Podivné chování PC

Vše ostatní o bezpečnosti…

Moderátoři: memphisto, Mods_senior, Security team

ghans-peter
nováček
Příspěvky: 16
Registrován: prosinec 07
Pohlaví: Nespecifikováno
Stav:
Offline

Podivné chování PC

Příspěvekod ghans-peter » 11 led 2011 18:31

Dobrý den, po pádu PC do modré smrti se začne počítač chovat prapodivně. Všechny zástupce programů a aplikací, které jsou na ploše po kliknutí se nespustí ale pouze se objeví jeho vlastností. To samé platí i o panelech nástrojů ve Win. Všechny aplikace otevřu až z nabídky otevřít a nebo prozkoumat. Disk nejde normálně otevřít. V prohlížeči se nedá nic vyhledat po zmáčknutí písmen se začne otevírat nabídky z panelu nástrojů a otevírají se záložky. Písmene reagují pouze na zkratky v pc. Klávesnicové zkratky nefungují jak mají. Vyhledání na webu nefunguje. Kopírování článků a souboru nefunguje. Při vložení se objeví zavináč. Ve správě úloh je soubor unsecapp které je sice součásti Win ale minule když padnul počítač do modré obrazovky také se začal chovat poněkud prazvláštně najednou se aktivovala nějaká uživatelská kvota a s diskem to nemělo nic společného. Odstranil jsem to v nějakém správci ale už nevím kde jsem to nařel. Napsal jsem něco do spustit aplikaci něco jako msc atd a našel jsem nastavení u uživatele. Zjistil jsem si co je jinak nastavené a bylo to v pořádku. Ale nevím kde to hledat nic jsem nikde nenašel. Prosím o radu. Při odstranění aplikace unsecapp problém zmizí ale při novém spuštění Pc problém přetrvává někde je něco nastaveno jinak ale nevím kde. Vymazávat aplikaci se mí zdá zbytečné pokud je to součást Win.

Reklama
Uživatelský avatar
Teedok
Level 3
Level 3
Příspěvky: 554
Registrován: prosinec 08
Bydliště: Jablonec nad nisou
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Podivné chování PC

Příspěvekod Teedok » 11 led 2011 18:43

Zkus si dát log z HJT do této sekce.
Freerapid 4ever

ghans-peter
nováček
Příspěvky: 16
Registrován: prosinec 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Podivné chování PC

Příspěvekod ghans-peter » 15 led 2011 19:11

Ehm tak přece to přstalo blbnut ale BSOD se začn opakovat. Projel jsem počítač ale potom se systém zhroutí a napíše to po výpisu tyto chyby:

Viděl bych to na systém

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini011511-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Sat Jan 15 13:27:59.109 2011 (GMT+1)
System Uptime: 0 days 1:15:08.609
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {e8c3a791, 2, 0, 864b3a52}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+b158 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: e8c3a791, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 864b3a52, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: nt

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 41108004

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
e8c3a791

CURRENT_IRQL: 2

FAULTING_IP:
+1a9952f0156dfdc
864b3a52 8b4608 mov eax,dword ptr [esi+8]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 00000000 to 804e2158

STACK_TEXT:
f78ce914 00000000 e8c3a791 00000002 00000000 nt+0xb158


STACK_COMMAND: kb

FOLLOWUP_IP:
nt+b158
804e2158 ?? ???

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt+b158

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806ec000 nt T (no symbols)
Loaded symbol image file: ntoskrnl.exe
Image path: \WINDOWS\system32\ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Wed Aug 04 08:19:48 2004 (41108004)
CheckSum: 0021BD57
ImageSize: 00215000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4



Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Sat Jan 15 13:27:59.109 2011 (GMT+1)
System Uptime: 0 days 1:15:08.609
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Loading Kernel Symbols
...............................................................
...............
Loading User Symbols
...........................................
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {e8c3a791, 2, 0, 864b3a52}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** ERROR: Module load completed but symbols could not be loaded for fltMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for 8t8gza4G.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for win32k.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Zcj8E2x4.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for kernel32.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
Probably caused by : 8t8gza4G.sys ( 8t8gza4G+88a8 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: e8c3a791, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 864b3a52, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4c7d14bf

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
e8c3a791

CURRENT_IRQL: 2

FAULTING_IP:
+24b952f0156dfdc
864b3a52 8b4608 mov eax,dword ptr [esi+8]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 864b3a52 to 804e2158

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f78ce930 864b3a52 badb0d00 00000000 00000000 nt!Kei386EoiHelper+0x285d
f78ce9f0 804e3d77 86efb020 85a19850 86f0e728 0x864b3a52
f78cea2c f7502ffb 85a19850 8590dcd8 86f0f658 nt!IofCallDriver+0x32
f78ceaf0 804ed093 ffffffff 804e2af1 804eefe0 fltMgr+0x3ffb
f78ceb08 804df06b 000001fc 071af5a8 060bedc8 nt!KeSaveFloatingPointState+0x25d
f78ceb24 804dd9e2 badb0d00 f78ceb9c e1a30190 nt!ZwYieldExecution+0xb96
f78cec20 f662d8a8 86c714a0 86dbfda0 86d09890 nt!ZwQueryInformationFile+0x11
f78ceca0 bf81412e bc4c9c28 00000401 00000002 8t8gza4G+0x88a8
f78ced34 804df06b 0000016c 00000000 00000000 win32k!EngDeleteSurface+0x3ffe
f78ceddc 804fa477 8061797d 86c453a8 00000000 nt!ZwYieldExecution+0xb96
f78cede0 8061797d 86c453a8 00000000 0000027f nt!KeInitializeTimer+0x10c
f78cede4 86c453a8 00000000 0000027f 00860000 nt!NtSetVolumeInformationFile+0x119e
f78cede8 00000000 0000027f 00860000 00000000 0x86c453a8


STACK_COMMAND: kb

FOLLOWUP_IP:
8t8gza4G+88a8
f662d8a8 e99e040000 jmp 8t8gza4G+0x8d4b (f662dd4b)

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: 8t8gza4G+88a8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: 8t8gza4G

IMAGE_NAME: 8t8gza4G.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

kd> lmvm 8t8gza4G
start end module name
f6625000 f6656c80 8t8gza4G (no symbols)
Loaded symbol image file: 8t8gza4G.sys
Image path: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\8t8gza4G.sys
Image name: 8t8gza4G.sys
Timestamp: Tue Aug 31 16:42:07 2010 (4C7D14BF)
CheckSum: 00035225
ImageSize: 00031C80
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Podivné chování PC

Příspěvekod bledulka » 15 led 2011 21:51

Ahoj,
prosím tě dej si zkontrolovat log do sekce HJt, napiš klidně že je to pro Bledulku, kouknu na to. Nelíbí se mi tam jeden driver.


  • Mohlo by vás zajímat
    Odpovědi
    Zobrazení
    Poslední příspěvek
  • Podivné chování touchpadu v MS Excel
    od Peťa » 13 čer 2023 16:58 » v Kancelářské balíky
    4
    1827
    od atari Zobrazit poslední příspěvek
    16 čer 2023 08:19

Zpět na “Vše ostatní (bezp)”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host