Re: 求助分析一个DUMP文件，找不出原因来

WinDbg

求助分析一个DUMP文件，找不出原因来

泡泡 2014-11-02, 11:51 上午

这是其中的一个DUMP文件，电脑新装的系统，开机以后长时间不动电脑，多长时间我也不知道，反正至少在六个小时以上，电脑突然间就会蓝屏，我分析出来的是个ETFILEMON.SYS文件出错，查看详细的好像是所有的驱动都加载失败，我用安全模式进去，几天也不会蓝屏，正常模式，晚上的开电脑，早上来看肯定已经蓝屏了，早上打开电脑，到晚上来看肯定也蓝屏了，试过换了一个显卡的驱动，还是蓝屏，实在找不出来是哪个驱动的问题了，求大神指导

Loading Dump File [E:\新建文件夹 (2)\Minidump\Mini102714-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Mon Oct 27 13:34:49.171 2014 (UTC + 8:00)
System Uptime: 0 days 4:34:07.703
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
....................................................
Loading User Symbols
Loading unloaded module list
..............
Unable to load image EtFilemon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for EtFilemon.sys
*** ERROR: Module load completed but symbols could not be loaded for EtFilemon.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8053b658, a76c8194, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : EtFilemon.sys ( EtFilemon+1ba0 )

Followup: MachineOwner
---------

2: kd> ANALYZE -V
*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for hal.dll
*** WARNING: Unable to verify timestamp for HTTP.sys
*** ERROR: Module load completed but symbols could not be loaded for HTTP.sys
*** WARNING: Unable to verify timestamp for wdmaud.sys
*** ERROR: Module load completed but symbols could not be loaded for wdmaud.sys
*** WARNING: Unable to verify timestamp for srv.sys
*** ERROR: Module load completed but symbols could not be loaded for srv.sys
*** WARNING: Unable to verify timestamp for mrxdav.sys
*** ERROR: Module load completed but symbols could not be loaded for mrxdav.sys
*** WARNING: Unable to verify timestamp for protreg.sys
*** ERROR: Module load completed but symbols could not be loaded for protreg.sys
*** WARNING: Unable to verify timestamp for rsfwdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for rsfwdrv.sys
*** WARNING: Unable to verify timestamp for ndisuio.sys
*** ERROR: Module load completed but symbols could not be loaded for ndisuio.sys
*** WARNING: Unable to verify timestamp for dump_iastor.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_iastor.sys
*** WARNING: Unable to verify timestamp for ISODrive.sys
*** ERROR: Module load completed but symbols could not be loaded for ISODrive.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
*** ERROR: Module load completed but symbols could not be loaded for mrxsmb.sys
*** WARNING: Unable to verify timestamp for rdbss.sys
*** ERROR: Module load completed but symbols could not be loaded for rdbss.sys
*** WARNING: Unable to verify timestamp for afd.sys
*** ERROR: Module load completed but symbols could not be loaded for afd.sys
*** WARNING: Unable to verify timestamp for ipnat.sys
*** ERROR: Module load completed but symbols could not be loaded for ipnat.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** ERROR: Module load completed but symbols could not be loaded for netbt.sys
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
*** WARNING: Unable to verify timestamp for ipsec.sys
*** ERROR: Module load completed but symbols could not be loaded for ipsec.sys
*** WARNING: Unable to verify timestamp for mouhid.sys
*** ERROR: Module load completed but symbols could not be loaded for mouhid.sys
*** WARNING: Unable to verify timestamp for kbdhid.sys
*** ERROR: Module load completed but symbols could not be loaded for kbdhid.sys
*** WARNING: Unable to verify timestamp for Cdfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Cdfs.SYS
*** WARNING: Unable to verify timestamp for HIDCLASS.SYS
*** ERROR: Module load completed but symbols could not be loaded for HIDCLASS.SYS
*** WARNING: Unable to verify timestamp for IntcDAud.sys
*** ERROR: Module load completed but symbols could not be loaded for IntcDAud.sys
*** WARNING: Unable to verify timestamp for portcls.sys
*** ERROR: Module load completed but symbols could not be loaded for portcls.sys
*** WARNING: Unable to verify timestamp for CHDRT32.sys
*** ERROR: Module load completed but symbols could not be loaded for CHDRT32.sys
*** WARNING: Unable to verify timestamp for Dxapi.sys
*** ERROR: Module load completed but symbols could not be loaded for Dxapi.sys
*** WARNING: Unable to verify timestamp for update.sys
*** ERROR: Module load completed but symbols could not be loaded for update.sys
*** WARNING: Unable to verify timestamp for rdpdr.sys
*** ERROR: Module load completed but symbols could not be loaded for rdpdr.sys
*** WARNING: Unable to verify timestamp for psched.sys
*** ERROR: Module load completed but symbols could not be loaded for psched.sys
*** WARNING: Unable to verify timestamp for ndiswan.sys
*** ERROR: Module load completed but symbols could not be loaded for ndiswan.sys
*** WARNING: Unable to verify timestamp for ks.sys
*** ERROR: Module load completed but symbols could not be loaded for ks.sys
*** WARNING: Unable to verify timestamp for Rtenicxp.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtenicxp.sys
*** WARNING: Unable to verify timestamp for HDAudBus.sys
*** ERROR: Module load completed but symbols could not be loaded for HDAudBus.sys
*** WARNING: Unable to verify timestamp for USBPORT.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS
*** WARNING: Unable to verify timestamp for VIDEOPRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for VIDEOPRT.SYS
*** WARNING: Unable to verify timestamp for igxpmp32.sys
*** ERROR: Module load completed but symbols could not be loaded for igxpmp32.sys
*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** WARNING: Unable to verify timestamp for rfwndis.sys
*** ERROR: Module load completed but symbols could not be loaded for rfwndis.sys
*** WARNING: Unable to verify timestamp for ndistapi.sys
*** ERROR: Module load completed but symbols could not be loaded for ndistapi.sys
*** WARNING: Unable to verify timestamp for fsvga.sys
*** ERROR: Module load completed but symbols could not be loaded for fsvga.sys
*** WARNING: Unable to verify timestamp for rasacd.sys
*** ERROR: Module load completed but symbols could not be loaded for rasacd.sys
*** WARNING: Unable to verify timestamp for DeepFrz.sys
*** ERROR: Module load completed but symbols could not be loaded for DeepFrz.sys
*** WARNING: Unable to verify timestamp for etfilter.SYS
*** ERROR: Module load completed but symbols could not be loaded for etfilter.SYS
*** WARNING: Unable to verify timestamp for Mup.sys
*** ERROR: Module load completed but symbols could not be loaded for Mup.sys
*** WARNING: Unable to verify timestamp for NDIS.sys
*** ERROR: Module load completed but symbols could not be loaded for NDIS.sys
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** WARNING: Unable to verify timestamp for KSecDD.sys
*** ERROR: Module load completed but symbols could not be loaded for KSecDD.sys
*** WARNING: Unable to verify timestamp for sr.sys
*** ERROR: Module load completed but symbols could not be loaded for sr.sys
*** WARNING: Unable to verify timestamp for fltMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltMgr.sys
*** WARNING: Unable to verify timestamp for atapi.sys
*** ERROR: Module load completed but symbols could not be loaded for atapi.sys
*** WARNING: Unable to verify timestamp for iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
*** WARNING: Unable to verify timestamp for dmio.sys
*** ERROR: Module load completed but symbols could not be loaded for dmio.sys
*** WARNING: Unable to verify timestamp for ftdisk.sys
*** ERROR: Module load completed but symbols could not be loaded for ftdisk.sys
*** WARNING: Unable to verify timestamp for pci.sys
*** ERROR: Module load completed but symbols could not be loaded for pci.sys
*** WARNING: Unable to verify timestamp for ACPI.sys
*** ERROR: Module load completed but symbols could not be loaded for ACPI.sys
*** WARNING: Unable to verify timestamp for isapnp.sys
*** ERROR: Module load completed but symbols could not be loaded for isapnp.sys
*** WARNING: Unable to verify timestamp for MountMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for MountMgr.sys
*** WARNING: Unable to verify timestamp for VolSnap.sys
*** ERROR: Module load completed but symbols could not be loaded for VolSnap.sys
*** WARNING: Unable to verify timestamp for disk.sys
*** ERROR: Module load completed but symbols could not be loaded for disk.sys
*** WARNING: Unable to verify timestamp for CLASSPNP.SYS
*** ERROR: Module load completed but symbols could not be loaded for CLASSPNP.SYS
*** WARNING: Unable to verify timestamp for netbios.sys
*** ERROR: Module load completed but symbols could not be loaded for netbios.sys
*** WARNING: Unable to verify timestamp for NDProxy.SYS
*** ERROR: Module load completed but symbols could not be loaded for NDProxy.SYS
*** WARNING: Unable to verify timestamp for wanarp.sys
*** ERROR: Module load completed but symbols could not be loaded for wanarp.sys
*** WARNING: Unable to verify timestamp for HECI.sys
*** ERROR: Module load completed but symbols could not be loaded for HECI.sys
*** WARNING: Unable to verify timestamp for cdrom.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
*** WARNING: Unable to verify timestamp for raspppoe.sys
*** ERROR: Module load completed but symbols could not be loaded for raspppoe.sys
*** WARNING: Unable to verify timestamp for redbook.sys
*** ERROR: Module load completed but symbols could not be loaded for redbook.sys
*** WARNING: Unable to verify timestamp for raspptp.sys
*** ERROR: Module load completed but symbols could not be loaded for raspptp.sys
*** WARNING: Unable to verify timestamp for intelppm.sys
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
*** WARNING: Unable to verify timestamp for msgpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msgpc.sys
*** WARNING: Unable to verify timestamp for Enet.sys
*** ERROR: Module load completed but symbols could not be loaded for Enet.sys
*** WARNING: Unable to verify timestamp for termdd.sys
*** ERROR: Module load completed but symbols could not be loaded for termdd.sys
*** WARNING: Unable to verify timestamp for rasl2tp.sys
*** ERROR: Module load completed but symbols could not be loaded for rasl2tp.sys
*** WARNING: Unable to verify timestamp for usbhub.sys
*** ERROR: Module load completed but symbols could not be loaded for usbhub.sys
*** WARNING: Unable to verify timestamp for Fips.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fips.SYS
*** WARNING: Unable to verify timestamp for sysaudio.sys
*** ERROR: Module load completed but symbols could not be loaded for sysaudio.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for PCIIDEX.SYS
*** ERROR: Module load completed but symbols could not be loaded for PCIIDEX.SYS
*** WARNING: Unable to verify timestamp for PartMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for PartMgr.sys
*** WARNING: Unable to verify timestamp for ptilink.sys
*** ERROR: Module load completed but symbols could not be loaded for ptilink.sys
*** WARNING: Unable to verify timestamp for raspti.sys
*** ERROR: Module load completed but symbols could not be loaded for raspti.sys
*** WARNING: Unable to verify timestamp for kbdclass.sys
*** ERROR: Module load completed but symbols could not be loaded for kbdclass.sys
*** WARNING: Unable to verify timestamp for mouclass.sys
*** ERROR: Module load completed but symbols could not be loaded for mouclass.sys
*** WARNING: Unable to verify timestamp for Npfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Npfs.SYS
*** WARNING: Unable to verify timestamp for rfwarp.sys
*** ERROR: Module load completed but symbols could not be loaded for rfwarp.sys
*** WARNING: Unable to verify timestamp for rfwaf.sys
*** ERROR: Module load completed but symbols could not be loaded for rfwaf.sys
*** WARNING: Unable to verify timestamp for rfwtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for rfwtdi.sys
*** WARNING: Unable to verify timestamp for watchdog.sys
*** ERROR: Module load completed but symbols could not be loaded for watchdog.sys
*** WARNING: Unable to verify timestamp for HIDPARSE.SYS
*** ERROR: Module load completed but symbols could not be loaded for HIDPARSE.SYS
*** WARNING: Unable to verify timestamp for vga.sys
*** ERROR: Module load completed but symbols could not be loaded for vga.sys
*** WARNING: Unable to verify timestamp for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** WARNING: Unable to verify timestamp for usbehci.sys
*** ERROR: Module load completed but symbols could not be loaded for usbehci.sys
*** WARNING: Unable to verify timestamp for TDI.SYS
*** ERROR: Module load completed but symbols could not be loaded for TDI.SYS
*** WARNING: Unable to verify timestamp for BOOTVID.dll
*** ERROR: Module load completed but symbols could not be loaded for BOOTVID.dll
*** WARNING: Unable to verify timestamp for hidusb.sys
*** ERROR: Module load completed but symbols could not be loaded for hidusb.sys
*** WARNING: Unable to verify timestamp for kdcom.dll
*** ERROR: Module load completed but symbols could not be loaded for kdcom.dll
*** WARNING: Unable to verify timestamp for WMILIB.SYS
*** ERROR: Module load completed but symbols could not be loaded for WMILIB.SYS
*** WARNING: Unable to verify timestamp for intelide.sys
*** ERROR: Module load completed but symbols could not be loaded for intelide.sys
*** WARNING: Unable to verify timestamp for dmload.sys
*** ERROR: Module load completed but symbols could not be loaded for dmload.sys
*** WARNING: Unable to verify timestamp for swenum.sys
*** ERROR: Module load completed but symbols could not be loaded for swenum.sys
*** WARNING: Unable to verify timestamp for USBD.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBD.SYS
*** WARNING: Unable to verify timestamp for Fs_Rec.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS
*** WARNING: Unable to verify timestamp for Beep.SYS
*** ERROR: Module load completed but symbols could not be loaded for Beep.SYS
*** WARNING: Unable to verify timestamp for mnmdd.SYS
*** ERROR: Module load completed but symbols could not be loaded for mnmdd.SYS
*** WARNING: Unable to verify timestamp for RDPCDD.sys
*** ERROR: Module load completed but symbols could not be loaded for RDPCDD.sys
*** WARNING: Unable to verify timestamp for pciide.sys
*** ERROR: Module load completed but symbols could not be loaded for pciide.sys
*** WARNING: Unable to verify timestamp for audstub.sys
*** ERROR: Module load completed but symbols could not be loaded for audstub.sys
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*** WARNING: Unable to verify timestamp for dxgthk.sys
*** ERROR: Module load completed but symbols could not be loaded for dxgthk.sys
*** WARNING: Unable to verify timestamp for dxg.sys
*** ERROR: Module load completed but symbols could not be loaded for dxg.sys
*** WARNING: Unable to verify timestamp for igxprd32.dll
*** ERROR: Module load completed but symbols could not be loaded for igxprd32.dll
*** WARNING: Unable to verify timestamp for igxpgd32.dll
*** ERROR: Module load completed but symbols could not be loaded for igxpgd32.dll
*** WARNING: Unable to verify timestamp for igxpdv32.DLL
*** ERROR: Module load completed but symbols could not be loaded for igxpdv32.DLL
*** WARNING: Unable to verify timestamp for igxpdx32.DLL
*** ERROR: Module load completed but symbols could not be loaded for igxpdx32.DLL
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Couldn't resolve error at 'NALYZE -V'

Re: 求助分析一个DUMP文件，找不出原因来

格蠹老雷 2014-11-03, 13:40 下午
!analyze -v

少了个感叹号，WinDBG评估表达式时找了一大圈，把所有模块都找了个遍

那把dump文件传到某个云盘最好

最etfilemon这个名字来看，估计是与文件系统的过滤驱动有关，搜索注册表，尝试禁止这个驱动，注意先备份数据

Re: 求助分析一个DUMP文件，找不出原因来

泡泡 2014-11-04, 14:49 下午

谢谢，目测我已经找到问题原因了，开始的时候就一直怀疑是ACHI驱动导致的，但是我无论如何也卸载不了ACHI驱动，因为驱动是后装的，也就是说装系统的时候我用的是ATA模式，装完系统以后我在装的INTEL C216的SATA ACHI驱动，然后重启的时候改为ACHI模式，可惜的是一旦安装了无论怎么弄都回不到未安装前的状态，最后我只好重装了系统，把除了ACHI驱动以外的驱动全装了，放了几天几夜也没蓝屏，刚开始我还怀疑过是显卡驱动的问题，装了好几个版本的都是一样，现在找到问题所在了，但是我一直不明白，为什么一定要等十几个小时才蓝屏，这十几个小时电脑是没有操作的，我曾怀疑是休眼导致的，但是直接启用休眠过段时间再唤醒，结果是不蓝屏的，那到底是ACHI驱动干了什么事情导致的十几个小时会自已蓝屏，如果有人在使用，机器是不会蓝屏的，求指教

附上更正命令后的内容，我试过发附件，但是发不出来

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8053b658, The address that the exception occurred at
Arg3: a76c8194, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 52302721

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

FAULTING_IP:
nt+63658
8053b658 89448fe8 mov dword ptr [edi+ecx*4-18h],eax

TRAP_FRAME: a76c8194 -- (.trap 0xffffffffa76c8194)
ErrCode = 00000002
eax=575c3a43 ebx=00000000 ecx=00000006 edx=00000001 esi=f67f20e0 edi=00000000
eip=8053b658 esp=a76c8208 ebp=a76c8210 iopl=0         nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000             efl=00010293
nt+0x63658:
8053b658 89448fe8        mov     dword ptr [edi+ecx*4-18h],eax ds:0023:00000000=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from a7493ba0 to 8053b658

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
a76c8210 a7493ba0 00000000 f67f20e0 00000019 nt+0x63658
a76c8a5c 804f018f 85c23880 85c969a0 85c969a0 EtFilemon+0x1ba0
a76c8b4c 805c0444 8ab47600 00000000 86b61328 nt+0x1818f
a76c8bc4 805bc9d0 00000000 a76c8c04 00000040 nt+0xe8444
a76c8c18 80577033 00000000 00000000 00000001 nt+0xe49d0
a76c8c94 805779aa 0108fac8 80100080 0108fa68 nt+0x9f033
a76c8cf0 8057a0b4 0108fac8 80100080 0108fa68 nt+0x9f9aa
a76c8d30 8054261c 0108fac8 80100080 0108fa68 nt+0xa20b4
a76c8d64 7c92e4f4 badb0d00 0108fa30 a736dd98 nt+0x6a61c
a76c8d68 badb0d00 0108fa30 a736dd98 a736ddcc 0x7c92e4f4
a76c8d6c 0108fa30 a736dd98 a736ddcc 00000000 0xbadb0d00
a76c8d70 a736dd98 a736ddcc 00000000 00000000 0x108fa30
a76c8d74 a736ddcc 00000000 00000000 00000000 0xa736dd98
a76c8d78 00000000 00000000 00000000 00000000 0xa736ddcc

STACK_COMMAND: kb

FOLLOWUP_IP:
EtFilemon+1ba0
a7493ba0 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: EtFilemon+1ba0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EtFilemon

IMAGE_NAME: EtFilemon.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

Re: 求助分析一个DUMP文件，找不出原因来

泡泡 2014-11-04, 16:12 下午

再补充一个新发现，今天处理这台电脑的另一个问题，插入移动硬盘死机的问题，偶尔间发现导致崩溃的那个ETFILEMON.SYS驱动竟然是我装的一个USB控制软件的驱动，通过软件的开发商那边获得了另一版，重装软件后移动硬盘插入死机关题已解决，于是乎又把ACHI驱动装上了，这次看一下会不会过十几个小时又蓝屏，如果不蓝屏了，那问题就是那个软件的问题，如果依旧蓝屏，那就可能是ACHI驱动的关系，上面的分析结果依旧请大神帮忙分析一下原因