locked
Pantallazo Azul (1 DUMP +2 Pantallazos) RRS feed

  • Pregunta

  • Venia teniendo pantallazos esporádicos (cada semana o 2 semanas..) desde hace tiempo. Pero ahora son casi diarios. Solo he conseguido un DUMP desde que activé el volcado de memoria. Los demas me salen corruptos. Iré reportando más conforme los vaya obteniendo.

    Hos dejo el DUMP y el texto de 2 pantallazos.

    Gracias


    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Documents and Settings\AMK\Escritorio\PANTALLAZOS\Mini031111-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
    Product: WinNt
    Built by: 2600.xpsp_sp3_gdr.101209-1647
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
    Debug session time: Fri Mar 11 22:56:07.578 2011 (UTC + 1:00)
    System Uptime: 0 days 12:03:45.519
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....
    Loading User Symbols
    Loading unloaded module list
    ..............................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {2, 893eb1f4, 893eb000, 8981f840}

    Probably caused by : tcpip.sys ( tcpip!MdpAllocateAtDpcLevel+eb )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000002, Pool header has been corrupted
    Arg2: 893eb1f4, Pointer to pool header
    Arg3: 893eb000, First part of pool header contents
    Arg4: 8981f840, 0

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0xc2_2

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    LAST_CONTROL_TRANSFER:  from ae0d90d2 to 804f9f43

    STACK_TEXT:  
    f714dad8 ae0d90d2 000000c2 00000002 893eb1f4 nt!KeBugCheckEx+0x1b
    f714db04 ae0aeb38 8900f780 f714dc00 f77adc90 tcpip!MdpAllocateAtDpcLevel+0xeb
    f714db1c ae0ae5af 8900f780 f714dc00 f700dc54 tcpip!MdpAllocate+0x1a
    f726db2c e9000226 fffedcbd 71ef6857 5653f722 tcpip!GetIPHdrBuffer+0x13
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    f726db34 71ef6857 5653f722 01ebd8e8 dcb5e900 0xe9000226
    f726db38 5653f722 01ebd8e8 dcb5e900 016afffe 0x71ef6857
    f726db3c 01ebd8e8 dcb5e900 016afffe 56535057 0x5653f722
    f726db40 dcb5e900 016afffe 56535057 fba9b4e8 0x1ebd8e8
    f726db44 016afffe 56535057 fba9b4e8 dcb4e9ff 0xdcb5e900
    f726db48 56535057 fba9b4e8 dcb4e9ff 75fffffe 0x16afffe
    f726db4c fba9b4e8 dcb4e9ff 75fffffe aaffe808 0x56535057
    f726db50 dcb4e9ff 75fffffe aaffe808 9090fffa 0xfba9b4e8
    f726db54 75fffffe aaffe808 9090fffa 8b909090 0xdcb4e9ff
    f726db58 aaffe808 9090fffa 8b909090 f633a45d 0x75fffffe
    f726db5c 9090fffa 8b909090 f633a45d fedd0ee9 0xaaffe808
    f726db60 8b909090 f633a45d fedd0ee9 c875ffff 0x9090fffa
    f726db64 f633a45d fedd0ee9 c875ffff b03815ff 0x8b909090
    f726db68 fedd0ee9 c875ffff b03815ff 7589f722 0xf633a45d
    f726db6c c875ffff b03815ff 7589f722 dd06e9c8 0xfedd0ee9
    f726db70 b03815ff 7589f722 dd06e9c8 ff53fffe 0xc875ffff
    f726db74 7589f722 dd06e9c8 ff53fffe dee80875 0xb03815ff
    f726db78 dd06e9c8 ff53fffe dee80875 e9fffee1 0x7589f722
    f726db7c ff53fffe dee80875 e9fffee1 fffedd11 0xdd06e9c8
    f726db80 dee80875 e9fffee1 fffedd11 3815ff50 0xff53fffe
    f726db84 e9fffee1 fffedd11 3815ff50 89f722b0 0xdee80875
    f726db88 fffedd11 3815ff50 89f722b0 dd1ae937 0xe9fffee1
    f726db8c 3815ff50 89f722b0 dd1ae937 40f6fffe 0xfffedd11
    f726db90 89f722b0 dd1ae937 40f6fffe 07740206 0x3815ff50
    f726db94 dd1ae937 40f6fffe 07740206 b015ff50 0x89f722b0
    f726db98 40f6fffe 07740206 b015ff50 fff722ad 0xdd1ae937
    f726db9c 07740206 b015ff50 fff722ad 5c15ff37 0x40f6fffe
    f726dba0 b015ff50 fff722ad 5c15ff37 89f722ad 0x7740206
    f726dba4 fff722ad 5c15ff37 89f722ad dd12e937 0xb015ff50
    f726dba8 5c15ff37 89f722ad dd12e937 6a56fffe 0xfff722ad
    f726dbac 89f722ad dd12e937 6a56fffe 9075ff01 0x5c15ff37
    f726dbb0 dd12e937 6a56fffe 9075ff01 fcf1e6e8 0x89f722ad
    f726dbb4 6a56fffe 9075ff01 fcf1e6e8 dd15e9ff 0xdd12e937
    f726dbb8 9075ff01 fcf1e6e8 dd15e9ff 70fffffe 0x6a56fffe
    f726dbbc fcf1e6e8 dd15e9ff 70fffffe 0875ff48 0x9075ff01
    f726dbc0 dd15e9ff 70fffffe 0875ff48 fa5bfde8 0xfcf1e6e8
    f726dbc4 70fffffe 0875ff48 fa5bfde8 016a56ff 0xdd15e9ff
    f726dbc8 0875ff48 fa5bfde8 016a56ff e82c73ff 0x70fffffe
    f726dbcc fa5bfde8 016a56ff e82c73ff fffcf1cb 0x875ff48
    f726dbd0 016a56ff e82c73ff fffcf1cb e92c7389 0xfa5bfde8
    f726dbd4 e82c73ff fffcf1cb e92c7389 fffedd52 0x16a56ff
    f726dbd8 fffcf1cb e92c7389 fffedd52 ff4870ff 0xe82c73ff
    f726dbdc e92c7389 fffedd52 ff4870ff dfe80875 0xfffcf1cb
    f726dbe0 fffedd52 ff4870ff dfe80875 e9fffa5b 0xe92c7389
    f726dbe4 ff4870ff dfe80875 e9fffa5b fffeddc7 0xfffedd52
    f726dbe8 dfe80875 e9fffa5b fffeddc7 ff4877ff 0xff4870ff
    f726dbec e9fffa5b fffeddc7 ff4877ff cfe80875 0xdfe80875
    f726dbf0 fffeddc7 ff4877ff cfe80875 56fffa5b 0xe9fffa5b
    f726dbf4 ff4877ff cfe80875 56fffa5b e857016a 0xfffeddc7
    f726dbf8 cfe80875 56fffa5b e857016a fffcf19f 0xff4877ff
    f726dbfc 56fffa5b e857016a fffcf19f feddcee9 0xcfe80875
    f726dc00 e857016a fffcf19f feddcee9 08858dff 0x56fffa5b
    f726dc04 fffcf19f feddcee9 08858dff 50ffffff 0xe857016a
    f726dc08 feddcee9 08858dff 50ffffff 8b53016a 0xfffcf19f
    f726dc0c 08858dff 50ffffff 8b53016a e857087d 0xfeddcee9
    f726dc10 50ffffff 8b53016a e857087d fffba289 0x8858dff
    f726dc14 8b53016a e857087d fffba289 800947f6 0x50ffffff
    f726dc18 e857087d fffba289 800947f6 478b1475 0x8b53016a
    f726dc1c fffba289 800947f6 478b1475 0c408b28 0xe857087d
    f726dc20 800947f6 478b1475 0c408b28 0001883d 0xfffba289
    f726dc24 478b1475 0c408b28 0001883d 3d0774c0 0x800947f6
    f726dc28 0c408b28 0001883d 3d0774c0 c00000d8 0x478b1475
    f726dc2c 0001883d 3d0774c0 c00000d8 858b1375 0xc408b28
    f726dc30 3d0774c0 c00000d8 858b1375 ffffff08 0x1883d
    f726dc34 c00000d8 858b1375 ffffff08 0974c63b 0x3d0774c0
    f726dc38 858b1375 ffffff08 0974c63b ff208d8b 0xc00000d8
    f726dc3c ffffff08 0974c63b ff208d8b 4189ffff 0x858b1375
    f726dc40 0974c63b ff208d8b 4189ffff 10778904 0xffffff08
    f726dc44 ff208d8b 4189ffff 10778904 e9207789 0x974c63b
    f726dc48 4189ffff 10778904 e9207789 fffedd8d 0xff208d8b
    f726dc4c 10778904 e9207789 fffedd8d 0046004d 0x4189ffff


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    tcpip!MdpAllocateAtDpcLevel+eb
    ae0d90d2 ae              scas    byte ptr es:[edi]

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  tcpip!MdpAllocateAtDpcLevel+eb

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: tcpip

    IMAGE_NAME:  tcpip.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  485b99ad

    FAILURE_BUCKET_ID:  0xc2_2_tcpip!MdpAllocateAtDpcLevel+eb

    BUCKET_ID:  0xc2_2_tcpip!MdpAllocateAtDpcLevel+eb

    Followup: MachineOwner
    ---------

    2: kd> lmvm tcpip
    start    end        module name
    ae0ab000 ae103480   tcpip      (pdb symbols)          c:\websymbols\tcpip.pdb\5DAF4A45ECAA4DE9B4CA8998CEB472442\tcpip.pdb
        Loaded symbol image file: tcpip.sys
        Mapped memory image file: c:\websymbols\tcpip.sys\485B99AD58480\tcpip.sys
        Image path: \SystemRoot\system32\DRIVERS\tcpip.sys
        Image name: tcpip.sys
        Timestamp:        Fri Jun 20 13:51:09 2008 (485B99AD)
        CheckSum:         0005ED6B
        ImageSize:        00058480
        File version:     5.1.2600.5625
        Product version:  5.1.2600.5625
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.7 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     tcpip.sys
        OriginalFilename: tcpip.sys
        ProductVersion:   5.1.2600.5625
        FileVersion:      5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
        FileDescription:  TCP/IP Protocol Driver
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

     

     

    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: tcpip.sys

    BAD_POOL_CALLER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x000000c2 (0x00000002, 0x893eb1f4, 0x893eb000, 0x8981f840)

    *** tcpip.sys - Address 0xae0d90d3 base at 0xae0ab000 DateStamp 0x485b99ad

     

     

    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file:

    KERNEL_MODE_EXCEPTION_NOT_HANDLED

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x1000008e (0xc0000005, 0x8054bdf2, 0xa445eb14, 0x00000000)

    ***  - Address 0x00000000 base at 0x00000000 DateStamp 0x00000000

     

     

    • Editado Vega321 domingo, 13 de marzo de 2011 2:10
    domingo, 13 de marzo de 2011 0:47

Respuestas

  • Aparentemente es en  tcpip.sys lo cual indica que pueden ser dos cosas:

    1) Troyanos, virus o spyware que se mete en el stack IP para intervenir las comunicaciones.

    2) O bien drivers de tu tarjeta de red... o incluso la propia tarjeta de red dañada.

    Saludos.

     

    • Marcado como respuesta Vega321 viernes, 18 de marzo de 2011 1:54
    • Desmarcado como respuesta Vega321 viernes, 18 de marzo de 2011 6:28
    • Marcado como respuesta Ismael Borche lunes, 28 de marzo de 2011 17:40
    domingo, 13 de marzo de 2011 8:44

Todas las respuestas

  •  

    Acabo de sufrir un cuelgue sin reinicio ni pantallazo, después de actualizar los drivers de la gráfica. Aunque no se si esto será solo una coincidencia.

    Aprovecho y dejo otro DUMP que parece corrupto o medio corrupto, por si os dice algo.


    Loading Dump File [E:\ALMACEN\PANTALLAZOS\MEMORY33.DMP]
    Kernel Complete Dump File: Full address space is available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp3_gdr.101209-1647
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
    Debug session time: Sat Mar 12 22:17:43.171 2011 (UTC + 1:00)
    System Uptime: 0 days 2:03:04.125
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    WARNING: Unable to reset page directories
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....Missing image name, possible paged-out or corrupt data.
    .*** WARNING: Unable to verify timestamp for Unknown_Module_00000000
    Unable to add module at 00000000
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - HRESULT 0x80004002

    Loading unloaded module list
    ...................
    WARNING: .reload failed, module list may be incomplete
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    CS descriptor lookup failed
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get program counter
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 8E, {c0000005, 8054bdf2, a445eb14, 0}

    *** WARNING: Unable to verify timestamp for mssmbios.sys
    *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    Probably caused by : ntkrpamp.exe ( nt!ExAllocatePoolWithTag+48a )

    Followup: MachineOwner
    ---------

    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    0: kd> !analyze -v
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get program counter
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8054bdf2, The address that the exception occurred at
    Arg3: a445eb14, Trap Frame
    Arg4: 00000000

    Debugging Details:
    ------------------

    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    GetContextState failed, 0xD0000147
    Unable to read selector for PCR for processor 0

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en "0x%08lx" hace referencia a la memoria en "0x%08lx". La memoria no se puede "%s".

    FAULTING_IP:
    nt!ExAllocatePoolWithTag+48a
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    8054bdf2 3900            cmp     dword ptr [eax],eax

    TRAP_FRAME:  a445eb14 -- (.trap 0xffffffffa445eb14)
    ErrCode = 0197dbda
    Unable to get program counter
    eax=53303138 ebx=0194822b ecx=325f5041 edx=4337030a esi=6f662074 edi=78742e33
    eip=fdf90001 esp=007544c5 ebp=00000000 iopl=0 vip vif ov up di pl nz na po nc
    cs=0005  ss=115b  ds=0d0a  es=0d0a  fs=322e  gs=7465             efl=00180902
    0005:0001 ??              ???
    GetContextState failed, 0xD0000147
    Resetting default scope
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    BUGCHECK_STR:  0x8E

    UNALIGNED_STACK_POINTER:  007544c5

    LAST_CONTROL_TRANSFER:  from 00000000 to fdf90001

    STACK_TEXT: 
    GetContextState failed, 0xD0000147
    Unable to get current machine context, NTSTATUS 0xC0000147


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP:
    nt!ExAllocatePoolWithTag+48a
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    8054bdf2 3900            cmp     dword ptr [eax],eax

    SYMBOL_NAME:  nt!ExAllocatePoolWithTag+48a

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrpamp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  4d00d46f

    FAILURE_BUCKET_ID:  0x8E_nt!ExAllocatePoolWithTag+48a

    BUCKET_ID:  0x8E_nt!ExAllocatePoolWithTag+48a

    Followup: MachineOwner
    ---------

    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    0: kd> lmvm nt
    start    end        module name
    804d7000 806e6000   nt         (pdb symbols)          c:\websymbols\ntkrpamp.pdb\ADBB8940685E4448A748028B784C8F3A1\ntkrpamp.pdb
        Loaded symbol image file: ntkrpamp.exe
        Image path: ntkrpamp.exe
        Image name: ntkrpamp.exe
        Timestamp:        Thu Dec 09 14:06:55 2010 (4D00D46F)
        CheckSum:         001F51E6
        ImageSize:        0020F000
        File version:     5.1.2600.6055
        Product version:  5.1.2600.6055
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0c0a.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Sistema operativo Microsoft® Windows®
        InternalName:     ntkrpamp.exe
        OriginalFilename: ntkrpamp.exe
        ProductVersion:   5.1.2600.6055
        FileVersion:      5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
        FileDescription:  Sistema y núcleo de Windows NT
        LegalCopyright:   Copyright (C) Microsoft Corporation. Reservados todos los derechos.
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147

     

     

    domingo, 13 de marzo de 2011 1:10
  • Aparentemente es en  tcpip.sys lo cual indica que pueden ser dos cosas:

    1) Troyanos, virus o spyware que se mete en el stack IP para intervenir las comunicaciones.

    2) O bien drivers de tu tarjeta de red... o incluso la propia tarjeta de red dañada.

    Saludos.

     

    • Marcado como respuesta Vega321 viernes, 18 de marzo de 2011 1:54
    • Desmarcado como respuesta Vega321 viernes, 18 de marzo de 2011 6:28
    • Marcado como respuesta Ismael Borche lunes, 28 de marzo de 2011 17:40
    domingo, 13 de marzo de 2011 8:44
  • Ok. Pues voy pasar varios antivirus y antispywares a ver si encuentro algo, y actualizaré los drivers de la tarjeta de red. Ya comentaré como evoluciona la cosa... Muchas Gracias!
    domingo, 13 de marzo de 2011 19:39
  • Ok. Pues voy pasar varios antivirus y antispywares a ver si encuentro algo, y actualizaré los drivers de la tarjeta de red. Ya comentaré como evoluciona la cosa... Muchas Gracias!


    Fijate que tambien ha comentado como posibilidad el que la tarjeta de red esté fisicamente dañada. Te lo comento porque a mi me pasó y era la tarjeta.

     

    domingo, 13 de marzo de 2011 19:48
  • Bueno, acabo de pasar mi antivirus más otro online y dos antispywares, y la única detección relevante que he encontrado ha sido este malware que ya he borrado:

    Malware.Trace    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman

    También he actualizado los drivers de la tarjeta de red, y por ahora ningún pantallazo. Esperemos que dure.

    Gracias .endivia por el apunte. Mi tarjeta de red es integrada (la de esta placa: http://es.gigabyte.com/products/mb/specs/ga-ep45-ds3r_10.html) Si estuviera dañada, ¿valdría con desinstalarla y poner una nueva, o tendría que comprar otra placa?

    Un saludo

    lunes, 14 de marzo de 2011 1:24
  • Bueno, acabo de pasar mi antivirus más otro online y dos antispywares, y la única detección relevante que he encontrado ha sido este malware que ya he borrado:

    Malware.Trace    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman

    También he actualizado los drivers de la tarjeta de red, y por ahora ningún pantallazo. Esperemos que dure.

    Gracias .endivia por el apunte. Mi tarjeta de red es integrada (la de esta placa: http://es.gigabyte.com/products/mb/specs/ga-ep45-ds3r_10.html) Si estuviera dañada, ¿valdría con desinstalarla y poner una nueva, o tendría que comprar otra placa?

    Un saludo


    A mi tambien me ha pasado con algunas integradas en placa madre por haberse dañado. En ese caso hay que desactivarlas y poner una tarjeta externa PCI.

    Saludos :)

    lunes, 14 de marzo de 2011 4:35
  •  

    Edito el mensaje que escribí hace unas horas para dar las gracias y zanjar el tema, ya que si antes hablo antes se jode el asunto.

    Me ha dado otro pantallazo, en concreto 3 seguidos mientras veia un canal de TV online. Digo esto porque siempre que veo algún video o retransmisión me da la sensación que obtengo más pantallazos. Por eso pensaba que se trataba de la gráfica.

    Del pimer pantallazo, el DUMP está corrupto. He desactivado el volcado de memoria completo porque los últimos siempre me salían corruptos y he dejado el Minidump.

    Del segundo también corrupto pero he rescatado el pantallazo:


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: inspect.sys

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x100000d1 (0x00000004, 0x00000002, 0x00000001, 0xf72077e6)

    *** inspect.sys - Address 0xf72077e6 base at 0xf71fd000 DateStamp 0x4d24a49



    Del tercero tengo el pantallazo y el minidump:


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: Ntfs.sys

    UNEXPECTED_KERNEL_MODE_TRAP

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x0000007f (0x00000000, 0x00000000, 0x00000000, 0x00000000)

    *** Ntfs.sys - Address 0xf72136bb base at 0xf7213000 DateStamp 0x48025be5





    Loading Dump File [C:\WINDOWS\Minidump\Mini031811-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp3_gdr.101209-1647
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
    Debug session time: Fri Mar 18 05:17:49.156 2011 (UTC + 1:00)
    System Uptime: 0 days 0:03:26.097
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .......
    Loading User Symbols
    Loading unloaded module list
    .........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {0, 0, 0, 0}

    Probably caused by : ntkrpamp.exe ( nt!Ki386CheckDivideByZeroTrap+41 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000000, EXCEPTION_DIVIDED_BY_ZERO
    Arg2: 00000000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x7f_0

    TRAP_FRAME:  aa3fffbc -- (.trap 0xffffffffaa3fffbc)
    ErrCode = 00000000
    eax=00000000 ebx=8944b9b0 ecx=8950e838 edx=00000000 esi=88e3fcfc edi=8944baf4
    eip=f72cbcf3 esp=aa400030 ebp=aa400050 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    fltmgr!FltpLinkCompletionNodeToInstance+0x61:
    f72cbcf3 f731            div     eax,dword ptr [ecx]  ds:0023:8950e838=????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT:  2

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    PROCESS_NAME:  cfp.exe

    LAST_CONTROL_TRANSFER:  from 805a26fd to 804f9f1e

    STACK_TEXT: 
    aa3fff58 805a26fd 0000007f f72cbcf3 88e3fcfc nt!KeBugCheck+0x14
    aa3fffb0 80542284 aa3fffbc aa400050 f72cbcf3 nt!Ki386CheckDivideByZeroTrap+0x41
    aa3fffb0 f72cbcf3 aa3fffbc aa400050 f72cbcf3 nt!KiTrap00+0x84
    aa400050 f72ca7dd aa4000e8 aa4000e8 88ebfe04 fltmgr!FltpLinkCompletionNodeToInstance+0x61
    aa4000a4 f72cc2a0 004000e8 88e3fc48 88ebfe04 fltmgr!FltpPerformPreCallbacks+0x229
    aa4000b8 f72d9217 aa4000e8 f72d76aa 00000000 fltmgr!FltpPassThroughInternal+0x32
    aa4000d0 f72d9742 aa4000e8 aa4003b0 88ebfc60 fltmgr!FltpCreateInternal+0x63
    aa400104 804ef19f 89d82a98 88ebfc50 88ebfc50 fltmgr!FltpCreate+0x258
    aa400114 80583220 8a3b38e8 88f07d5c aa4002ac nt!IopfCallDriver+0x31
    aa4001f4 805bf488 8a3b3900 00000000 88f07cb8 nt!IopParseDevice+0xa12
    aa40026c 805bba14 00000000 aa4002ac 00000040 nt!ObpLookupObjectName+0x53c
    aa4002c0 80576feb 00000000 00000000 806e8401 nt!ObOpenObjectByName+0xea
    aa400444 8054167c 02d6f4b8 02d6f490 02d6f4e4 nt!NtQueryAttributesFile+0xf1
    aa400444 7c91e514 02d6f4b8 02d6f490 02d6f4e4 nt!KiFastCallEntry+0xfc
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    02d6f4e4 00000000 00000000 00000000 00000000 0x7c91e514


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!Ki386CheckDivideByZeroTrap+41
    805a26fd c645e601        mov     byte ptr [ebp-1Ah],1

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!Ki386CheckDivideByZeroTrap+41

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrpamp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  4d00d46f

    FAILURE_BUCKET_ID:  0x7f_0_nt!Ki386CheckDivideByZeroTrap+41

    BUCKET_ID:  0x7f_0_nt!Ki386CheckDivideByZeroTrap+41

    Followup: MachineOwner
    ---------

     

    He desinstalado mi comodo firewall por si las moscas. Por lo del inspect.sys que veo que es del comodo.

    No se si veis alguna cosa nueva antes de ir a comprar la Tarjeta de red externa.

    La gráfica me tiene preocupadillo ¿la puedo descartar?

     

    Un saludo

    viernes, 18 de marzo de 2011 1:44