论坛风格切换
正版合作和侵权请联系 sd173@foxmail.com
 
  • 帖子
  • 日志
  • 用户
  • 版块
  • 群组
帖子
购买邀请后未收到邀请联系sdbeta@qq.com
  • 3173阅读
  • 1回复

[求助-软件问题]安装趋势officescan 10.0计算机出现大规模蓝屏 [复制链接]

上一主题 下一主题
离线pony8000
 

发帖
53391
今日发帖
最后登录
2024-11-19
只看楼主 倒序阅读 使用道具 楼主  发表于: 2012-04-19 12:12:14
趋势版本
OfficeScan Server
Version: 10.0 Service Pack 1

Build: 1736


使用微软的Debugging Tools for Windows (x86)工具读取蓝屏日志
如下:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\quan.wang\桌面\Mini033112-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Fri Mar 30 16:59:34.042 2012 (GMT+8)
System Uptime: 0 days 9:08:33.881
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
..........................................................
Loading User Symbols
Loading unloaded module list
...................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8060eeaf, a836eac0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** WARNING: Unable to verify timestamp for tmactmon.sys
*** ERROR: Module load completed but symbols could not be loaded for tmactmon.sys
*** WARNING: Unable to verify timestamp for tmevtmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for tmevtmgr.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : tmactmon.sys ( tmactmon+5f0c )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8060eeaf, The address that the exception occurred at
Arg3: a836eac0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: 804d8000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4ea50d68
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
FAULTING_IP:
nt+136eaf
8060eeaf 3b5138 cmp edx,dword ptr [ecx+38h]
TRAP_FRAME: a836eac0 -- (.trap 0xffffffffa836eac0)
ErrCode = 00000000
eax=003e8f34 ebx=00000000 ecx=00000000 edx=00fa3cd0 esi=85a03020 edi=a836ec9c
eip=8060eeaf esp=a836eb34 ebp=a836eb34 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt+0x136eaf:
8060eeaf 3b5138 cmp edx,dword ptr [ecx+38h] ds:0023:00000038=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 8060f8d5 to 8060eeaf
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
a836eb34 8060f8d5 00000000 00fa3cd0 a836ebc8 nt+0x136eaf
a836eb48 805bc5eb 00000000 00fa3cd0 00000001 nt+0x1378d5
a836eb6c a8220f0c 00fa3cd0 00000000 00000000 nt+0xe45eb
a836ebcc a821e447 85a41698 00000000 00000018 tmactmon+0x5f0c
a836ebec a8220e14 a836ec9c 00000000 00000018 tmactmon+0x3447
a836ec00 a823554f a836ec9c 00000000 a836ed20 tmactmon+0x5e14
a836ec28 a823ad8f a836ec03 a836ecfc a836ed64 tmevtmgr+0x154f
a836ed00 a8237f8c a836ed20 a836ed3c a8238183 tmevtmgr+0x6d8f
a836ed0c a8238183 857f7e7c a836ed20 0007e0c4 tmevtmgr+0x3f8c
a836ed3c 8054267c 857f7e7c 00000780 00fa3cd0 tmevtmgr+0x4183
a836ed64 7c92e514 badb0d00 0007e0a8 00000000 nt+0x6a67c
a836ed68 badb0d00 0007e0a8 00000000 00000000 0x7c92e514
a836ed6c 0007e0a8 00000000 00000000 00000000 0xbadb0d00
a836ed70 00000000 00000000 00000000 00000000 0x7e0a8

STACK_COMMAND: kb
FOLLOWUP_IP:
tmactmon+5f0c
a8220f0c ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tmactmon+5f0c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tmactmon
IMAGE_NAME: tmactmon.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
从最后几行文字信息
MODULE_NAME: tmactmon
IMAGE_NAME: tmactmon.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
发现这个文件是趋势的,目前客户端多为winxp sp3 32位版本
出现蓝屏多数是因为运行比较大型程序或某些程序停止响应时(使用任务管理器结束停止响应程序),就出现蓝屏

因公司软件是国外总部购买,中国趋势不提供服务,因此到此地求助高手帮忙
情况紧急,请大家多多支援
  
问一下,那个日志文件里面能说明就是趋势引起的吗?
MODULE_NAME: tmactmon
IMAGE_NAME: tmactmon.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
这两天我做了测试,拿了5台计算机,卸载了趋势,目前这些机器运行良好,未出现蓝屏等现象
精品软件:百度搜闪电软件园  最新软件百度搜:闪电下载吧
有问题联系 sdbeta@qq.com
离线nanfang
发帖
*
今日发帖
最后登录
1970-01-01
只看该作者 沙发  发表于: 2012-04-19 15:19:08
good................