貌似小A6.0和360冲突导致我win7蓝屏，求分析，有minidump

显示全部楼层 · 发表于 2011-3-8 16:07:59

楼主，我只能分析一下了，再得帮不了你了，你百度下，帮顶了，等高手

显示全部楼层 · 发表于 2011-3-8 16:10:09

谢谢大家了……

显示全部楼层 · 发表于 2011-3-8 16:13:13

dl123100 发表于 2011-3-8 16:06
楼主貌似装了早期的win7 sp1 换成最新的吧

我和同学用同一张盘装的，别人都没事，就我的出事了……

显示全部楼层 · 发表于 2011-3-8 16:26:21

回复 13楼史前图腾的帖子

楼主，你把avast，卸了，看看在蓝屏不，如果是avast引起的，就换个杀软

显示全部楼层 · 发表于 2011-3-8 16:27:46

路过了解下。

显示全部楼层 · 发表于 2011-3-8 16:27:46

回复 13楼史前图腾的帖子

这么旧的系统文件稳定性还不如不打SP1的最新版早晚都得升级的
而且微软不提供符号文件提供了dump也没法进一步分析
至于解决蓝屏卸载360杀毒或者avast其中之一即可

显示全部楼层 · 发表于 2011-3-8 16:32:35

各位高手，我自己用windb试了下，说是 aswMonFlt.sys引起的呀
百度上说

文件名称：aswmonflt.sys
文件MD5：feca7b75774b8b3d7dac06ee64d8da3a MD5校验
文件大小：135KB
出品公司：ALWIL Software
文件版本：4.8.1227.0
文件描述：avast! File System Minifilter for Windows 2003/Vis

显示全部楼层 · 发表于 2011-3-8 16:35:23

我全复制过来了，不会违反什么规定吧？

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\030811-25194-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.          *
* Use .symfix to have the debugger choose a symbol path.                *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1.153) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x84444000 PsLoadedModuleList = 0x8458d850
Debug session time: Tue Mar  8 15:09:59.924 2011 (GMT+8)
System Uptime: 0 days 0:06:50.609
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 807cc750, 0, 0}

*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** WARNING: Unable to verify timestamp for fltmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
*** WARNING: Unable to verify timestamp for aswMonFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for aswMonFlt.sys
*** WARNING: Unable to verify timestamp for bdfsfltr.sys
*** ERROR: Module load completed but symbols could not be loaded for bdfsfltr.sys
*** WARNING: Unable to verify timestamp for qutmdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for qutmdrv.sys
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Probably caused by : aswMonFlt.sys ( aswMonFlt+2f24 )

Followup: MachineOwner
---------

显示全部楼层 · 发表于 2011-3-8 16:59:27

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 807cc750, 0, 0}

*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** WARNING: Unable to verify timestamp for fltmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
*** WARNING: Unable to verify timestamp for aswMonFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for aswMonFlt.sys
*** WARNING: Unable to verify timestamp for bdfsfltr.sys
*** ERROR: Module load completed but symbols could not be loaded for bdfsfltr.sys
*** WARNING: Unable to verify timestamp for qutmdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for qutmdrv.sys
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

我把这段里的几个sys都百度了一下，
aswsp.sys是杀毒软件avast!的自我保护模块，是属于avast!的驱动程序之一。
qutmdrv.sys是360的驱动。
bdfsfltr.sys 这是一个安全文件，属于BitDefender S.R.L. Bucharest, ROMANIA的文件。
aswmonflt.sys 这是一个无威胁文件。属于ALWIL Software的文件。
fltmgr.sys文件描述: Microsoft Filesystem Filter Manager出品公司: Microsoft Corporation 360描述: 微软文件系统过滤器管理器驱动文件。
Ntfs.sys这个文件是 Windows 系统文件。进程是不可见的。

[已解决] 貌似小A6.0和360冲突导致我win7蓝屏，求分析，有minidump