavmker4.SYS
*** WARNING: Unable to verify timestamp for Amps2prt.sys
*** ERROR: Module load completed but symbols could not be loaded for Amps2prt.sys
*** WARNING: Unable to verify timestamp for dmload.sys
*** ERROR: Module load completed but symbols could not be loaded for dmload.sys
*** WARNING: Unable to verify timestamp for Fs_Rec.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS
*** WARNING: Unable to verify timestamp for ParVdm.SYS
*** ERROR: Module load completed but symbols could not be loaded for ParVdm.SYS
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
GetUlongFromAddress: unable to read from 80562970
Probably caused by : ntoskrnl.exe ( nt!ExFreePoolWithTag+2be )

Followup: MachineOwner
---------

kd> .reload
Loading Kernel Symbols
...............................................................................................................................
Loading unloaded module list
..............
Loading User Symbols

[Gość: Kolobos]

Przetestuj na poczatek ram:
www.memtest.org/download/1.55.1/memtest86+-1.55.1.floppy.zip
Uruchom i nagraj na dyskietke, nastepnie uruchom z niej komputer i niech sobie
potestuje ze dwie-trzy godziny, jak nie znajdzie bledow to ram mozna wykluczyc.

[Gość: coto]

dziekuje :)) (ale sie nadziekuje na tym watku ;)
bede jutro sie z tym zmagac, dobranoc :)