Hier die Auswertung der Speicherdumps:
Hervorhebungen bachten!
---
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\090813-8439-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*d:\localsymbols*
http://msdl.microsoft.com/download/...ls*http://msdl.microsoft.com/download/symbols
Executable search path is: Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
Machine Name:
Kernel base = 0xfffff802`ce615000 PsLoadedModuleList = 0xfffff802`ce8e1a20
Debug session time: Sat Sep 7 20:41:24.387 2013 (UTC + 2:00)
System Uptime: 0 days 8:39:35.063
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, fffff8801c9372c0, fffff8801c937218, 0}
*** WARNING: Unable to verify timestamp for
athuw8x.sys
*** ERROR: Module load completed but symbols could not be loaded for
athuw8x.sys
Probably caused by :
athuw8x.sys ( athuw8x+292002 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine.Arguments:
Arg1: 0000000000000003,
A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff8801c9372c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8801c937218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: fffff8801c9372c0 -- (.trap 0xfffff8801c9372c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8007bebee0 rbx=0000000000000000 rcx=0000000000000003
rdx=fffffa8007fa0178 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802ce6ce284 rsp=fffff8801c937450 rbp=0000000000000000
r8=0000000000000010 r9=0000000000000000 r10=fffff78000000008
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz ac po cy
nt!ExInterlockedRemoveHeadList+0xa5:
fffff802`ce6ce284 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff8801c937218 -- (.exr 0xfffff8801c937218)
ExceptionAddress: fffff802ce6ce284 (nt!ExInterlockedRemoveHeadList+0x00000000000000a5)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den berlauf eines stapelbasierten Puffers ermittelt. Dieser berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu bernehmen.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den berlauf eines stapelbasierten Puffers ermittelt. Dieser berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu bernehmen.
EXCEPTION_PARAMETER1: 0000000000000003
LAST_CONTROL_TRANSFER: from fffff802ce66e769 to fffff802ce66f440
STACK_TEXT:
fffff880`1c936f98 fffff802`ce66e769 : 00000000`00000139 00000000`00000003 fffff880`1c9372c0 fffff880`1c937218 : nt!KeBugCheckEx
fffff880`1c936fa0 fffff802`ce66ea90 : 00000000`00000001 fffff880`030ea180 fffff880`1c9371c0 fffff802`ced78325 : nt!KiBugCheckDispatch+0x69
fffff880`1c9370e0 fffff802`ce66dcf4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffff880`1c9372c0 fffff802`ce6ce284 : fffff880`01921060 fffff880`1c937a74 fffff880`1c937a74 fffff802`ce6ddb91 : nt!KiRaiseSecurityCheckFailure+0xf4
fffff880`1c937450 fffff880`1992e002 : fffffa80`0ec8ec10 00000000`00000000 fffff880`01921060 fffff880`1973e53f : nt!ExInterlockedRemoveHeadList+0xa5
fffff880`1c937490 fffffa80`0ec8ec10 : 00000000`00000000 fffff880`01921060 fffff880`1973e53f 00000000`00000000 :
athuw8x+0x292002
fffff880`1c937498 00000000`00000000 : fffff880`01921060 fffff880`1973e53f 00000000`00000000 fffff880`198b310a : 0xfffffa80`0ec8ec10
STACK_COMMAND: kb
FOLLOWUP_IP:
athuw8x+292002
fffff880`1992e002 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME:
athuw8x+292002
FOLLOWUP_NAME: MachineOwner
MODULE_NAME:
athuw8x
IMAGE_NAME:
athuw8x.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 507beec7
FAILURE_BUCKET_ID:
0x139_3_athuw8x+292002
BUCKET_ID:
0x139_3_athuw8x+292002
Followup: MachineOwner
---------
---
Der Auslöser ist hier ganz klar der Treiber (
athuw8x.sys) des Atheros Adapters - also des Netzwerkadapters. Entweder ist der Treiber inkompatibel, oder aber der Speicher bereitet Probleme.
---
Loading Dump File [C:\Windows\Minidump\090913-10358-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*d:\localsymbols*
http://msdl.microsoft.com/download/...ls*http://msdl.microsoft.com/download/symbols
Executable search path is: Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
Machine Name:
Kernel base = 0xfffff802`03c0d000 PsLoadedModuleList = 0xfffff802`03ed9a20
Debug session time: Sun Sep 8 23:32:05.285 2013 (UTC + 2:00)
System Uptime: 0 days 14:00:34.967
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {28, 2, 0, fffff880016d94c8}
*** WARNING: Unable to verify timestamp for
avmnwim.sys
*** ERROR: Module load completed but symbols could not be loaded for
avmnwim.sys
Probably caused by :
avmnwim.sys ( avmnwim+1885 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880016d94c8, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80203f65168
GetUlongFromAddress: unable to read from fffff80203f651f8
0000000000000028 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
ndis!NdisAllocatePacket+24
fffff880`016d94c8 488b1e mov rbx,qword ptr [rsi]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME:
svchost.exe
TAG_NOT_DEFINED_c000000f: FFFFF80203B20FB0
TRAP_FRAME: fffff80203b20120 -- (.trap 0xfffff80203b20120)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000c376aa rbx=0000000000000000 rcx=fffff80203b20380
rdx=fffff80203b20388 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880016d94c8 rsp=fffff80203b202b0 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8007bddc20 r10=fffff6fd40033e40
r11=fffffa8007bddc20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
ndis!NdisAllocatePacket+0x24:
fffff880`016d94c8 488b1e mov rbx,qword ptr [rsi] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80203c66769 to fffff80203c67440
STACK_TEXT:
fffff802`03b1ffd8 fffff802`03c66769 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff802`03b1ffe0 fffff802`03c64fe0 : 00000000`00000000 fffffa80`067c7000 fffffa80`0ceb9200 fffff802`03b20120 : nt!KiBugCheckDispatch+0x69
fffff802`03b20120 fffff880`016d94c8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff802`03b202b0 fffff880`06244885 : fffff802`03b20380 fffff802`03b20388 fffffa80`07bcf2b0 fffff880`07655900 : ndis!NdisAllocatePacket+0x24
fffff802`03b20340 fffff802`03b20380 : fffff802`03b20388 fffffa80`07bcf2b0 fffff880`07655900 00000000`000005e2 :
avmnwim+0x1885
fffff802`03b20348 fffff802`03b20388 : fffffa80`07bcf2b0 fffff880`07655900 00000000`000005e2 00000000`00000000 : 0xfffff802`03b20380
fffff802`03b20350 fffffa80`07bcf2b0 : fffff880`07655900 00000000`000005e2 00000000`00000000 fffffa80`067c7000 : 0xfffff802`03b20388
fffff802`03b20358 fffff880`07655900 : 00000000`000005e2 00000000`00000000 fffffa80`067c7000 fffff880`06244f7d : 0xfffffa80`07bcf2b0
fffff802`03b20360 00000000`000005e2 : 00000000`00000000 fffffa80`067c7000 fffff880`06244f7d fffffa80`00000000 : 0xfffff880`07655900
fffff802`03b20368 00000000`00000000 : fffffa80`067c7000 fffff880`06244f7d fffffa80`00000000 00000000`00000000 : 0x5e2
STACK_COMMAND: kb
FOLLOWUP_IP:
avmnwim+1885
fffff880`06244885 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME:
avmnwim+1885
FOLLOWUP_NAME: MachineOwner
MODULE_NAME:
avmnwim
IMAGE_NAME:
avmnwim.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e136287
FAILURE_BUCKET_ID:
AV_avmnwim+1885
BUCKET_ID:
AV_avmnwim+1885
Followup: MachineOwner
---------
0: kd> lmvm
avmnwim
start end module name
fffff880`06243000 fffff880`062ad000
avmnwim T (no symbols)
Loaded symbol image file:
avmnwim.sys
Image path: \SystemRoot\system32\DRIVERS\
avmnwim.sys
Image name:
avmnwim.sys
Timestamp: Tue Jul 05 21:14:15 2011 (4E136287)
CheckSum: 00072470
ImageSize: 0006A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
---
Hier ist der Auslöser
avmnwim.sys - also der VPN Treiber von AVM. Du solltest, wenn Du kannst, erst mal darauf verzichten. Der ist wahrscheinlich der Hauptschuldige, denn er ist an alle Netzwerkdienste und an den Lan Treiber gebunden.
Nichtsdestotrotz, bitte weitere Dumpfiles packen und mit anhängen. Wenn die Treiber sehr stark wechseln, dann ist es wahrscheinlich, dass der Speicher schuld ist. Ausserdem welcher Virenscanner - wenn es ein Fremdscanner ist, dann den deinstallieren. Auch der kann für Dein Problem verantwortlich sein - obwohl er bisher nirgends genannt ist.