BSOD - rada
Zdravím, začalo se mi občas objevovat BSOD, zde Vám zkopíruji obsah souboru 101911-10857-01.dmp. Předem děkuji za rady
Symbol search path is: D:\Symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03466000 PsLoadedModuleList = 0xfffff800`036a3e50
Debug session time: Wed Oct 19 12:06:22.301 2011 (UTC + 2:00)
System Uptime: 0 days 0:57:42.018
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.................................................. .............
.................................................. ..............
......................
Loading User Symbols
Loading unloaded module list
......
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff87feefd5020, 2, 0, fffff800034deeb4}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
Probably caused by : ntoskrnl.exe ( nt+78eb4 )
Padlo ti to, Máchale, asi vítr..
Zkus se kouknout pomocí whocrashed.
z najväčšou pravdepodobnosťou je v systéme vírus alebo nejaký nekompatibbilný program,ktorý zapríčinil to,že hlavná súčasť jadra systému nevie overiť svoj systémový certifikát po pravidelnej časovej zmene
Tak jsem to zanalyzoval a vyšlo mi toto, takže zato nejpíš může Avast
3: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff87feefd5020, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800034deeb4, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: fffff87feefd5020
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiCommitThreadWait+34
fffff800`034deeb4 65488b3c2520000000 mov rdi,qword ptr gs:[20h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: AvastSvc.exe
no bohužial,treba pozrieť podporu avastu,či nemá k dispozícii nejaký fix/update/patch alebo prezrieť nastavenia,aby nebránil jadru systému k prístupu ku cryptographic engine a systém mohol overovať kritické systémové súbory a ich systémové certifikáty,pokial žiadny update nebude k dispozícii,alebo zmeny nastavenia avastu nebudú úspešné,doporučujem dotyčný program so stávajúcim operačným systémom nepoužívať....