BSOD - tcpip.sys

Diskuze výhradně o operačním systému Windows 10

Moderátor: Moderátoři Živě.cz

Odeslat příspěvekod RainbowUnicornn 25. 3. 2017 14:43

Ahoj, potřeboval bych poradit 2x (dnes a včera) se mi stala modrá smrt, vždy při hraní "Warcraft III" (ale nemyslím si že to má spojitost) název chyby je "DRIVER_IRQL_NOT_LESS_OR_EQUAL tcpip.sys" v prohlížeči událostí jsem pak našel toto
Kód: Vybrat vše
"Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x000000d1 (0xffffb18017542000, 0x0000000000000002, 0x0000000000000000, 0xfffff8012be432b8). Výpis byl uložen do: C:\WINDOWS\Minidump\032517-72843-01.dmp. ID hlášení: 84a9885f-ef11-450a-8628-c15a3e7741c5"
Vytvořil se mi jakýsi .dmp log ve kterém by mohla být cesta k souboru který zapříčinil pád windowsu ale nevím jak ho na Windows 10 otevřít poradíte někdo prosím?
RainbowUnicornn
Kolemjdoucí

Odeslat příspěvekod kernel_panic [passed] 25. 3. 2017 23:43

opravdu se nás ptáš pouze na to, jak otevřít minidump? když ho otevřeš, debugging už pro tebe bude hračka?

minidump poskytni; vodítko závady máš už ve znění BSOD, týká se tcpip.sys (%WINDIR%\system32), což je síťová záležitost...

příčinou může být vadnej/zastaralej ovladač síťové karty...
k bití internetovejch nihilistů jsem už příliš starej, ale za ty roky mně narostl krunýř, o kterej se vždy báječně rozplácnete; takže, mám zůstat čelem nebo?
kernel_panic [passed]
Přeborník Živě roku 2008
Uživatelský avatar

Odeslat příspěvekod RainbowUnicornn 26. 3. 2017 01:06

Tak samozřejmě, ale nebudu se přece ptát xx otázek, když si nebudu jistej zda neznám odpověd, čekal jsem že v tom logu bude nějakej název nebo cesta k .dll .sys .exe souboru, co je poškozenej , nic jsem nenašel, krom toho co jsem už viděl na modrý obrazovce. Je tam spoustu dalších informací ve kterých už ale neumím číst takže ano, budu potřebovat pomoct i stímhle a možná i s dalšíma věcma, jelikož tenhle problém mám prvně. U všech ovladačů mi to píše že jsou aktuální.

Log

Kód: Vybrat vše
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\032517-72843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
Machine Name:
Kernel base = 0xfffff802`14689000 PsLoadedModuleList = 0xfffff802`14988000
Debug session time: Sat Mar 25 12:57:37.776 2017 (UTC + 1:00)
System Uptime: 0 days 0:28:27.485
Loading Kernel Symbols
...............................................................
................................................................
............................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {ffffb18017542000, 2, 0, fffff8012be432b8}

!analyze -v
Probably caused by : tcpip.sys ( tcpip!TcpEnqueueTcbSack+410 )

Followup:     MachineOwner
---------

10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffb18017542000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8012be432b8, address which referenced memory

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.14393.953 (rs1_release_inmarket.170303-1614)

SYSTEM_MANUFACTURER:  System manufacturer

SYSTEM_PRODUCT_NAME:  System Product Name

SYSTEM_SKU:  SKU

SYSTEM_VERSION:  System Version

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  0602

BIOS_DATE:  02/26/2014

BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT:  RAMPAGE IV BLACK EDITION

BASEBOARD_VERSION:  Rev 1.xx

DUMP_TYPE:  2

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_P1: ffffb18017542000

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8012be432b8

READ_ADDRESS: fffff80214a29338: Unable to get MiVisibleState
ffffb18017542000

CURRENT_IRQL:  2

FAULTING_IP:
tcpip!TcpEnqueueTcbSack+410
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6]

CPU_COUNT: c

CPU_MHZ: d4a

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3e

CPU_STEPPING: 4

CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 428'00000000 (cache) 428'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  System

ANALYSIS_SESSION_HOST:

ANALYSIS_SESSION_TIME:  03-26-2017 00:45:55.0262

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

TRAP_FRAME:  ffffb18013144600 -- (.trap 0xffffb18013144600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb18017541d70 rbx=0000000000000000 rcx=0000000000000051
rdx=000000004c78d9da rsi=0000000000000000 rdi=0000000000000000
rip=fffff8012be432b8 rsp=ffffb18013144790 rbp=ffffb18013144890
r8=00000000faf09587  r9=0000000000000050 r10=0000000033790155
r11=000000004c78d9da r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe cy
tcpip!TcpEnqueueTcbSack+0x410:
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6] ds:ffffb180`17541ffe=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff802147e2929 to fffff802147d77c0

STACK_TEXT: 
ffffb180`131444b8 fffff802`147e2929 : 00000000`0000000a ffffb180`17542000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb180`131444c0 fffff802`147e0f07 : ffffb180`13144790 ffffb180`131446a9 ffffa10b`7e91ee50 ffffb180`00000000 : nt!KiBugCheckDispatch+0x69
ffffb180`13144600 fffff801`2be432b8 : ffffa10b`833a4440 ffffa10b`7b7c1380 ffffb180`13144890 00000000`4c78d9da : nt!KiPageFault+0x247
ffffb180`13144790 fffff801`2be45295 : ffffb180`131449d0 00000000`4c78d99a ffffa10b`7b7c1380 ffffb180`13144db0 : tcpip!TcpEnqueueTcbSack+0x410
ffffb180`131448d0 fffff801`2be2f384 : b0258807`13144f00 00000000`00000000 ffffb180`17541d52 ffffa10b`7e99e010 : tcpip!TcpTcbCarefulDatagram+0x16a5
ffffb180`13144d00 fffff801`2be2e840 : 00000000`00000000 00000000`00000fff ffffa10b`7c290000 00000000`00000000 : tcpip!TcpTcbReceive+0x2e4
ffffb180`13144f50 fffff801`2be2e241 : 00000000`00000000 00000000`0032b14a ffffb180`17541d5a ffffa10b`7c390ff0 : tcpip!TcpMatchReceive+0x1f0
ffffb180`13145200 fffff801`2be373c3 : ffffa10b`7c29e850 ffffa10b`7c459ec4 ffffa10b`7c29e017 00000000`00000000 : tcpip!TcpPreValidatedReceive+0x3a1
ffffb180`131452f0 fffff801`2be36fa2 : ffffb180`13145480 fffff801`2be175f9 00000000`00000000 00000000`00000001 : tcpip!IppDeliverListToProtocol+0x93
ffffb180`131453b0 fffff801`2be36324 : ffffb180`131454b9 ffffb180`13145400 00000000`00000000 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
ffffb180`13145420 fffff801`2be38325 : fffff801`2bfcf000 ffffa10b`7c3b8940 00000000`00000001 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x214
ffffb180`13145520 fffff801`2be3c6a1 : ffffa10b`7e978a90 ffffa10b`832ef030 ffffb180`13145701 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x315
ffffb180`13145640 fffff801`2be3c382 : 00000000`00000002 ffffb180`00000001 fffff801`2be6cdd0 00000000`832ef001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x271
ffffb180`13145720 fffff802`147242d5 : 00000000`00000002 ffffa10b`7c23f040 fffff801`2be3c2c0 ffffb180`131458d0 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xc2
ffffb180`13145850 fffff801`2be6d526 : ffffa10b`7c317840 00000000`0000000a ffffa10b`7c315c50 ffffa10b`832ef000 : nt!KeExpandKernelStackAndCalloutInternal+0x85
ffffb180`131458a0 fffff801`2b13392e : 00000000`00000000 ffffb180`131459a0 00000000`00000001 fffff802`146c24a7 : tcpip!FlReceiveNetBufferListChain+0xb6
ffffb180`13145920 fffff801`2b1314ee : ffffa10b`7c23f001 fffff802`146c0000 00000000`00000000 00000001`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x11e
ffffb180`131459e0 fffff801`2b196d83 : ffffa10b`7e6be1a0 00000000`00000000 fffff801`2b14db00 00000000`00000002 : ndis!ndisDoPeriodicReceivesIndication+0x38e
ffffb180`13145b10 fffff801`2b14dcbb : ffffa10b`7c010330 ffffa10b`7c24ef10 ffffb180`13145ba9 fffff801`2b14db00 : ndis!ndisPeriodicReceivesWorker+0x63
ffffb180`13145b40 fffff802`1473f2d5 : ffffb180`11fad180 ffffa10b`7c23f040 fffff801`2b14db60 00000000`0000000a : ndis!ndisReceiveWorkerThread+0x15b
ffffb180`13145c10 fffff802`147dcc86 : ffffb180`11fad180 ffffa10b`7c23f040 fffff802`1473f294 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffffb180`13145c60 00000000`00000000 : ffffb180`13146000 ffffb180`13140000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  e848a37386e893c4efcc04ae99e65aafd6d2bc26

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  bbe6f89c153aed6479a82b8a49f1d4d82bb04efc

THREAD_SHA1_HASH_MOD:  9b4c1283522234b95ba95eaa19f6bf3f0dac9fef

FOLLOWUP_IP:
tcpip!TcpEnqueueTcbSack+410
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6]

FAULT_INSTR_CODE:  c86c8b44

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  tcpip!TcpEnqueueTcbSack+410

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME:  tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  58ba5996

IMAGE_VERSION:  10.0.14393.953

BUCKET_ID_FUNC_OFFSET:  410

FAILURE_BUCKET_ID:  AV_tcpip!TcpEnqueueTcbSack

BUCKET_ID:  AV_tcpip!TcpEnqueueTcbSack

PRIMARY_PROBLEM_CLASS:  AV_tcpip!TcpEnqueueTcbSack

TARGET_TIME:  2017-03-25T11:57:37.000Z

OSBUILD:  14393

OSSERVICEPACK:  953

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-03-04 07:09:56

BUILDDATESTAMP_STR:  170303-1614

BUILDLAB_STR:  rs1_release_inmarket

BUILDOSVER_STR:  10.0.14393.953

ANALYSIS_SESSION_ELAPSED_TIME: 566

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_tcpip!tcpenqueuetcbsack

FAILURE_ID_HASH:  {e3125053-4225-4f99-ab93-20c71a39a73f}

Followup:     MachineOwner
---------

10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffb18017542000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8012be432b8, address which referenced memory

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.14393.953 (rs1_release_inmarket.170303-1614)

SYSTEM_MANUFACTURER:  System manufacturer

SYSTEM_PRODUCT_NAME:  System Product Name

SYSTEM_SKU:  SKU

SYSTEM_VERSION:  System Version

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  0602

BIOS_DATE:  02/26/2014

BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT:  RAMPAGE IV BLACK EDITION

BASEBOARD_VERSION:  Rev 1.xx

DUMP_TYPE:  2

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_P1: ffffb18017542000

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8012be432b8

READ_ADDRESS:  ffffb18017542000

CURRENT_IRQL:  2

FAULTING_IP:
tcpip!TcpEnqueueTcbSack+410
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6]

CPU_COUNT: c

CPU_MHZ: d4a

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3e

CPU_STEPPING: 4

CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 428'00000000 (cache) 428'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  System

ANALYSIS_SESSION_HOST:

ANALYSIS_SESSION_TIME:  03-26-2017 00:45:57.0413

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

TRAP_FRAME:  ffffb18013144600 -- (.trap 0xffffb18013144600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb18017541d70 rbx=0000000000000000 rcx=0000000000000051
rdx=000000004c78d9da rsi=0000000000000000 rdi=0000000000000000
rip=fffff8012be432b8 rsp=ffffb18013144790 rbp=ffffb18013144890
r8=00000000faf09587  r9=0000000000000050 r10=0000000033790155
r11=000000004c78d9da r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe cy
tcpip!TcpEnqueueTcbSack+0x410:
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6] ds:ffffb180`17541ffe=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff802147e2929 to fffff802147d77c0

STACK_TEXT: 
ffffb180`131444b8 fffff802`147e2929 : 00000000`0000000a ffffb180`17542000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb180`131444c0 fffff802`147e0f07 : ffffb180`13144790 ffffb180`131446a9 ffffa10b`7e91ee50 ffffb180`00000000 : nt!KiBugCheckDispatch+0x69
ffffb180`13144600 fffff801`2be432b8 : ffffa10b`833a4440 ffffa10b`7b7c1380 ffffb180`13144890 00000000`4c78d9da : nt!KiPageFault+0x247
ffffb180`13144790 fffff801`2be45295 : ffffb180`131449d0 00000000`4c78d99a ffffa10b`7b7c1380 ffffb180`13144db0 : tcpip!TcpEnqueueTcbSack+0x410
ffffb180`131448d0 fffff801`2be2f384 : b0258807`13144f00 00000000`00000000 ffffb180`17541d52 ffffa10b`7e99e010 : tcpip!TcpTcbCarefulDatagram+0x16a5
ffffb180`13144d00 fffff801`2be2e840 : 00000000`00000000 00000000`00000fff ffffa10b`7c290000 00000000`00000000 : tcpip!TcpTcbReceive+0x2e4
ffffb180`13144f50 fffff801`2be2e241 : 00000000`00000000 00000000`0032b14a ffffb180`17541d5a ffffa10b`7c390ff0 : tcpip!TcpMatchReceive+0x1f0
ffffb180`13145200 fffff801`2be373c3 : ffffa10b`7c29e850 ffffa10b`7c459ec4 ffffa10b`7c29e017 00000000`00000000 : tcpip!TcpPreValidatedReceive+0x3a1
ffffb180`131452f0 fffff801`2be36fa2 : ffffb180`13145480 fffff801`2be175f9 00000000`00000000 00000000`00000001 : tcpip!IppDeliverListToProtocol+0x93
ffffb180`131453b0 fffff801`2be36324 : ffffb180`131454b9 ffffb180`13145400 00000000`00000000 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
ffffb180`13145420 fffff801`2be38325 : fffff801`2bfcf000 ffffa10b`7c3b8940 00000000`00000001 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x214
ffffb180`13145520 fffff801`2be3c6a1 : ffffa10b`7e978a90 ffffa10b`832ef030 ffffb180`13145701 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x315
ffffb180`13145640 fffff801`2be3c382 : 00000000`00000002 ffffb180`00000001 fffff801`2be6cdd0 00000000`832ef001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x271
ffffb180`13145720 fffff802`147242d5 : 00000000`00000002 ffffa10b`7c23f040 fffff801`2be3c2c0 ffffb180`131458d0 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xc2
ffffb180`13145850 fffff801`2be6d526 : ffffa10b`7c317840 00000000`0000000a ffffa10b`7c315c50 ffffa10b`832ef000 : nt!KeExpandKernelStackAndCalloutInternal+0x85
ffffb180`131458a0 fffff801`2b13392e : 00000000`00000000 ffffb180`131459a0 00000000`00000001 fffff802`146c24a7 : tcpip!FlReceiveNetBufferListChain+0xb6
ffffb180`13145920 fffff801`2b1314ee : ffffa10b`7c23f001 fffff802`146c0000 00000000`00000000 00000001`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x11e
ffffb180`131459e0 fffff801`2b196d83 : ffffa10b`7e6be1a0 00000000`00000000 fffff801`2b14db00 00000000`00000002 : ndis!ndisDoPeriodicReceivesIndication+0x38e
ffffb180`13145b10 fffff801`2b14dcbb : ffffa10b`7c010330 ffffa10b`7c24ef10 ffffb180`13145ba9 fffff801`2b14db00 : ndis!ndisPeriodicReceivesWorker+0x63
ffffb180`13145b40 fffff802`1473f2d5 : ffffb180`11fad180 ffffa10b`7c23f040 fffff801`2b14db60 00000000`0000000a : ndis!ndisReceiveWorkerThread+0x15b
ffffb180`13145c10 fffff802`147dcc86 : ffffb180`11fad180 ffffa10b`7c23f040 fffff802`1473f294 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffffb180`13145c60 00000000`00000000 : ffffb180`13146000 ffffb180`13140000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  e848a37386e893c4efcc04ae99e65aafd6d2bc26

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  bbe6f89c153aed6479a82b8a49f1d4d82bb04efc

THREAD_SHA1_HASH_MOD:  9b4c1283522234b95ba95eaa19f6bf3f0dac9fef

FOLLOWUP_IP:
tcpip!TcpEnqueueTcbSack+410
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6]

FAULT_INSTR_CODE:  c86c8b44

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  tcpip!TcpEnqueueTcbSack+410

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME:  tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  58ba5996

IMAGE_VERSION:  10.0.14393.953

BUCKET_ID_FUNC_OFFSET:  410

FAILURE_BUCKET_ID:  AV_tcpip!TcpEnqueueTcbSack

BUCKET_ID:  AV_tcpip!TcpEnqueueTcbSack

PRIMARY_PROBLEM_CLASS:  AV_tcpip!TcpEnqueueTcbSack

TARGET_TIME:  2017-03-25T11:57:37.000Z

OSBUILD:  14393

OSSERVICEPACK:  953

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-03-04 07:09:56

BUILDDATESTAMP_STR:  170303-1614

BUILDLAB_STR:  rs1_release_inmarket

BUILDOSVER_STR:  10.0.14393.953

ANALYSIS_SESSION_ELAPSED_TIME: 560

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_tcpip!tcpenqueuetcbsack

FAILURE_ID_HASH:  {e3125053-4225-4f99-ab93-20c71a39a73f}

Followup:     MachineOwner
---------

10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffb18017542000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8012be432b8, address which referenced memory

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.14393.953 (rs1_release_inmarket.170303-1614)

SYSTEM_MANUFACTURER:  System manufacturer

SYSTEM_PRODUCT_NAME:  System Product Name

SYSTEM_SKU:  SKU

SYSTEM_VERSION:  System Version

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  0602

BIOS_DATE:  02/26/2014

BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT:  RAMPAGE IV BLACK EDITION

BASEBOARD_VERSION:  Rev 1.xx

DUMP_TYPE:  2

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_P1: ffffb18017542000

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8012be432b8

READ_ADDRESS:  ffffb18017542000

CURRENT_IRQL:  2

FAULTING_IP:
tcpip!TcpEnqueueTcbSack+410
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6]

CPU_COUNT: c

CPU_MHZ: d4a

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3e

CPU_STEPPING: 4

CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 428'00000000 (cache) 428'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  System

ANALYSIS_SESSION_HOST: 

ANALYSIS_SESSION_TIME:  03-26-2017 00:45:58.0938

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

TRAP_FRAME:  ffffb18013144600 -- (.trap 0xffffb18013144600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb18017541d70 rbx=0000000000000000 rcx=0000000000000051
rdx=000000004c78d9da rsi=0000000000000000 rdi=0000000000000000
rip=fffff8012be432b8 rsp=ffffb18013144790 rbp=ffffb18013144890
r8=00000000faf09587  r9=0000000000000050 r10=0000000033790155
r11=000000004c78d9da r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe cy
tcpip!TcpEnqueueTcbSack+0x410:
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6] ds:ffffb180`17541ffe=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff802147e2929 to fffff802147d77c0

STACK_TEXT: 
ffffb180`131444b8 fffff802`147e2929 : 00000000`0000000a ffffb180`17542000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb180`131444c0 fffff802`147e0f07 : ffffb180`13144790 ffffb180`131446a9 ffffa10b`7e91ee50 ffffb180`00000000 : nt!KiBugCheckDispatch+0x69
ffffb180`13144600 fffff801`2be432b8 : ffffa10b`833a4440 ffffa10b`7b7c1380 ffffb180`13144890 00000000`4c78d9da : nt!KiPageFault+0x247
ffffb180`13144790 fffff801`2be45295 : ffffb180`131449d0 00000000`4c78d99a ffffa10b`7b7c1380 ffffb180`13144db0 : tcpip!TcpEnqueueTcbSack+0x410
ffffb180`131448d0 fffff801`2be2f384 : b0258807`13144f00 00000000`00000000 ffffb180`17541d52 ffffa10b`7e99e010 : tcpip!TcpTcbCarefulDatagram+0x16a5
ffffb180`13144d00 fffff801`2be2e840 : 00000000`00000000 00000000`00000fff ffffa10b`7c290000 00000000`00000000 : tcpip!TcpTcbReceive+0x2e4
ffffb180`13144f50 fffff801`2be2e241 : 00000000`00000000 00000000`0032b14a ffffb180`17541d5a ffffa10b`7c390ff0 : tcpip!TcpMatchReceive+0x1f0
ffffb180`13145200 fffff801`2be373c3 : ffffa10b`7c29e850 ffffa10b`7c459ec4 ffffa10b`7c29e017 00000000`00000000 : tcpip!TcpPreValidatedReceive+0x3a1
ffffb180`131452f0 fffff801`2be36fa2 : ffffb180`13145480 fffff801`2be175f9 00000000`00000000 00000000`00000001 : tcpip!IppDeliverListToProtocol+0x93
ffffb180`131453b0 fffff801`2be36324 : ffffb180`131454b9 ffffb180`13145400 00000000`00000000 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
ffffb180`13145420 fffff801`2be38325 : fffff801`2bfcf000 ffffa10b`7c3b8940 00000000`00000001 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x214
ffffb180`13145520 fffff801`2be3c6a1 : ffffa10b`7e978a90 ffffa10b`832ef030 ffffb180`13145701 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x315
ffffb180`13145640 fffff801`2be3c382 : 00000000`00000002 ffffb180`00000001 fffff801`2be6cdd0 00000000`832ef001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x271
ffffb180`13145720 fffff802`147242d5 : 00000000`00000002 ffffa10b`7c23f040 fffff801`2be3c2c0 ffffb180`131458d0 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xc2
ffffb180`13145850 fffff801`2be6d526 : ffffa10b`7c317840 00000000`0000000a ffffa10b`7c315c50 ffffa10b`832ef000 : nt!KeExpandKernelStackAndCalloutInternal+0x85
ffffb180`131458a0 fffff801`2b13392e : 00000000`00000000 ffffb180`131459a0 00000000`00000001 fffff802`146c24a7 : tcpip!FlReceiveNetBufferListChain+0xb6
ffffb180`13145920 fffff801`2b1314ee : ffffa10b`7c23f001 fffff802`146c0000 00000000`00000000 00000001`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x11e
ffffb180`131459e0 fffff801`2b196d83 : ffffa10b`7e6be1a0 00000000`00000000 fffff801`2b14db00 00000000`00000002 : ndis!ndisDoPeriodicReceivesIndication+0x38e
ffffb180`13145b10 fffff801`2b14dcbb : ffffa10b`7c010330 ffffa10b`7c24ef10 ffffb180`13145ba9 fffff801`2b14db00 : ndis!ndisPeriodicReceivesWorker+0x63
ffffb180`13145b40 fffff802`1473f2d5 : ffffb180`11fad180 ffffa10b`7c23f040 fffff801`2b14db60 00000000`0000000a : ndis!ndisReceiveWorkerThread+0x15b
ffffb180`13145c10 fffff802`147dcc86 : ffffb180`11fad180 ffffa10b`7c23f040 fffff802`1473f294 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffffb180`13145c60 00000000`00000000 : ffffb180`13146000 ffffb180`13140000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  e848a37386e893c4efcc04ae99e65aafd6d2bc26

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  bbe6f89c153aed6479a82b8a49f1d4d82bb04efc

THREAD_SHA1_HASH_MOD:  9b4c1283522234b95ba95eaa19f6bf3f0dac9fef

FOLLOWUP_IP:
tcpip!TcpEnqueueTcbSack+410
fffff801`2be432b8 448b6cc806      mov     r13d,dword ptr [rax+rcx*8+6]

FAULT_INSTR_CODE:  c86c8b44

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  tcpip!TcpEnqueueTcbSack+410

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME:  tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  58ba5996

IMAGE_VERSION:  10.0.14393.953

BUCKET_ID_FUNC_OFFSET:  410

FAILURE_BUCKET_ID:  AV_tcpip!TcpEnqueueTcbSack

BUCKET_ID:  AV_tcpip!TcpEnqueueTcbSack

PRIMARY_PROBLEM_CLASS:  AV_tcpip!TcpEnqueueTcbSack

TARGET_TIME:  2017-03-25T11:57:37.000Z

OSBUILD:  14393

OSSERVICEPACK:  953

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-03-04 07:09:56

BUILDDATESTAMP_STR:  170303-1614

BUILDLAB_STR:  rs1_release_inmarket

BUILDOSVER_STR:  10.0.14393.953

ANALYSIS_SESSION_ELAPSED_TIME: 52e

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_tcpip!tcpenqueuetcbsack

FAILURE_ID_HASH:  {e3125053-4225-4f99-ab93-20c71a39a73f}

Followup:     MachineOwner
---------


Děkuji za odpověd.

EDIT// Ještě se zeptám co znamená tohle:
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAUL
Podle googlu se jedná o ovladače pro Win8 nainstalované na Win10? Nic takevého jsem neinstaloval, alespon ne úmyslně.
RainbowUnicornn
Kolemjdoucí

Odeslat příspěvekod Milanr1 26. 3. 2017 08:42

Nainstalovaný nekompatibilní* rootkit.
RainbowUnicornn píše: Nic takevého jsem neinstaloval

Opravdu? Pak to musel být někdo jiný. :-)
Jsi si jist? Sáhni si do svědomí: žádný crack, doplněk do i-prohlížeče, jiný sw z neoriginálního zdroje?
Nepracuješ náhodou v účtu s admin právy? :roll:
Co s tím?
A/ Nouzovka:
1) Vyčistit OS od rootkitů a exploitů podle FAQ:
viewtopic.php?f=927&t=1114415
Nebo lépe: položit dotaz:
forum-927/Viry-a-bezpecnost.html
2) Odstranit původní ovladač NIC v nouzovém režimu.
3) Instalovat originální ovladač NIC od výrobce.
4) Resetovat síťový subsystém z Admin konzole cmd:
Kód: Vybrat vše
netsh int ip reset

5) Restartovat OS do plného režimu.
Práce na mnoho hodin bez jistého výsledku.

B/ Standardní řešení:
1) Boot ze záchranného média -> Obnovit OS ze zálohy do čistého SSD.
Záloha musí být v externím médiu, interní body obnovy jsou napadené.
Práce na pár myšokliků.
2) Prostudovat FAQ:
https://mople71.cz/faq/
3) Dodržovat.
---
* Kompatibilní rootkit nemáš šanci objevit.
Milan
Milanr1
Pokročilý
Uživatelský avatar


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků