Author Topic: BSOD pravdepodobne zpusobene Avastem  (Read 230 times)

0 Members and 1 Guest are viewing this topic.

Offline amares

  • Newbie
  • *
  • Posts: 1
BSOD pravdepodobne zpusobene Avastem
« on: November 23, 2017, 05:07:02 PM »
Dobry den,
pouzivam Avast Premier v Windows 10. V poslednim tydnu se mi zacly objevovat nahodne BSOD, vetsinou pri surfovani po internetu.
V event logu je k videni hlaska: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x0000003b (0x00000000c0000005, 0xfffff80236470ce0, 0xffff860157756010, 0x0000000000000000). Výpis byl uložen do: C:\WINDOWS\MEMORY.DMP. ID hlášení: f420290c-420c-41b5-8d02-1298311305bc


Po analyze minidumpu mam pocit, ze problem je spojen s ovladacem aswbidsdrivera.sys, ktery je zrejme soucasti Avastu.


Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             C:\Program Files (x86)\Windows Kits\10\Symbols
Symbol search path is: C:\Program Files (x86)\Windows Kits\10\Symbols
Executable search path is:
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 16299.15.amd64fre.rs3_release.170928-1534
Machine Name:
Kernel base = 0xfffff802`36003000 PsLoadedModuleList = 0xfffff802`36364fb0
Debug session time: Thu Nov 23 15:35:28.798 2017 (UTC + 1:00)
System Uptime: 0 days 0:17:10.518
Loading Kernel Symbols
...............................................................
................................................................
................................................................
................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0083d018).  Type ".hh dbgerr001" for details
Loading unloaded module list
.............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80236470ce0, ffff860157756010, 0}

*** ERROR: Module load completed but symbols could not be loaded for aswbidsdrivera.sys
*** ERROR: Module load completed but symbols could not be loaded for aswMonFlt.sys
Probably caused by : aswbidsdrivera.sys ( aswbidsdrivera+279b6 )

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80236470ce0, Address of the instruction which caused the bugcheck
Arg3: ffff860157756010, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  16299.15.amd64fre.rs3_release.170928-1534

SYSTEM_MANUFACTURER:  HP

SYSTEM_PRODUCT_NAME:  HP Pavilion Desktop PC 570-p0XX

SYSTEM_SKU:  1JU85EA#BCM

BIOS_VENDOR:  AMI

BIOS_VERSION:  F.14

BIOS_DATE:  05/22/2017

BASEBOARD_MANUFACTURER:  HP

BASEBOARD_PRODUCT:  82F2

BASEBOARD_VERSION:  A01

DUMP_TYPE:  1

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff80236470ce0

BUGCHECK_P3: ffff860157756010

BUGCHECK_P4: 0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP:
nt!RtlCompareUnicodeString+50
fffff802`36470ce0 440fb710        movzx   r10d,word ptr [rax]

CONTEXT:  ffff860157756010 -- (.cxr 0xffff860157756010)
rax=000600000005b8bc rbx=000600000005b976 rcx=000000000000005d
rdx=ffffca0c167c3268 rsi=0000000000005302 rdi=fff9ca0c167679bc
rip=fffff80236470ce0 rsp=ffff860157756a08 rbp=000000000000005d
 r8=ffffca0c167c3201  r9=0000000000000001 r10=0000000000001001
r11=0000000000000000 r12=0000000000000548 r13=0000000000000000
r14=ffff860157756ab0 r15=ffff860157756ba8
iopl=0         nv up ei ng nz ac pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010292
nt!RtlCompareUnicodeString+0x50:
fffff802`36470ce0 440fb710        movzx   r10d,word ptr [rax] ds:002b:00060000`0005b8bc=????
Resetting default scope

CPU_COUNT: 4

CPU_MHZ: bb8

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: 9

CPU_MICROCODE: 6,9e,9,0 (F,M,S,R)  SIG: 5E'00000000 (cache) 5E'00000000 (init)

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  TONDA-W10

ANALYSIS_SESSION_TIME:  11-23-2017 17:06:03.0203

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8070d4879b6 to fffff80236470ce0

STACK_TEXT: 
ffff8601`57756a08 fffff807`0d4879b6 : ffffca0c`167c3240 ffffca0c`167d4b58 ffffa48f`a53c6108 00000000`00000001 : nt!RtlCompareUnicodeString+0x50
ffff8601`57756a10 fffff802`360d9d66 : 00000047`00490046 fffff802`360a73b6 ffffa48f`aefb2310 ffffa48f`ac596e50 : aswbidsdrivera+0x279b6
ffff8601`57756a40 fffff802`36108527 : ffffa48f`a53c6108 00000000`c0000225 00000000`0000000d ffffca0c`16678110 : nt!FindNodeOrParent+0x42
ffff8601`57756a70 fffff807`0d48a500 : ffffa48f`a53c6010 ffffa48f`aefd3800 00000000`00003170 fffff802`00000384 : nt!RtlDeleteElementGenericTable+0x17
ffff8601`57756aa0 fffff807`0d46f179 : ffff8601`57756ba8 ffff8601`57756bf0 00000000`00000000 ffff8601`57756bf0 : aswbidsdrivera+0x2a500
ffff8601`57756af0 fffff807`0d470937 : ffffa48f`00000000 00000000`00002438 00000000`00001e50 ffff8601`57756ea0 : aswbidsdrivera+0xf179
ffff8601`57756e70 fffff807`0e71245e : 00000000`00000000 00000000`00000000 ffff8601`57757100 fffff807`0c2316f0 : aswbidsdrivera+0x10937
ffff8601`57756ef0 fffff807`0e73033b : 00000000`00000002 ffff8601`57756fc0 ffff8601`57757148 fffff807`0a201209 : aswMonFlt+0x245e
ffff8601`57756f60 fffff807`0a2068ba : 00000000`00000000 ffffa48f`a52f58f0 ffffa48f`a52f55f0 ffffa48f`a52f57f0 : aswMonFlt+0x2033b
ffff8601`577570f0 fffff807`0a206076 : ffffa48f`aefd3800 00000000`00000000 ffffa48f`a5732600 00000000`00000000 : FLTMGR!FltpPerformPostCallbacks+0x47a
ffff8601`577571d0 fffff807`0a208639 : ffffa48f`af0567b0 ffffa48f`a52f55f0 ffffa48f`a52f5608 ffffa48f`af056be0 : FLTMGR!FltpPassThroughCompletionWorker+0x76
ffff8601`57757240 fffff807`0a23b57f : ffff8601`577572f0 00000000`00000000 ffffa48f`aefd3800 fffff802`364ccda4 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x239
ffff8601`577572b0 fffff802`3603b8d9 : ffffa48f`aed1cb00 00000000`00000005 ffffa48f`af056c28 ffffa48f`a4deba00 : FLTMGR!FltpCreate+0x2cf
ffff8601`57757360 fffff802`364cd7b2 : 00000000`00000005 ffff8601`57757660 ffffa48f`aefd3840 00000000`00000989 : nt!IofCallDriver+0x59
ffff8601`577573a0 fffff802`36505987 : fffff802`364ccf90 fffff802`364ccf90 ffff8601`00000000 ffffa48f`a4deac40 : nt!IopParseDevice+0x822
ffff8601`57757560 fffff802`364fd060 : ffffa48f`aeecdb01 ffff8601`577577b8 00000000`00000040 ffffa48f`a38baf20 : nt!ObpLookupObjectName+0x5b7
ffff8601`57757720 fffff802`364f9fc1 : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000028 : nt!ObOpenObjectByNameEx+0x1e0
ffff8601`57757860 fffff802`364f7749 : 00000000`3254e618 00000000`00000000 00000000`3254eee0 00000000`3254e630 : nt!IopCreateFile+0x391
ffff8601`57757900 fffff802`36172553 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateFile+0x79
ffff8601`57757990 00007ff9`185008e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`3254e5a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`185008e4


THREAD_SHA1_HASH_MOD_FUNC:  b218283fec3d1c7e0f40ba1cdcefa6c3b9ed6d60

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  5526be3dd46078cabb8dc8f12da6605a1300be90

THREAD_SHA1_HASH_MOD:  a00435d86f9f9c314d75a27b03f4336237869b40

FOLLOWUP_IP:
aswbidsdrivera+279b6
fffff807`0d4879b6 8bc8            mov     ecx,eax

FAULT_INSTR_CODE:  c085c88b

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  aswbidsdrivera+279b6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswbidsdrivera

IMAGE_NAME:  aswbidsdrivera.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  59e4674d

STACK_COMMAND:  .cxr 0xffff860157756010 ; kb

BUCKET_ID_FUNC_OFFSET:  279b6

FAILURE_BUCKET_ID:  0x3B_aswbidsdrivera!unknown_function

BUCKET_ID:  0x3B_aswbidsdrivera!unknown_function

PRIMARY_PROBLEM_CLASS:  0x3B_aswbidsdrivera!unknown_function

TARGET_TIME:  2017-11-23T14:35:28.000Z

OSBUILD:  16299

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-10-25 05:06:03

BUILDDATESTAMP_STR:  170928-1534

BUILDLAB_STR:  rs3_release

BUILDOSVER_STR:  10.0.16299.15.amd64fre.rs3_release.170928-1534

ANALYSIS_SESSION_ELAPSED_TIME:  4a3

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_aswbidsdrivera!unknown_function

FAILURE_ID_HASH:  {d481b7f8-08bd-c543-8179-a2879fceae5d}

Followup:     MachineOwner
---------