*********************************************
2009-06-06:
Tråden är låst då problemet är löst.
Tycker du att den är felaktigt låst, var god kontakta
Malou
*********************************************
Hejsan! Ingen hejare på dator men måste göra ett försök!! Har skaffat en ny disk (raptor) så jag installera VISTA 64 med mina nya minnen! (2x2)(biosen är uppdaterad) uppdatera chip å grafik kort! sen börja prb, ibland räckte det med och trycka på ett prg å installera så blev det blå skärm, föröka flytta på en map/fil funka inte heller ibland, öppna 1kb txt dokument funka inte heller ibland så blev det blå skärm, dc++ fick jag fel medd. i systemlogen! så jag byte tillbaks till mina gamla minnen (2x1) men samma fel där!! Installera Vista på ny disk å samma fel där med båda minnena!! så då har man ju uteslutet troligtvis att det är inga fel på minnen å disken!! Så jag testa inaktivera UAC å allt verkar funka då!! dc++ funkar perfekt, å flytta mappar å öppna filer å sånt går än utan blå skärm!! testade och aktivera UAC igen å då blev det blå skärm igen efter några min när man skulle öppna en fil, av aktivera UAC igen å nu funkar det igen!! har iaf inte kommit blå skärm!! så kan det vara någon trojan/virus som stör?? lite info om det är till nån nytta
CPU typ DualCore AMD Athlon 64 X2, 2200 MHz (11 x 200) 4200+
Moderkortsnamn Asus M2N-SLI Deluxe
detta fel medd. kom alltid i VISTA
Ytterligare information om problemet:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA800114B5B0
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 256_1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:48, on 2009-05-02
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files (x86)\AirDC\AirDC.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\avciman.exe
C:\Program Files (x86)\Trend Micro\HijackThis\ZpaRoW.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files (x86)\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\TPSrvWow.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7029 bytes
Malwarebytes' Anti-Malware 1.36
Databasversion: 2067
Windows 6.0.6001 Service Pack 1
2009-05-02 08:31:06
mbam-log-2009-05-02 (08-31-06).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 59377
Förfluten tid: 2 minute(s), 14 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 1
Infekterade mappar: 0
Infekterade filer: 0
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
(Inga illasinnade poster hittades)
Microsoft ® Windows Debugger Version 6.11.0001.404 AMD64
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Zparow\Desktop\minne\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\mappfördinasymbolfiler*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18226.amd64fre.vistasp1_gdr.090302-1506
Machine Name:
Kernel base = 0xfffff800`01a1d000 PsLoadedModuleList = 0xfffff800`01be2db0
Debug session time: Fri May 1 09:49:07.691 2009 (GMT+2)
System Uptime: 0 days 0:05:48.596
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41790, fffffa800160a9a0, ffff, 0}
Page 5108f not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1d093 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa800160a9a0
Arg3: 000000000000ffff
Arg4: 0000000000000000
Debugging Details:
------------------
Page 5108f not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
BUGCHECK_STR: 0x1a_41790
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Symconsent.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001a501b1 to fffff80001a71650
STACK_TEXT:
fffffa60`07665868 fffff800`01a501b1 : 00000000`0000001a 00000000`00041790 fffffa80`0160a9a0 00000000`0000ffff : nt!KeBugCheckEx
fffffa60`07665870 fffff800`01aad842 : fffff6fb`7dbed011 00000000`1c013fff fffffa80`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1d093
fffffa60`07665a00 fffff800`01d0e4ce : 00000000`1c000000 0007ffff`00000000 00000000`00000000 fffffa80`076b8040 : nt!MiRemoveMappedView+0xd2
fffffa60`07665b20 fffff800`01d0e297 : 00000000`00000000 00000000`1c000000 fffffa80`00000001 fffffa80`01e60450 : nt!MiUnmapViewOfSection+0x18e
fffffa60`07665be0 fffff800`01a710f3 : ffffffff`ffffffff fffffa60`07665ca0 fffffa80`076b8040 000007fe`00000004 : nt!NtUnmapViewOfSection+0x5b
fffffa60`07665c20 00000000`77765d1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001218a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77765d1a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+1d093
fffff800`01a501b1 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+1d093
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 49ac93e1
FAILURE_BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+1d093
BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+1d093
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa800160a9a0
Arg3: 000000000000ffff
Arg4: 0000000000000000
Debugging Details:
------------------
Page 5108f not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
BUGCHECK_STR: 0x1a_41790
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Symconsent.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001a501b1 to fffff80001a71650
STACK_TEXT:
fffffa60`07665868 fffff800`01a501b1 : 00000000`0000001a 00000000`00041790 fffffa80`0160a9a0 00000000`0000ffff : nt!KeBugCheckEx
fffffa60`07665870 fffff800`01aad842 : fffff6fb`7dbed011 00000000`1c013fff fffffa80`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1d093
fffffa60`07665a00 fffff800`01d0e4ce : 00000000`1c000000 0007ffff`00000000 00000000`00000000 fffffa80`076b8040 : nt!MiRemoveMappedView+0xd2
fffffa60`07665b20 fffff800`01d0e297 : 00000000`00000000 00000000`1c000000 fffffa80`00000001 fffffa80`01e60450 : nt!MiUnmapViewOfSection+0x18e
fffffa60`07665be0 fffff800`01a710f3 : ffffffff`ffffffff fffffa60`07665ca0 fffffa80`076b8040 000007fe`00000004 : nt!NtUnmapViewOfSection+0x5b
fffffa60`07665c20 00000000`77765d1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001218a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77765d1a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+1d093
fffff800`01a501b1 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+1d093
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 49ac93e1
FAILURE_BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+1d093
BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+1d093
Followup: MachineOwner
---------
tusen tack på förhand!! vet inte om det är bra å köra utan UAC menmen det funkar iaf (hoppas jag)
Mvh Graaf