Bluescreen unter Norton

[TankCommander]

Hallo Leute,

ich habe ein Problem mit Norton Internet Security 2011. Beim Starten der des Virenscanner bekomme ich direkt einen Bluescreen. Unter Last läuft das System stabil soweit.

Folgendes sollte schuld sein:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03003000 PsLoadedModuleList = 0xfffff800`03248670
Debug session time: Sat Oct 8 08:07:48.363 2011 (UTC + 2:00)
System Uptime: 0 days 0:02:00.191
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff8800174b914, 2, 8, fffff8800174b914}

*** ERROR: Module load completed but symbols could not be loaded for EraserUtilRebootDrv.sys
Probably caused by : EraserUtilRebootDrv.sys ( EraserUtilRebootDrv+130c3 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800174b914, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff8800174b914, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: fffff8800174b914

CURRENT_IRQL: 2

FAULTING_IP:
Ntfs! ?? ::NNGAKEGL::`string'+7840
fffff880`0174b914 55 push rbp

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: ccsvchst.exe

TRAP_FRAME: fffff88007960930 -- (.trap 0xfffff88007960930)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffffa8004733101
rdx=fffffa8004742101 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000304dc48 rsp=fffff88007960ac0 rbp=0000000000000000
r8=fffffa8004742100 r9=fffffa80047542e0 r10=fffffa80067c4178
r11=fffff88007960a90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MmPurgeSection+0x558:
fffff800`0304dc48 f0410fba2a1f lock bts dword ptr [r10],1Fh ds:fffffa80`067c4178=00000000
Resetting default scope

EXCEPTION_RECORD: fffff88007960888 -- (.exr 0xfffff88007960888)
ExceptionAddress: fffff8000304dc48 (nt!MmPurgeSection+0x0000000000000558)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0

LAST_CONTROL_TRANSFER: from fffff8000307f1e9 to fffff8000307fc40

FAILED_INSTRUCTION_ADDRESS:
Ntfs! ?? ::NNGAKEGL::`string'+7840
fffff880`0174b914 55 push rbp

STACK_TEXT:
fffff880`07960ac0 fffff800`0304e532 : 00000000`00000000 00000000`00000700 fffff880`079612e8 fffff8a0`015d1b00 : nt!MmPurgeSection+0x558
fffff880`07960bb0 fffff880`016d49ef : fffffa80`0a5400c8 fffff880`079612a0 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
fffff880`07960c20 fffff880`016f88be : fffff880`079612a0 fffff8a0`015d1b20 00000000`00000000 fffff880`016b4801 : Ntfs!NtfsFlushAndPurgeScb+0x1bd
fffff880`07960cb0 fffff880`01666cc9 : 00008000`06a10101 fffffa80`0acbc7c8 fffff880`07961200 00000000`00006000 : Ntfs!NtfsCommonCleanup+0x1edc
fffff880`079610c0 fffff800`0308c618 : fffff880`07961200 00000000`00000000 00000000`00000000 fffff800`0308774f : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`079610f0 fffff880`01666d42 : fffff880`01666cb0 fffff800`00000000 fffff880`07961500 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xd8
fffff880`079611d0 fffff880`01705a04 : fffff880`079612a0 fffff880`079612a0 fffff880`079612a0 00000000`00000001 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`07961240 fffff880`01162bcf : fffff880`079612a0 fffffa80`06a1ac60 fffffa80`06a1af70 fffffa80`0b0c9bb0 : Ntfs!NtfsFsdCleanup+0x144
fffff880`079614b0 fffff880`011616df : fffffa80`0874f890 00000000`00000000 fffffa80`06d93000 fffffa80`06a1ac60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`07961540 fffff800`03387a0f : fffffa80`06a1ac60 fffffa80`0a9c4730 00000000`00000000 fffffa80`06a168e0 : fltmgr!FltpDispatch+0xcf
fffff880`079615a0 fffff800`03377174 : 00000000`00000000 fffffa80`0a9c4730 00000000`00000038 00000000`00000001 : nt!IopCloseFile+0x11f
fffff880`07961630 fffff800`03376f31 : fffffa80`0a9c4730 fffffa80`00000001 fffff8a0`01bfa4e0 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`079616b0 fffff800`033774f4 : 00000000`00002658 fffffa80`0a9c4730 fffff8a0`01bfa4e0 00000000`00002658 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`07961740 fffff880`047c90c3 : 00000000`036ff2b0 fffff8a0`0048f9a0 fffffa80`0a8d4fb0 00000000`0000001f : nt!ObpCloseHandle+0x94
fffff880`07961790 fffff880`047c8cc7 : 00000000`00002ec1 fffffa80`0a9c4ac8 00000000`00002658 fffff800`03092dc2 : EraserUtilRebootDrv+0x130c3
fffff880`079617e0 fffff880`047cb274 : fffff700`01080000 00000000`00000000 00000000`00000020 fffff8a0`0253e970 : EraserUtilRebootDrv+0x12cc7
fffff880`07961810 fffff880`047ca6c2 : fffffa80`06909df0 00000000`00000000 fffffa80`00000000 00000000`00000000 : EraserUtilRebootDrv+0x15274
fffff880`07961870 fffff880`047ca2af : fffffa80`06909df0 fffff880`07961b60 00000000`00000000 fffffa80`06909df0 : EraserUtilRebootDrv+0x146c2
fffff880`079618a0 fffff800`0339aa97 : 00000000`d903e8a3 fffff880`07961b60 fffffa80`0a8d4ff8 fffffa80`0a8d4ee0 : EraserUtilRebootDrv+0x142af
fffff880`079618d0 fffff800`0339b2f6 : fffffa80`0a9c4730 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`07961a00 fffff800`0307eed3 : fffffa80`0a9c4730 00000000`00000001 fffffa80`0acbc6c0 fffff800`033774f4 : nt!NtDeviceIoControlFile+0x56
fffff880`07961a70 00000000`74fc2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`036bf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74fc2e09


STACK_COMMAND: .trap 0xfffff88007960930 ; kb

FOLLOWUP_IP:
EraserUtilRebootDrv+130c3
fffff880`047c90c3 eb00 jmp EraserUtilRebootDrv+0x130c5 (fffff880`047c90c5)

SYMBOL_STACK_INDEX: e

SYMBOL_NAME: EraserUtilRebootDrv+130c3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EraserUtilRebootDrv

IMAGE_NAME: EraserUtilRebootDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4e16611d

FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_EraserUtilRebootDrv+130c3

BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_EraserUtilRebootDrv+130c3

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800174b914, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff8800174b914, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: fffff8800174b914

CURRENT_IRQL: 2

FAULTING_IP:
Ntfs! ?? ::NNGAKEGL::`string'+7840
fffff880`0174b914 55 push rbp

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: ccsvchst.exe

TRAP_FRAME: fffff88007960930 -- (.trap 0xfffff88007960930)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffffa8004733101
rdx=fffffa8004742101 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000304dc48 rsp=fffff88007960ac0 rbp=0000000000000000
r8=fffffa8004742100 r9=fffffa80047542e0 r10=fffffa80067c4178
r11=fffff88007960a90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MmPurgeSection+0x558:
fffff800`0304dc48 f0410fba2a1f lock bts dword ptr [r10],1Fh ds:fffffa80`067c4178=00000000
Resetting default scope

EXCEPTION_RECORD: fffff88007960888 -- (.exr 0xfffff88007960888)
ExceptionAddress: fffff8000304dc48 (nt!MmPurgeSection+0x0000000000000558)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0

LAST_CONTROL_TRANSFER: from fffff8000307f1e9 to fffff8000307fc40

FAILED_INSTRUCTION_ADDRESS:
Ntfs! ?? ::NNGAKEGL::`string'+7840
fffff880`0174b914 55 push rbp

STACK_TEXT:
fffff880`07960ac0 fffff800`0304e532 : 00000000`00000000 00000000`00000700 fffff880`079612e8 fffff8a0`015d1b00 : nt!MmPurgeSection+0x558
fffff880`07960bb0 fffff880`016d49ef : fffffa80`0a5400c8 fffff880`079612a0 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
fffff880`07960c20 fffff880`016f88be : fffff880`079612a0 fffff8a0`015d1b20 00000000`00000000 fffff880`016b4801 : Ntfs!NtfsFlushAndPurgeScb+0x1bd
fffff880`07960cb0 fffff880`01666cc9 : 00008000`06a10101 fffffa80`0acbc7c8 fffff880`07961200 00000000`00006000 : Ntfs!NtfsCommonCleanup+0x1edc
fffff880`079610c0 fffff800`0308c618 : fffff880`07961200 00000000`00000000 00000000`00000000 fffff800`0308774f : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`079610f0 fffff880`01666d42 : fffff880`01666cb0 fffff800`00000000 fffff880`07961500 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xd8
fffff880`079611d0 fffff880`01705a04 : fffff880`079612a0 fffff880`079612a0 fffff880`079612a0 00000000`00000001 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`07961240 fffff880`01162bcf : fffff880`079612a0 fffffa80`06a1ac60 fffffa80`06a1af70 fffffa80`0b0c9bb0 : Ntfs!NtfsFsdCleanup+0x144
fffff880`079614b0 fffff880`011616df : fffffa80`0874f890 00000000`00000000 fffffa80`06d93000 fffffa80`06a1ac60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`07961540 fffff800`03387a0f : fffffa80`06a1ac60 fffffa80`0a9c4730 00000000`00000000 fffffa80`06a168e0 : fltmgr!FltpDispatch+0xcf
fffff880`079615a0 fffff800`03377174 : 00000000`00000000 fffffa80`0a9c4730 00000000`00000038 00000000`00000001 : nt!IopCloseFile+0x11f
fffff880`07961630 fffff800`03376f31 : fffffa80`0a9c4730 fffffa80`00000001 fffff8a0`01bfa4e0 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`079616b0 fffff800`033774f4 : 00000000`00002658 fffffa80`0a9c4730 fffff8a0`01bfa4e0 00000000`00002658 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`07961740 fffff880`047c90c3 : 00000000`036ff2b0 fffff8a0`0048f9a0 fffffa80`0a8d4fb0 00000000`0000001f : nt!ObpCloseHandle+0x94
fffff880`07961790 fffff880`047c8cc7 : 00000000`00002ec1 fffffa80`0a9c4ac8 00000000`00002658 fffff800`03092dc2 : EraserUtilRebootDrv+0x130c3
fffff880`079617e0 fffff880`047cb274 : fffff700`01080000 00000000`00000000 00000000`00000020 fffff8a0`0253e970 : EraserUtilRebootDrv+0x12cc7
fffff880`07961810 fffff880`047ca6c2 : fffffa80`06909df0 00000000`00000000 fffffa80`00000000 00000000`00000000 : EraserUtilRebootDrv+0x15274
fffff880`07961870 fffff880`047ca2af : fffffa80`06909df0 fffff880`07961b60 00000000`00000000 fffffa80`06909df0 : EraserUtilRebootDrv+0x146c2
fffff880`079618a0 fffff800`0339aa97 : 00000000`d903e8a3 fffff880`07961b60 fffffa80`0a8d4ff8 fffffa80`0a8d4ee0 : EraserUtilRebootDrv+0x142af
fffff880`079618d0 fffff800`0339b2f6 : fffffa80`0a9c4730 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`07961a00 fffff800`0307eed3 : fffffa80`0a9c4730 00000000`00000001 fffffa80`0acbc6c0 fffff800`033774f4 : nt!NtDeviceIoControlFile+0x56
fffff880`07961a70 00000000`74fc2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`036bf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74fc2e09


STACK_COMMAND: .trap 0xfffff88007960930 ; kb

FOLLOWUP_IP:
EraserUtilRebootDrv+130c3
fffff880`047c90c3 eb00 jmp EraserUtilRebootDrv+0x130c5 (fffff880`047c90c5)

SYMBOL_STACK_INDEX: e

SYMBOL_NAME: EraserUtilRebootDrv+130c3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EraserUtilRebootDrv

IMAGE_NAME: EraserUtilRebootDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4e16611d

FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_EraserUtilRebootDrv+130c3

BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_EraserUtilRebootDrv+130c3

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800174b914, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff8800174b914, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: fffff8800174b914

CURRENT_IRQL: 2

FAULTING_IP:
Ntfs! ?? ::NNGAKEGL::`string'+7840
fffff880`0174b914 55 push rbp

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: ccsvchst.exe

TRAP_FRAME: fffff88007960930 -- (.trap 0xfffff88007960930)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffffa8004733101
rdx=fffffa8004742101 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000304dc48 rsp=fffff88007960ac0 rbp=0000000000000000
r8=fffffa8004742100 r9=fffffa80047542e0 r10=fffffa80067c4178
r11=fffff88007960a90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MmPurgeSection+0x558:
fffff800`0304dc48 f0410fba2a1f lock bts dword ptr [r10],1Fh ds:fffffa80`067c4178=00000000
Resetting default scope

EXCEPTION_RECORD: fffff88007960888 -- (.exr 0xfffff88007960888)
ExceptionAddress: fffff8000304dc48 (nt!MmPurgeSection+0x0000000000000558)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0

LAST_CONTROL_TRANSFER: from fffff8000307f1e9 to fffff8000307fc40

FAILED_INSTRUCTION_ADDRESS:
Ntfs! ?? ::NNGAKEGL::`string'+7840
fffff880`0174b914 55 push rbp

STACK_TEXT:
fffff880`07960ac0 fffff800`0304e532 : 00000000`00000000 00000000`00000700 fffff880`079612e8 fffff8a0`015d1b00 : nt!MmPurgeSection+0x558
fffff880`07960bb0 fffff880`016d49ef : fffffa80`0a5400c8 fffff880`079612a0 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
fffff880`07960c20 fffff880`016f88be : fffff880`079612a0 fffff8a0`015d1b20 00000000`00000000 fffff880`016b4801 : Ntfs!NtfsFlushAndPurgeScb+0x1bd
fffff880`07960cb0 fffff880`01666cc9 : 00008000`06a10101 fffffa80`0acbc7c8 fffff880`07961200 00000000`00006000 : Ntfs!NtfsCommonCleanup+0x1edc
fffff880`079610c0 fffff800`0308c618 : fffff880`07961200 00000000`00000000 00000000`00000000 fffff800`0308774f : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`079610f0 fffff880`01666d42 : fffff880`01666cb0 fffff800`00000000 fffff880`07961500 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xd8
fffff880`079611d0 fffff880`01705a04 : fffff880`079612a0 fffff880`079612a0 fffff880`079612a0 00000000`00000001 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`07961240 fffff880`01162bcf : fffff880`079612a0 fffffa80`06a1ac60 fffffa80`06a1af70 fffffa80`0b0c9bb0 : Ntfs!NtfsFsdCleanup+0x144
fffff880`079614b0 fffff880`011616df : fffffa80`0874f890 00000000`00000000 fffffa80`06d93000 fffffa80`06a1ac60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`07961540 fffff800`03387a0f : fffffa80`06a1ac60 fffffa80`0a9c4730 00000000`00000000 fffffa80`06a168e0 : fltmgr!FltpDispatch+0xcf
fffff880`079615a0 fffff800`03377174 : 00000000`00000000 fffffa80`0a9c4730 00000000`00000038 00000000`00000001 : nt!IopCloseFile+0x11f
fffff880`07961630 fffff800`03376f31 : fffffa80`0a9c4730 fffffa80`00000001 fffff8a0`01bfa4e0 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`079616b0 fffff800`033774f4 : 00000000`00002658 fffffa80`0a9c4730 fffff8a0`01bfa4e0 00000000`00002658 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`07961740 fffff880`047c90c3 : 00000000`036ff2b0 fffff8a0`0048f9a0 fffffa80`0a8d4fb0 00000000`0000001f : nt!ObpCloseHandle+0x94
fffff880`07961790 fffff880`047c8cc7 : 00000000`00002ec1 fffffa80`0a9c4ac8 00000000`00002658 fffff800`03092dc2 : EraserUtilRebootDrv+0x130c3
fffff880`079617e0 fffff880`047cb274 : fffff700`01080000 00000000`00000000 00000000`00000020 fffff8a0`0253e970 : EraserUtilRebootDrv+0x12cc7
fffff880`07961810 fffff880`047ca6c2 : fffffa80`06909df0 00000000`00000000 fffffa80`00000000 00000000`00000000 : EraserUtilRebootDrv+0x15274
fffff880`07961870 fffff880`047ca2af : fffffa80`06909df0 fffff880`07961b60 00000000`00000000 fffffa80`06909df0 : EraserUtilRebootDrv+0x146c2
fffff880`079618a0 fffff800`0339aa97 : 00000000`d903e8a3 fffff880`07961b60 fffffa80`0a8d4ff8 fffffa80`0a8d4ee0 : EraserUtilRebootDrv+0x142af
fffff880`079618d0 fffff800`0339b2f6 : fffffa80`0a9c4730 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`07961a00 fffff800`0307eed3 : fffffa80`0a9c4730 00000000`00000001 fffffa80`0acbc6c0 fffff800`033774f4 : nt!NtDeviceIoControlFile+0x56
fffff880`07961a70 00000000`74fc2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`036bf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74fc2e09


STACK_COMMAND: .trap 0xfffff88007960930 ; kb

FOLLOWUP_IP:
EraserUtilRebootDrv+130c3
fffff880`047c90c3 eb00 jmp EraserUtilRebootDrv+0x130c5 (fffff880`047c90c5)

SYMBOL_STACK_INDEX: e

SYMBOL_NAME: EraserUtilRebootDrv+130c3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EraserUtilRebootDrv

IMAGE_NAME: EraserUtilRebootDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4e16611d

FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_EraserUtilRebootDrv+130c3

BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_EraserUtilRebootDrv+130c3

Followup: MachineOwner
---------



Kann mir jemand helfen?

 

[etking]

Aktualisiere doch einfach auf die 2012er-Version, kostet dich nix.

 

[TankCommander]

Ja denke das werde ich machen. Sieht so aus das irgendwelche Registriere Einträge scheinbar gelöscht sind.

 

[simpel1970]

"EraserUtilRebootDrv.sys"

Dieser Treiber löst den Bluescreen aus. Er gehört zur Eraser Engine (Software Symantec), welches wohl Bestandteil deiner Norton Suite ist.

Hat die Aktualisierung auf die 2012er Version das Problem lösen können?

 

[TankCommander]

Nee, leider nicht!

Habe aber gemerkt das es an der indizierung der ssd hängt. SSD indiziert und norton scant, direkt mal einen Bluescreen, ssd ohne indizierung läuft es einwandfrei. Werd den Intel Rapid heute abend deinstallieren und das ganze nochmal testen. Das Problem kamm nach einem Mainboard wechsel von P8P67 auf das ASUS P8Z68 V-Pro. Hatte nach dem Wechsel eine Bluescreenparty mit Norton, Chipsatztreiber etc. getauscht sogar neuinstallion ohne Erfolg.

 

[simpel1970]

Die Indizierung würde ich bei einer SSD eh abschalten.

 

[TankCommander]

Ja das ist ja das Problem. Wenn sie abgeschaltet ist knallt mir Norton einen Bluescreen rein. Werd später auch im EFI C3 und C6 Bericht ausschalten. Und gucken das ich manuel die SSD auf Höchstleistung schalte. Den Treiber habe ich auch schon gesucht und nicht gefunden. Hmmm. Ansonsten muss ich auf eine andere Internet Security wechseln.

 

[simpel1970]

Wenn auch weiterhin in den Auswertungen der Bluescreens die Datei "EraserUtilRebootDrv.sys" genannt wird, müsstest du evtl nur die Norton Suite ohne den Eraser installieren?

Welchen Treiber hast du gesucht?

 

[TankCommander]

Oh sorry meinte die Datei hatte ich nicht gefunden.

Die Datei wird so beschrieben:

http://www.file.net/prozess/eraserutilrebootdrv.sys.html

Unglaublich! Diese Datei ist die Engine von Norton.

C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE

Habs jetzt hinbekommen. Kein Bluescreen mehr.
Habe deinstalliert und ohne indizierung installiert.


Dank Dir simpel1970

 

[simpel1970]

Bitteschön

Hast du Norton nun komplett weggelassen, oder nur die Eraser Komponente (falls das überhaupt geht)?

 

[TankCommander]

Nee Norton läuft.

 

[simpel1970]

OK. Dann drücke ich die Daumen, dass es auch weiterhin fehlerfrei läuft.

 

[TankCommander]

Dank Dir