locked
BSOD en Vista ...... ayuda por favooorrrr !!!! RRS feed

  • Pregunta

  • Bueno , hace unos dias decidi pasarme de Xp a Vista , todo iba bien , hasta que comenzó el festival del BSOD .... , aqui dejo el error en si y el dump, para ver si me pueden ayudar por faa ...

    Firma con problemas:
      Nombre del evento de problema:    BlueScreen
      Versión del sistema operativo:    6.0.6001.2.1.0.256.1
      Id. de configuración regional:    13322

    Información adicional del problema:
      BCCode:   d1
      BCP1:    00000000
      BCP2:    00000002
      BCP3:    00000008
      BCP4:    00000000
      OS Version:    6_0_6001
      Service Pack:    1_0
      Product:    256_1

    Archivos que ayudan a describir el problema:
      C:\Windows\Minidump\Mini111008-01.dmp
      C:\Windows\Temp\WER-40326-0.sysdata.xml
      C:\Windows\Temp\WEREE63.tmp.version.txt


    DUMP

    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\Mini111008-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path.           *
    * Use .symfix to have the debugger choose a symbol path.                   *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Kernel base = 0x82006000 PsLoadedModuleList = 0x8211dc70
    Debug session time: Mon Nov 10 18:32:13.267 2008 (GMT-4)
    System Uptime: 0 days 1:44:35.991
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Loading Kernel Symbols
    ............................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, 2, 8, 0}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Probably caused by : ntkrnlpa.exe ( nt+5ad24 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000008, value 0 = read operation, 1 = write operation
    Arg4: 00000000, address which referenced memory

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************

    MODULE_NAME: nt

    FAULTING_MODULE: 82006000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  48d1b7fa

    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     00000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    +0
    00000000 ??              ???

    CUSTOMER_CRASH_COUNT:  2

    DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

    BUGCHECK_STR:  0xD1

    LAST_CONTROL_TRANSFER:  from 00000000 to 82060d24

    FAILED_INSTRUCTION_ADDRESS:
    +0
    00000000 ??              ???

    STACK_TEXT: 
    820fb2f8 00000000 badb0d00 00000000 00000000 nt+0x5ad24


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt+5ad24
    82060d24 833d644c138200  cmp     dword ptr [nt+0x12ec64 (82134c64)],0

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  nt+5ad24

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  ntkrnlpa.exe

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    les agradeceria la ayuda , saludos !!!
    lunes, 10 de noviembre de 2008 21:48

Respuestas

  • Pues ahi tienes al culpable...desinstalalo y reza, la desinstalacion del antivirus algunas veces deja tocado el explorer...

     

    Antivirus...prueba el OneCare..tiene un periodo de prueba de 2 o 3 meses (no lo recuerdo bien)..si te gusta, la licencia vale 50 euros que tampoco es tanto..si quieres que sea un antivirus free..pues segun he oido, avast va bien, lo tengo en XP y su unico defecto es que pita por todo..avira no lo e provado...

     

    Saludos!

     

    • Marcado como respuesta Atilla Arruda martes, 19 de enero de 2010 1:46
    martes, 11 de noviembre de 2008 0:15
  • Yo no aconsjeo antivirus por varios motivos: todos dan un incide de aciertos de solo un 70-75% por lo que dan por desgracia una falsa sensacion de seguridad que hace bajar la guardia al usuario. Además para parecer que hacen algo son histericos con respecto a paginas de navegacion que nunca son pelirosas a menso que aceptemos un ActiveX, y si lo aceptamos malo, porque el antivirus puede fallar en la deteccion: son histericos con los scripts de dichas paginas cuando estos si tenemos el PC al dia son inofensivos.

     

    Además son un cuello de botella en el sistema tremendo: todo pasa por ellos, acceso a disco, acceso a red, etc. Necesitamos un PC 4 veces mas potente y con discos 4 veces mas rapidos para ser igual que otro PC que no los use.

     

    Y encima... fallan. Si no quedase otra alternativa, mi consejo pasaría por el OneCare por un simple motivo: es igual de malo que los demas pero es de Microsoft por tanto daña menos al sistema, falla menos en ese sentido y se integra mejor. (ademas es menos histerico con los avisos que lo unico que hacen es escandalizar al usuario).

     

    Realmente si queremos estar protegidos solo es "buenas practicas" y sentido comun. Y esto debemos usarlo tengamos o no antivirus ya que el indice de fallos de estos y sobre todo con virus indetectables de ultima generacion es escandaloso y las propias casas de antivirus reconocen que a estos ultimos no podrán reconocerles nunca.

     

    Un saludo,

     

    • Marcado como respuesta Atilla Arruda martes, 19 de enero de 2010 1:46
    martes, 11 de noviembre de 2008 11:29

Todas las respuestas

  • Faltan todos los simbolos, y por tanto tienes en windbg sin configurar. Configura tal y como describo en este articulo:

    http://www.multingles.net/docs/jmt/bsod.htm

    Y a continuacion analiza de nuevo y dejame los resultados.

    Un saludo,
    lunes, 10 de noviembre de 2008 22:05
  • ya aqui esta el dump de forma correcta creo , muchas gracias de antemano. Si falta algo me avisan !

    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\Mini111008-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
    Kernel base = 0x82006000 PsLoadedModuleList = 0x8211dc70
    Debug session time: Mon Nov 10 18:32:13.267 2008 (GMT-4)
    System Uptime: 0 days 1:44:35.991
    Loading Kernel Symbols
    ............................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, 2, 8, 0}

    Unable to load image \SystemRoot\system32\DRIVERS\kl1.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for kl1.sys
    *** ERROR: Module load completed but symbols could not be loaded for kl1.sys
    Unable to load image \SystemRoot\system32\DRIVERS\klim6.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for klim6.sys
    *** ERROR: Module load completed but symbols could not be loaded for klim6.sys
    Probably caused by : kl1.sys ( kl1+3bded )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000008, value 0 = read operation, 1 = write operation
    Arg4: 00000000, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from 8213d868
    Unable to read MiSystemVaType memory at 8211d420
     00000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    +0
    00000000 ??              ???

    PROCESS_NAME:  System

    CUSTOMER_CRASH_COUNT:  2

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    TRAP_FRAME:  820fb2f8 -- (.trap 0xffffffff820fb2f8)
    ErrCode = 00000010
    eax=00000016 ebx=820fb444 ecx=00000000 edx=00000000 esi=84e7c592 edi=851bcde8
    eip=00000000 esp=820fb36c ebp=0000008e iopl=0         nv up ei ng nz ac po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010292
    00000000 ??              ???
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 00000000 to 82060d24

    FAILED_INSTRUCTION_ADDRESS:
    +0
    00000000 ??              ???

    STACK_TEXT: 
    820fb2f8 00000000 badb0d00 00000000 00000000 nt!KiTrap0E+0x2ac
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    820fb368 8de3fded 00000000 00000016 820fb444 0x0
    820fb3a8 8c05d392 851bcde8 00000016 820fb444 kl1+0x3bded
    820fb4b4 82e829c1 00000000 820fb508 82e82280 tdx!TdxEventReceiveMessagesTransportAddress+0x48e
    820fb4cc 820fb508 82e823b2 851b41f8 820fb4f0 tcpip!InetFilterDatagramBySessionInformationAf+0x27
    820fb508 82e7ae12 00000000 00000001 00000000 nt!KiDoubleFaultStack+0x2508
    820fb554 82e7aeb1 8511a978 0010e000 820fb590 tcpip!UdpReceiveDatagrams+0x112
    820fb564 82e78fef 820fb578 c000023e 00000000 tcpip!UdpNlClientReceiveDatagrams+0x12
    820fb590 82e78db2 82ecffdc 820fb5e4 c000023e tcpip!IppDeliverListToProtocol+0x49
    820fb5b0 82e78cd9 82ecfc68 00000011 820fb5e4 tcpip!IppProcessDeliverList+0x2a
    820fb608 82e784cc 82ecfc68 00000011 84919b00 tcpip!IppReceiveHeaderBatch+0x1eb
    820fb698 8e3e5404 84e77250 00000000 00000001 tcpip!IpFlcReceivePackets+0xbe1
    820fb724 82ccf0b0 02abb1e4 00000000 00000000 wanarp!WanNdisReceivePackets+0x4e2
    820fb758 82cc17e3 002c0b80 84e7d140 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0xab
    820fb8e4 82c0257f 85e490e8 862c0b80 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x7c
    820fb900 82c2dd88 85e490e8 84e7d140 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2c
    820fb91c 82c2dd5f 861dcc10 84e7d140 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x20
    820fb938 8e3b65a8 861dcc10 84e7d140 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x1b
    820fb974 82c2dd88 861eeab8 84e7d140 00000000 pacer!PcFilterReceiveNetBufferLists+0xd2
    820fb990 82c2dd5f 862943e8 84e7d140 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x20
    820fb9ac 8e3c9003 862943e8 84e7d140 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x1b
    00000000 00000000 00000000 00000000 00000000 klim6+0x2003


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    kl1+3bded
    8de3fded ??              ???

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  kl1+3bded

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: kl1

    IMAGE_NAME:  kl1.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  48849e41

    FAILURE_BUCKET_ID:  0xD1_CODE_AV_NULL_IP_kl1+3bded

    BUCKET_ID:  0xD1_CODE_AV_NULL_IP_kl1+3bded

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v

    lunes, 10 de noviembre de 2008 22:23
  • Por curiosidad...tienes o has tenido instalado el karspersky???

    Saludos!!
    lunes, 10 de noviembre de 2008 22:35
  • Kaspersky.

    Los antivirus... malo...

    Un saludo,
    lunes, 10 de noviembre de 2008 23:07
  • Tengo el Kaspersky de hecho ... bueno .. lo voy a sacar  ... cual me recomiendan que no me de problemas ?? (ojala de los gratuitos , Avira , Avast .. )

    Muchas gracias !

    Saludos !
    lunes, 10 de noviembre de 2008 23:21
  • Pues ahi tienes al culpable...desinstalalo y reza, la desinstalacion del antivirus algunas veces deja tocado el explorer...

     

    Antivirus...prueba el OneCare..tiene un periodo de prueba de 2 o 3 meses (no lo recuerdo bien)..si te gusta, la licencia vale 50 euros que tampoco es tanto..si quieres que sea un antivirus free..pues segun he oido, avast va bien, lo tengo en XP y su unico defecto es que pita por todo..avira no lo e provado...

     

    Saludos!

     

    • Marcado como respuesta Atilla Arruda martes, 19 de enero de 2010 1:46
    martes, 11 de noviembre de 2008 0:15
  • Yo no aconsjeo antivirus por varios motivos: todos dan un incide de aciertos de solo un 70-75% por lo que dan por desgracia una falsa sensacion de seguridad que hace bajar la guardia al usuario. Además para parecer que hacen algo son histericos con respecto a paginas de navegacion que nunca son pelirosas a menso que aceptemos un ActiveX, y si lo aceptamos malo, porque el antivirus puede fallar en la deteccion: son histericos con los scripts de dichas paginas cuando estos si tenemos el PC al dia son inofensivos.

     

    Además son un cuello de botella en el sistema tremendo: todo pasa por ellos, acceso a disco, acceso a red, etc. Necesitamos un PC 4 veces mas potente y con discos 4 veces mas rapidos para ser igual que otro PC que no los use.

     

    Y encima... fallan. Si no quedase otra alternativa, mi consejo pasaría por el OneCare por un simple motivo: es igual de malo que los demas pero es de Microsoft por tanto daña menos al sistema, falla menos en ese sentido y se integra mejor. (ademas es menos histerico con los avisos que lo unico que hacen es escandalizar al usuario).

     

    Realmente si queremos estar protegidos solo es "buenas practicas" y sentido comun. Y esto debemos usarlo tengamos o no antivirus ya que el indice de fallos de estos y sobre todo con virus indetectables de ultima generacion es escandaloso y las propias casas de antivirus reconocen que a estos ultimos no podrán reconocerles nunca.

     

    Un saludo,

     

    • Marcado como respuesta Atilla Arruda martes, 19 de enero de 2010 1:46
    martes, 11 de noviembre de 2008 11:29
  • Tengo el Kaspersky de hecho ... bueno .. lo voy a sacar  ... cual me recomiendan que no me de problemas ?? (ojala de los gratuitos , Avira , Avast .. )

    Muchas gracias !

    Saludos !

     

     

     

    No es suficiente con desinstalar Kaspersky desde "Desinstalar o cambiar programas" puesto que se quedan muchos restos de este  que pueden darte problemas. Debes usar la herramienta que proporciona el fabricante para este fin:

     

    http://support.kaspersky.com/downloads/products2009/kavremover9.zip

     

     

     

    martes, 11 de noviembre de 2008 22:56