[Løst] Blåskjerm problem. :(

[QUiPS]

Hei.

 

Har blåskjerm og jeg tror jeg har fått et slags virus eller malvare ting?

jeg får blåtan når pcen har stått i hvilemodus og jeg skal skru den på igjen.

 

har lastet ned windows debugging tools og aktivert "dumping".

 

som vist nedenfor står det IMAGE_NAME: csrss.exe og jeg tror det er det som får meg til å få blåskjerm? (er jeg helt på vilspor eller) "fakta" om csrss.exe.

 

Og pcen er nybygd for ca 3-4 uker siden og jeg startet og få blåtan for litt under en uke siden.

Hardware:

 

60gb corsair SSD.

1tb western digital HDD.

GTX 560 ti.

windows 7 ultimate 64 bit. (fra thepiratebay)

750watt strømforsyning.

2500k 3.3 ghz sandy bridge prossesor.

Asus p8p67 hovedkort.

og det var kort oppsumert hardwaren min.

Prossesoren har vanlige temperaturer.

 

sry hvis det ble veldig rotete og jeg setter VELDIG stor pris på raske svar.

 

 

har kjørt windbg og jeg får dette opp:

 

----------------------------------------------------------------------------------------

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\Windows\Minidump\MEMORY.DMP]

Kernel Summary Dump File: Only kernel address space is available

 

Symbol search path is: SRV*your local folder for symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850

Machine Name:

Kernel base = 0xfffff800`03000000 PsLoadedModuleList = 0xfffff800`03245e90

Debug session time: Sat Apr 16 23:15:18.841 2011 (UTC + 2:00)

System Uptime: 0 days 0:24:10.715

Loading Kernel Symbols

...............................................................

................................................................

......Page 1c7803 not present in the dump file. Type ".hh dbgerr004" for details

............Page 1c5d6d not present in the dump file. Type ".hh dbgerr004" for details

..................................Page 179dbe not present in the dump file. Type ".hh dbgerr004" for details

.........

Loading User Symbols

PEB is paged out (Peb.Ldr = 000007ff`fffdf018). Type ".hh dbgerr001" for details

Loading unloaded module list

........

The context is partially valid. Only x86 user-mode context is available.

The wow64exts extension must be loaded to access 32-bit state.

.load wow64exts will do this if you haven't loaded it already.

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck F4, {3, fffffa80092b3060, fffffa80092b3340, fffff80003383db0}

 

Page 1c7803 not present in the dump file. Type ".hh dbgerr004" for details

Probably caused by : csrss.exe

 

Followup: MachineOwner

---------

 

16.0: kd:x86> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

CRITICAL_OBJECT_TERMINATION (f4)

A process or thread crucial to system operation has unexpectedly exited or been

terminated.

Several processes and threads are necessary for the operation of the

system; when they are terminated (for any reason), the system can no

longer function.

Arguments:

Arg1: 0000000000000003, Process

Arg2: fffffa80092b3060, Terminating object

Arg3: fffffa80092b3340, Process image file name

Arg4: fffff80003383db0, Explanatory message (ascii)

 

Debugging Details:

------------------

 

Page 1c7803 not present in the dump file. Type ".hh dbgerr004" for details

 

PROCESS_OBJECT: fffffa80092b3060

 

IMAGE_NAME: csrss.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

MODULE_NAME: csrss

 

FAULTING_MODULE: 0000000000000000

 

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

 

BUGCHECK_STR: 0xF4

 

CURRENT_IRQL: 0

 

STACK_TEXT:

00000000 00000000 00000000 00000000 00000000 0x0

 

 

STACK_COMMAND: kb

 

FOLLOWUP_NAME: MachineOwner

 

FAILURE_BUCKET_ID: X64_0xF4_IMAGE_csrss.exe

 

BUCKET_ID: X64_0xF4_IMAGE_csrss.exe

 

Followup: MachineOwner

---------

Endret 17. april 2011 av T0rd

[QUiPS]

Bump

[fenderebest]

Blåskjermen oppstår pga at csrss.exe avsluttes. Csrss er en kritisk windows prosess og hvis denne avsluttes vil du få en blåskjerm. Problemet oppstår sannsynligvis pga av at csrss møter på en feil som ikke kan håndteres. Som regel skyldes dette at et 3'e-parts program forstyrrer.

 

Du kan jo sjekke om det logges noe interessant i eventvwr.msc relatert til csrss, evt kan du sjekke ut ASCII-strengen lagret i dump filen ved å bruke kommandoen da.

 

I denne dumpen ville kommandoen i Windbg blitt "da fffff80003383db0"

[QUiPS]

Når jeg prøver å skrive "da fffff80003383db0" i windbg kommer dette opp:

 

_____________________________________________________________________________________

 

16.0: kd:x86> da fffff80003383db0

0000:3db0 "????????????????????????????????"

0000:3dd0 "????????????????????????????????"

0000:3df0 "????????????????????????????????"

0000:3e10 "????????????????????????????????"

0000:3e30 "????????????????????????????????"

0000:3e50 "????????????????????????????????"

0000:3e70 "????????????????????????????????"

0000:3e90 "????????????????????????????????"

0000:3eb0 "????????????????????????????????"

0000:3ed0 "????????????????????????????????"

0000:3ef0 "????????????????????????????????"

0000:3f10 "????????????????????????????????"

[QUiPS]

Fikk denne meldingen i windbg:

 

 

16.0: kd:x86> da X64_0xF4_IMAGE_csrss.exe

*** ERROR: Module load completed but symbols could not be loaded for SYMDS64.SYS

*** ERROR: Module load completed but symbols could not be loaded for mv91xx.sys

*** ERROR: Symbol file could not be found. Defaulted to export symbols for mvxxmm.sys -

*** ERROR: Symbol file could not be found. Defaulted to export symbols for SYMEVENT64x86.SYS -

*** ERROR: Module load completed but symbols could not be loaded for SYMEFA64.SYS

*** ERROR: Module load completed but symbols could not be loaded for SYMTDIV.SYS

*** ERROR: Module load completed but symbols could not be loaded for spldr.sys

*** ERROR: Module load completed but symbols could not be loaded for Ironx64.SYS

*** ERROR: Module load completed but symbols could not be loaded for SRTSPX64.SYS

*** ERROR: Module load completed but symbols could not be loaded for btfilter.sys

*** ERROR: Module load completed but symbols could not be loaded for RTL8192su.sys

*** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys

*** ERROR: Module load completed but symbols could not be loaded for eeCtrl64.sys

*** ERROR: Module load completed but symbols could not be loaded for EraserUtilRebootDrv.sys

*** ERROR: Module load completed but symbols could not be loaded for ccHPx64.sys

*** ERROR: Module load completed but symbols could not be loaded for AsUpIO.sys

*** ERROR: Module load completed but symbols could not be loaded for AsIO.sys

*** ERROR: Module load completed but symbols could not be loaded for mcdbus.sys

*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys

*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys

*** ERROR: Module load completed but symbols could not be loaded for ICCWDT.sys

*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys

*** ERROR: Module load completed but symbols could not be loaded for HECIx64.sys

*** ERROR: Module load completed but symbols could not be loaded for nusb3xhc.sys

*** ERROR: Module load completed but symbols could not be loaded for nusb3hub.sys

*** ERROR: Module load completed but symbols could not be loaded for nvhda64v.sys

*** ERROR: Symbol file could not be found. Defaulted to export symbols for drmk.sys -

*** ERROR: Module load completed but symbols could not be loaded for btath_rcp.sys

*** ERROR: Module load completed but symbols could not be loaded for RTKVHD64.sys

*** ERROR: Module load completed but symbols could not be loaded for peauth.sys

*** ERROR: Module load completed but symbols could not be loaded for btath_a2dp.sys

*** ERROR: Module load completed but symbols could not be loaded for btath_hcrp.sys

*** ERROR: Module load completed but symbols could not be loaded for btath_flt.sys

*** ERROR: Module load completed but symbols could not be loaded for btath_lwflt.sys

*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS

*** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS

*** ERROR: Module load completed but symbols could not be loaded for ENG64.SYS

*** ERROR: Module load completed but symbols could not be loaded for EX64.SYS

*** ERROR: Symbol file could not be found. Defaulted to export symbols for spsys.sys -

*** ERROR: Module load completed but symbols could not be loaded for btath_bus.sys

*** ERROR: Symbol file could not be found. Defaulted to export symbols for nvlddmkm.sys -

*** ERROR: Symbol file could not be found. Defaulted to export symbols for nvBridge.kmd -

*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys

Page 1c7803 not present in the dump file. Type ".hh dbgerr004" for details

Page 1c7803 not present in the dump file. Type ".hh dbgerr004" for details

Page 1c5d6d not present in the dump file. Type ".hh dbgerr004" for details

Page 1c5d6d not present in the dump file. Type ".hh dbgerr004" for details

Page 179dbe not present in the dump file. Type ".hh dbgerr004" for details

Page 179dbe not present in the dump file. Type ".hh dbgerr004" for details

Page 179dbe not present in the dump file. Type ".hh dbgerr004" for details

*** WARNING: Unable to verify timestamp for ATMFD.DLL

*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL

Couldn't resolve error at 'X64_0xF4_IMAGE_csrss.exe'

16.0: kd:x86>

[QUiPS]

Bump*!