可能与360有关的死机蓝屏

x13579

新系统和新装的360.

thinkpad 笔记本win7 x64 ,intel 处理器，4G内存，360v8.9.

因为做任务赚积分所以才去扫描木马。

第一次是在前几天扫描时点开11game，点一个房间准备进去（不记得当时有没有开IE10)，结果鼠标不能动，键盘没有反应，硬盘不再发出声响，等了一段时间只好强制关机。
第二次是在今天，扫描时用IE10上网，然后就失去响应。只有鼠标可以动，但什么都做不了，360可以选择退出，但也退不掉。硬盘也不响了。开始菜单关不掉机，只好强制关机。

这之后我认为这不是偶然现象就根据网上资料设置了手动蓝屏(thinkpad居然没有scroll lock,网上搜才知道是fn+c)，准备重现死机时手动蓝屏生成一份kernel memory dump。

于是进行木马查杀里的快速扫描，然后用IE10狂开了十几个页面，没想到这回不等我手动蓝屏，自己主动蓝了。。

dump用windbg看是这样，
--------------------------------------------割--------------------------------------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000022, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800044d0927, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  0000000000000022

CURRENT_IRQL:  2

FAULTING_IP:
nt!IoBoostThreadIoPriority+1e7
fffff800`044d0927 418a442422      mov     al,byte ptr [r12+22h]

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  iexplore.exe

TRAP_FRAME:  fffff8800c46c1a0 -- (.trap 0xfffff8800c46c1a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000c rbx=0000000000000000 rcx=fffff800046ba880
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800044d0927 rsp=fffff8800c46c330 rbp=0000000000000000
r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=fffffa8004f52820 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe cy
nt!IoBoostThreadIoPriority+0x1e7:
fffff800`044d0927 418a442422      mov     al,byte ptr [r12+22h] ds:0bb0:0022=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80004487569 to fffff80004487fc0

STACK_TEXT:  
fffff880`0c46c058 fffff800`04487569 : 00000000`0000000a 00000000`00000022 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0c46c060 fffff800`044861e0 : 00000000`00000001 fffffa80`04147450 00000000`00000007 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`0c46c1a0 fffff800`044d0927 : fffffa80`20206f00 00000000`00000001 00000000`00000000 fffffa80`07367010 : nt!KiPageFault+0x260
fffff880`0c46c330 fffff800`04467e95 : fffffa80`04147060 fffff8a0`00000002 fffffa80`04147400 fffff880`0c46c3b0 : nt!IoBoostThreadIoPriority+0x1e7
fffff880`0c46c4e0 fffff800`04467f4d : fffffa80`0737ce10 00000000`00000001 00000000`00000000 fffff880`04964180 : nt!ExpCheckForIoPriorityBoost+0x151
fffff880`0c46c520 fffff800`0448d1ac : ffffffff`ffb3b4c0 fffffa80`09df1150 fffffa80`0737ce10 fffff880`01462aae : nt!ExpWaitForResource+0x8d
fffff880`0c46c590 fffff880`01628293 : 00000000`c00000d8 fffff8a0`00165a90 fffffa80`09a99650 fffffa80`079be8b0 : nt!ExAcquireResourceExclusiveLite+0x14f
fffff880`0c46c600 fffff880`016b5f70 : fffffa80`09a99650 fffff880`0c46c860 fffff8a0`00165a90 00000000`00000009 : Ntfs!NtfsAcquireExclusiveFcb+0x73
fffff880`0c46c650 fffff880`016bd6bc : fffffa80`09a99650 fffff8a0`00165bc0 fffff8a0`00165a90 fffffa80`07361180 : Ntfs!NtfsCommonClose+0xa0
fffff880`0c46c720 fffff880`01460bcf : fffff880`0c46c801 fffffa80`09afcb80 fffff880`0c468000 00000000`00000003 : Ntfs!NtfsFsdClose+0x2dc
fffff880`0c46c820 fffff880`0145f6df : fffffa80`04f849a0 fffffa80`09afcb80 fffffa80`0496ee00 fffffa80`09afcb80 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0c46c8b0 fffff800`0477ff2e : fffffa80`09927f20 fffffa80`04f658b0 fffffa80`04190b30 fffffa80`04f849a0 : fltmgr!FltpDispatch+0xcf
fffff880`0c46c910 fffff800`044911d4 : fffffa80`09927f20 fffffa80`04190b30 fffffa80`03fca640 00000000`18c3eb20 : nt!IopDeleteFile+0x11e
fffff880`0c46c9a0 fffff800`0477aae4 : fffffa80`04190b30 00000000`00000000 fffffa80`0454bb50 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`0c46ca00 fffff800`0477b094 : 00000000`00001224 fffffa80`04190b30 fffff8a0`03680700 00000000`00001224 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`0c46ca90 fffff800`04487253 : fffffa80`0454bb50 fffff880`0c46cb60 00000000`7ef1c000 fffffa80`00000004 : nt!ObpCloseHandle+0x94
fffff880`0c46cae0 00000000`775b140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`18c3e4c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775b140a


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!IoBoostThreadIoPriority+1e7
fffff800`044d0927 418a442422      mov     al,byte ptr [r12+22h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!IoBoostThreadIoPriority+1e7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  503f82be

FAILURE_BUCKET_ID:  X64_0xA_nt!IoBoostThreadIoPriority+1e7

BUCKET_ID:  X64_0xA_nt!IoBoostThreadIoPriority+1e7

Followup: MachineOwner


---------------------------------------------------再割---------------------------------

baidu上搜nt!IoBoostThreadIoPriority搜到一个差不多的案例：

bbs.kafan.cn/thread-1226147-1-1.html


另外dump有515MB，mini的我删了。不知道如何向360同学提供这份dump

virusdefense

太技术了我回答不了，祝你早日解决蓝屏问题。

tieshu0608

金山卫士不折腾

§夢非夢§

不估计了,可能是驱动冲突引擎内存读写出错.坐等官方回复吧,祝楼主早日找到蓝屏问题

CiInitialize

Dump可以传到360云盘(yunpan.cn)上。

笙儿

请提供thinkpad具体型号，然后我帮你看看。

360主动防御

先做下磁盘检查和修复. (磁盘上 右键 属性 就有磁盘检查和修复选项)
这个看起来很像是文件系统出了问题.

x13579

360主动防御 发表于 2012-12-4 17:42
先做下磁盘检查和修复. (磁盘上 右键 属性 就有磁盘检查和修复选项)
这个看起来很像是文件系统出了问题.

前几天查过没问题。等会我再查一次.dump我正往云盘上传

唯我独尊

用7z压缩，再上传

x13579

笙儿 发表于 2012-12-4 17:27
请提供thinkpad具体型号，然后我帮你看看。

thinkpad edge e430
不过光知道型号未必管用吧。