none
vista ultimate上网时死机或自动重启动! RRS feed

  • 问题

  • vista ultimate上网时死机或自动重启动!

    附windebug and eventviewer 文档!

     

    Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Loading Kernel Symbols
    ..................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck E1, {8770e005, 2, 8648fd98, 8648fda0}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *** WARNING: Unable to verify timestamp for ndis.sys
    *** ERROR: Module load completed but symbols could not be loaded for ndis.sys
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Probably caused by : ndis.sys ( ndis+cf005 )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    WORKER_THREAD_RETURNED_AT_BAD_IRQL (e1)
    Arguments:
    Arg1: 8770e005, address of worker routine (do ln on this to find guilty driver)
    Arg2: 00000002, IRQL returned at (should have been 0, but isn't).
    Arg3: 8648fd98, workitem parameter
    Arg4: 8648fda0, workitem address

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************

    MODULE_NAME: ndis

    FAULTING_MODULE: 81c00000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4549b2fd

    FAULTING_IP:
    ndis+cf005
    8770e005 ??              ???

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

    BUGCHECK_STR:  0xE1

    LAST_CONTROL_TRANSFER:  from 81c79106 to 81cd8781

    STACK_TEXT: 
    WARNING: Stack unwind information not available. Following frames may be wrong.
    9d94fd34 81c79106 000000e1 8770e005 00000002 nt+0xd8781
    9d94fd7c 81e25556 8648fd98 9d944680 00000000 nt+0x79106
    9d94fdc0 81c915fe 81c78ec3 80000000 00000000 nt+0x225556
    00000000 00000000 00000000 00000000 00000000 nt+0x915fe


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP:
    ndis+cf005
    8770e005 ??              ???

    SYMBOL_NAME:  ndis+cf005

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  ndis.sys

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------


    日志名称:          System
    来源:            EventLog
    日期:            2009/1/4 17:49:37
    事件 ID:         6008
    任务类别:          无
    级别:            错误
    关键字:           经典
    用户:            暂缺
    计算机:          说明:
    上一次系统的 17:46:07 在 2009/1/4 上的关闭是意外的。
    事件 Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="EventLog" />
        <EventID Qualifiers="32768">6008</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2009-01-04T09:49:37.000Z" />
        <EventRecordID>62840</EventRecordID>
        <Channel>System</Channel>
        <Computer>yapdog</Computer>
        <Security />
      </System>
      <EventData>
        <Data>17:46:07</Data>
        <Data>2009/1/4</Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Data>7331</Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Binary>D90701000000040011002E000700BF00D90701000000040009002E000700BF00600900003C000000010000006009000000000000B00400000100000000000000</Binary>
      </EventData>
    </Event>

    日志名称:          Security
    来源:            Microsoft-Windows-Eventlog
    日期:            2009/1/4 17:49:45
    事件 ID:         1101
    任务类别:          事件处理
    级别:            错误
    关键字:           审核成功
    用户:            暂缺
    计算机:          说明:
    该传输已丢弃这些审核事件。实时备份文件由于非正常关机损坏。
    事件 Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
        <EventID>1101</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>101</Task>
        <Opcode>0</Opcode>
        <Keywords>0x4020000000000000</Keywords>
        <TimeCreated SystemTime="2009-01-04T09:49:45.786Z" />
        <EventRecordID>33663</EventRecordID>
        <Correlation />
        <Execution ProcessID="972" ThreadID="1664" />
        <Channel>Security</Channel>
        <Computer>yapdog</Computer>
        <Security />
      </System>
      <UserData>
        <AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
          <Reason>34</Reason>
        </AuditEventsDropped>
      </UserData>
    </Event>

    日志名称:          Security
    来源:            Microsoft-Windows-Security-Auditing
    日期:            2009/1/4 17:50:42
    事件 ID:         5032
    任务类别:          其他系统事件
    级别:            信息
    关键字:           审核失败
    用户:            暂缺
    计算机:          说明:
    Windows 防火墙无法通知用户其已阻止应用程序接受网络上的传入连接。

    错误代码: 2
    事件 Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
        <EventID>5032</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12292</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2009-01-04T09:50:42.084Z" />
        <EventRecordID>33744</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="720" />
        <Channel>Security</Channel>
        <Computer>yapdog</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="ErrorCode">2</Data>
      </EventData>
    </Event>

    2009年1月4日 10:10

答案

  •  

    首先下载windebug

     

    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

    说下debug方法
    1.
    我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
    2.
    蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
    3.
    找到C:\Windows\Minidump\

    4. 下载安装windwos debug tools, 我这有下载地址,或微软网站
    http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
    5.
    安装后创建一个临时目录,例如 c:\temp
    6.
    启动 windbg
    7. windbg
    界面: file->symbol file path (ctrl+s) 输入:
    SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    然后确定
    8. windbg
    界面: file->open crash dump(ctrl+d),打开9. 打开C:\Windows\Minidump\Mini122208-01.dmp后,等待提示
    当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
    !analyze -v
    10.
    等待分析完毕,可以知道什么导致的出错
    11. windbg
    使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。

    -----------------------------------------------------------------------

     

    你把敲完!analyze -v后的信息发上来!

     

    你的symbols file的路径不对!分析等于白搭!
    2009年1月5日 8:40

全部回复

  • 该错误一般是由网卡驱动引起。更新您的网卡驱动。

    或者是你的机器上的安全软件与系统有冲突。暂时卸载掉这些软件试试。

    或者是你中了病毒或恶意软件。

    更新网卡驱动后蓝屏依旧的话是可以尝试使用MSCONFIG》启动》全部禁用来看看是否错误依旧。

    2009年1月4日 11:47
    版主
  •  

    楼主应该是中毒了。你可以试一下在带网络连接的安全模式下上网会不会出现上述问题。如果安全模式下可以正常上网那多半与病毒有关。如果问题依旧可能是和网卡的驱动程序有关。
    2009年1月5日 1:28
  •  

    首先下载windebug

     

    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

    说下debug方法
    1.
    我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
    2.
    蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
    3.
    找到C:\Windows\Minidump\

    4. 下载安装windwos debug tools, 我这有下载地址,或微软网站
    http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
    5.
    安装后创建一个临时目录,例如 c:\temp
    6.
    启动 windbg
    7. windbg
    界面: file->symbol file path (ctrl+s) 输入:
    SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    然后确定
    8. windbg
    界面: file->open crash dump(ctrl+d),打开9. 打开C:\Windows\Minidump\Mini122208-01.dmp后,等待提示
    当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
    !analyze -v
    10.
    等待分析完毕,可以知道什么导致的出错
    11. windbg
    使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。

    -----------------------------------------------------------------------

     

    你把敲完!analyze -v后的信息发上来!

     

    你的symbols file的路径不对!分析等于白搭!
    2009年1月5日 8:40