thermalfake
Ostatni Mohikanin
Liczba postów: 13.580
|
RE: blue screen ntoskrnl.exe
Więc tak:
- do sprawdzenia sterownik athrusb.sys (dongle wifi na usb, aktualizacja trzeba poszukać różnych wersji, być może drivermax pomoże lub ręcznie instalować)
- do sprawdzenia eamonm.sys (jakiś problem z Eset Smart Security) ; fileinfo.sys -> http://www.smartregistrycleaner.com/dll/...o.sys.html
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G: \Downloads\021812-16000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16905.x86fre.win7_gdr.111025-1503
Machine Name:
Kernel base = 0x82c4d000 PsLoadedModuleList = 0x82d8c570
Debug session time: Sat Feb 18 15: 38: 12.847 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 04: 41.488
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {9fc11000, 2, 1, 82c7dcf3}
*** WARNING: Unable to verify timestamp for athrusb.sys
*** ERROR: Module load completed but symbols could not be loaded for athrusb.sys
Probably caused by : athrusb.sys ( athrusb+4ad40 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 9fc11000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 82c7dcf3, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82dac700
Unable to read MiSystemVaType memory at 82d8c0c0
9fc11000
CURRENT_IRQL: 2
FAULTING_IP:
nt!memcpy+33
82c7dcf3 f3a5 rep movs dword ptr es: [edi],dword ptr [esi]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: 80de2a24 -- (.trap 0xffffffff80de2a24)
ErrCode = 00000002
eax=915ea178 ebx=9fc106e0 ecx=00000064 edx=00000003 esi=915e9fe5 edi=9fc11000
eip=82c7dcf3 esp=80de2a98 ebp=80de2aa0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!memcpy+0x33:
82c7dcf3 f3a5 rep movs dword ptr es: [edi],dword ptr [esi]
Resetting default scope
LAST_CONTROL_TRANSFER: from 82c7dcf3 to 82c85b3b
STACK_TEXT:
80de2a24 82c7dcf3 badb0d00 00000003 000001ff nt!KiTrap0E+0x2cf
80de2aa0 82f84291 9fc106e0 915e96c5 00000ab3 nt!memcpy+0x33
80de2ac0 915c7d40 9fc106e0 915e96c5 00000ab3 nt!Verifiermemcpy+0x3e
WARNING: Stack unwind information not available. Following frames may be wrong.
80de2ae4 915c2276 999ac020 915e96c0 99980abd athrusb+0x4ad40
80de2b24 82ca2ea0 00000000 a893c940 b8342ff8 athrusb+0x45276
80de2b68 82f71b64 968380f0 84e70568 96838028 nt!IopfCompleteRequest+0x115
80de2bd0 9231788b 82c7f648 84e70568 00000000 nt!IovCompleteRequest+0x133
80de2c00 9231819b 84dd6070 a893c940 b874cfb8 USBPORT!USBPORT_Core_iCompleteDoneTransfer+0x6e0
80de2c2c 9231b9d2 96838028 968380f0 96838a98 USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x33b
80de2c54 92315d3b 96838028 96838a98 96838002 USBPORT!USBPORT_Core_UsbIocDpc_Worker+0xbc
80de2c78 82ca2755 96838aa4 96838002 00000000 USBPORT!USBPORT_Xdpc_Worker+0x173
80de2cd4 82ca25b8 80dc6120 80dcb800 00000000 nt!KiExecuteAllDpcs+0xf9
80de2d20 82ca23d8 00000000 0000000e fbfbdfff nt!KiRetireDpcList+0xd5
80de2d24 00000000 0000000e fbfbdfff ffffffef nt!KiIdleLoop+0x38
STACK_COMMAND: kb
FOLLOWUP_IP:
athrusb+4ad40
915c7d40 ? ?
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: athrusb+4ad40
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: athrusb
IMAGE_NAME: athrusb.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 458bca0c
FAILURE_BUCKET_ID: 0xA_VRF_athrusb+4ad40
BUCKET_ID: 0xA_VRF_athrusb+4ad40
Followup: MachineOwner
---------
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G: \Downloads\021712-37750-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16905.x86fre.win7_gdr.111025-1503
Machine Name:
Kernel base = 0x82c04000 PsLoadedModuleList = 0x82d43570
Debug session time: Fri Feb 17 11: 22: 05.744 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 03: 54.384
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 82c8d9ca, a3286d18, 0}
*** WARNING: Unable to verify timestamp for eamonm.sys
*** ERROR: Module load completed but symbols could not be loaded for eamonm.sys
Probably caused by : fileinfo.sys ( fileinfo!FIStreamGet+36 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82c8d9ca, The address that the exception occurred at
Arg3: a3286d18, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
nt!FsRtlLookupPerStreamContextInternal+9a
82c8d9ca 395008 cmp dword ptr [eax+8],edx
TRAP_FRAME: a3286d18 -- (.trap 0xffffffffa3286d18)
ErrCode = 00000000
eax=00000000 ebx=a3286e04 ecx=95c75544 edx=85b06008 esi=00000000 edi=95c75518
eip=82c8d9ca esp=a3286d8c ebp=a3286d98 iopl=0 nv up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010213
nt!FsRtlLookupPerStreamContextInternal+0x9a:
82c8d9ca 395008 cmp dword ptr [eax+8],edx ds: 0023: 00000008=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: taskhost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8979df3b to 82c8d9ca
STACK_TEXT:
a3286d98 8979df3b 00000000 85b06008 00000000 nt!FsRtlLookupPerStreamContextInternal+0x9a
a3286ddc 897973f0 85b06008 84eee448 00000000 fltmgr!FltpGetStreamListCtrl+0x5b
a3286df8 897cf6da 85cca838 00000000 a3286e24 fltmgr!FltGetStreamContext+0x1a
a3286e28 897cfe24 84ea0e40 a3286e4c a3286e64 fileinfo!FIStreamGet+0x36
a3286e68 89796324 84ea0e40 a3286e8c 00000000 fileinfo!FIPostCreateCallback+0xb8
a3286ed0 89799512 00ea0de0 84ea0de0 1000000c fltmgr!FltpPerformPostCallbacks+0x24a
a3286ee4 89799b46 84ea0de0 84ddb008 a3286f24 fltmgr!FltpProcessIoCompletion+0x10
a3286ef4 8979a29c 85b04550 84ddb008 84ea0de0 fltmgr!FltpPassThroughCompletion+0x98
a3286f24 897ad8c9 a3286f44 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a
a3286f70 82c32f44 85b04550 85b06008 84eee4a4 fltmgr!FltpCreate+0x2db
a3286f88 82e06b7d 825fa685 a3287130 00000000 nt!IofCallDriver+0x63
a3287060 82e09d58 85a7ac10 84cb7588 84d6f918 nt!IopParseDevice+0xed7
a32870dc 82e48762 00000000 a3287130 00000240 nt!ObpLookupObjectName+0x4fa
a328713c 82e0411e a3287348 84cb7588 00000000 nt!ObOpenObjectByName+0x165
a32871b8 82e4f117 a3287378 00100001 a3287348 nt!IopCreateFile+0x673
a3287204 82c3975a a3287378 00100001 a3287348 nt!NtCreateFile+0x34
a3287204 82c371f9 a3287378 00100001 a3287348 nt!KiFastCallEntry+0x12a
a32872a8 926b85eb a3287378 00100001 a3287348 nt!ZwCreateFile+0x11
WARNING: Stack unwind information not available. Following frames may be wrong.
a32872f0 926bb950 a3287378 00100001 a3287348 eamonm+0x15eb
a3287380 926bc8a7 00000028 00000000 000011a8 eamonm+0x4950
a32873d0 926bdb35 84dff008 00000000 00000000 eamonm+0x58a7
a328745c 89796aeb 84ea8c38 a328747c a32874a8 eamonm+0x6b35
a32874c8 897999f0 a328750c 84f57e00 00000000 fltmgr!FltpPerformPreCallbacks+0x34d
a32874e0 897ad1fe a328750c 897b0f3c 00000000 fltmgr!FltpPassThroughInternal+0x40
a32874f4 897ad8b7 a328750c 84f57e00 84f1a770 fltmgr!FltpCreateInternal+0x24
a3287538 82c32f44 85b04550 85b06008 84f1a7cc fltmgr!FltpCreate+0x2c9
a3287550 82e06b7d 825fa0cd a32876f8 00000000 nt!IofCallDriver+0x63
a3287628 82e09d58 85a7ac10 84cb7588 84ed5b18 nt!IopParseDevice+0xed7
a32876a4 82e48762 00000000 a32876f8 00000240 nt!ObpLookupObjectName+0x4fa
a3287700 82e0411e a3287960 84cb7588 00009600 nt!ObOpenObjectByName+0x165
a328777c 82e4b46e a3287934 000000a1 a3287960 nt!IopCreateFile+0x673
a32877d8 897afb62 a3287934 000000a1 a3287960 nt!IoCreateFileEx+0x9e
a3287864 897d22d3 85985a58 00000000 a3287934 fltmgr!FltCreateFileEx2+0xba
a3287944 82e54399 00000000 85289720 00000000 fileinfo!FIPfInterfaceOpen+0x2a9
a32879a8 82e7aab2 a3287a54 00000000 000000a1 nt!PfpOpenHandleCreate+0xc0
a3287a1c 82e4e8a5 a3287ad4 850074b0 a3287a54 nt!PfSnGetSectionObject+0x9a
a3287ab4 82e45ea8 01287ad4 00000000 00000000 nt!PfSnPrefetchSections+0x1d4
a3287c34 82e27786 85313000 a3287c64 a3287c70 nt!PfSnPrefetchScenario+0x193
a3287cc8 82e334a2 82e190aa 85e71390 a3287d20 nt!PfSnBeginAppLaunch+0x382
a3287cd8 82e2c9ce 825fabc5 00000000 00000000 nt!PfProcessCreateNotification+0x65
a3287d20 82c8d089 00000000 770f6178 00000001 nt!PspUserThreadStartup+0x113
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
fileinfo!FIStreamGet+36
897cf6da 8bd8 mov ebx,eax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: fileinfo!FIStreamGet+36
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18f
FAILURE_BUCKET_ID: 0x8E_fileinfo!FIStreamGet+36
BUCKET_ID: 0x8E_fileinfo!FIStreamGet+36
Followup: MachineOwner
---------
![[Obrazek: 2089620800_1406976151.png]](http://obrazki.elektroda.pl/2089620800_1406976151.png)
W zamian za pomoc oczekuję poprawnej pisowni. Stop niechlujstwu.
Jak mądrze zadawać pytania? - przejrzyj poradnik na forum.
Nie udzielam porad via PW.
|
Post: #4
Podziękowania od:
