Auteur de questions
ecran bleu: avast+win7+rappelz (jeux mmo)
Discussion générale
-
Bonjour,
Suite a la mise a jour de avast (7.1456), j'obtient un écran bleu sur un jeu, d'où création d'un fichier dmp.
Je me suis tourné dans un premier temps vers avast (étant donné que c'est suite a leurs dernière mise a jour que ça déconne), et ils ont scruter et analyser le fichier *.dmp, la conclusion ne s'est pas fait attendre, c'est WerFault.exe qui pose un problème.
Source de leurs réponse:
I checked the dump. And there isn't a word about avast :( It seems that the failing process is WerFault.exe which is a tool from Microsoft. There might be a corrupted registry keys which are causing this problem - http://www.processlibrary.com/directory/files/werfault/429136/
It might be possible that the avast is the root cause of this issue. If you'd be able to find the "corrupted" registry and fix it then I'd really appreciate if you would send me the keys. I could then report a bug to our developers - and they would be able to fix it.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa80068b1b30, Terminating object
Arg3: fffffa80068b1e10, Process image file name
Arg4: fffff80002dd7510, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: fffffa80068b1b30
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: wininit
FAULTING_MODULE: 0000000000000000
PROCESS_NAME: WerFault.exe
BUGCHECK_STR: 0xF4_WerFault.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002e5f892 to fffff80002ad81c0
STACK_TEXT:
fffff880`07b13b08 fffff800`02e5f892 : 00000000`000000f4 00000000`00000003 fffffa80`068b1b30 fffffa80`068b1e10 : nt!KeBugCheckEx
fffff880`07b13b10 fffff800`02e0be8b : ffffffff`ffffffff fffffa80`07aacb50 fffffa80`068b1b30 fffffa80`039401b0 : nt!PspCatchCriticalBreak+0x92
fffff880`07b13b50 fffff800`02d8af74 : ffffffff`ffffffff 00000000`00000001 fffffa80`068b1b30 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x176d6
fffff880`07b13ba0 fffff800`02ad7453 : fffffa80`068b1b30 fffff880`000000ff fffffa80`07aacb50 00000000`00000210 : nt!NtTerminateProcess+0xf4
fffff880`07b13c20 00000000`771b01af : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0017cdb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771b01af
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: wininit.exe
FAILURE_BUCKET_ID: X64_0xF4_WerFault.exe_IMAGE_wininit.exe
BUCKET_ID: X64_0xF4_WerFault.exe_IMAGE_wininit.exe
Followup: MachineOwner
---------J'ai donc nettoyer, rebooter etc, et toujours le même problème.
D'après mon dernier crash ce serait Winint.exe la cause des soucis, dont voici le fichier dmp:
Microsoft (R) Windows Debugger Version 6.2.8400.4218 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\080112-27939-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdll.microsoft.com/download/symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02a59000 PsLoadedModuleList = 0xfffff800`02c9d670
Debug session time: Wed Aug 1 19:16:35.412 2012 (UTC + 2:00)
System Uptime: 0 days 0:07:53.380
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, fffffa8006927060, fffffa8006927340, fffff80002dd7510}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : wininit.exe
Followup: MachineOwner
---------
Si vous avez une idée de la façon dont je peux résoudre mon problème, elle serait la bienvenue.
D'avance je vous remercie.
mercredi 1 août 2012 21:09
Toutes les réponses
-
Bonsoir,
werfault n'est pas l'origine du plantage, mais une conséquence !
C'est une commande lancée par le système lorsqu'une erreur est détectée.
La cause initiale indiquée (voir quelques lignes plus haut dans ton extrait de dump) provient de l'exécutable "WININIT.EXE".
=> Rechercher la clé de registre "Wininit" pour voir quelles sont les paramètres bizarres ou nouveaux qui ont y pu apparaître.
A bientôt,
PS: En cas de doute, on peut tester la désinstallation de AVAST et l'installation de MSE (Microsoft Security Essentials).
Thierry DEMAN. Exchange MVP. https://mvp.support.microsoft.com/profile=CE2B565B-B13D-4C24-B04D-F0D5766D14A1 http://www.faqexchange.info
dimanche 5 août 2012 21:34 -
Bonjour,
Je vient de vérifié dans la base des registre "wininit" en comparant avec mon 2eme pc qui lui fonctionne mais avec la version antérieur de avast pro (c'est le seul pc sur lequel le jeux en question fonctionne), et pas de différences entre les deux.
D'après la personne que j'ai contacter du service qualité de avast, il me conseille de contacter microsoft assistance technique (72 euro l'assistance lol).
Ce qui est fort c'est que je ne suis pas un cas isolé, et c'est assez étonnant c'est que personne n'a cherché un correctif a ce petit soucis, que ce soit le service technique de Gpotato, celui de Avast ou Microsoft, car il doit bien y avoir une incompatibilité quelque part.
cordialement.
vendredi 10 août 2012 22:31 -
Bonjour,
J'ai supprimé complètement avst, et nettoyage complet avec tuneup, ccleaner, et installé MSE, tout fonctionne.
Il y a donc une incompatibilité quelque part entre win7, avast 7.0.1456 et le jeu rappelz (qui utilise gameguard).
Y aura t' il un correctif de la part d'un des 3 concerné?
Cordialement.
dimanche 12 août 2012 06:41 -
Il semblerait que le problème soit connu chez Avast : http://forum.avast.com/index.php?PHPSESSID=csrqso72ub7mng13jgkgfodml0&topic=102720.0
Ensuite, ici on ne traite pas les problèmes liés aux autres éditeurs et/ou sur des jeux. Car comme tu le dis, en désinstallant Avast tout refonctionne. Donc ...
Alex
GIRAUD Alexandre - MVP Forefront France http://www.alexgiraud.net/blog Note : Si ma réponse vous a été utile, ou apporté une résolution; merci de voter ou de la marquer comme réponse.
jeudi 16 août 2012 09:45
