# Win7 - Bluescreen beim einstecken eines USB Sticks... (GELÖST!)



## Timmy99 (29. September 2010)

*Win7 - Bluescreen beim einstecken eines USB Sticks... (GELÖST!)*

Hallo PCGH-Team,

Ich weiß, dieses Thema wurde schon mehrmals behandelt, aber bei mir nützt selbst das deinstallieren von Acronis nichts.
Ab und an, nicht immer, stürzt der PC nach einstecken eines USB Sticks ab. Es ist egal welchen USB Stick ich verwende. Es passiert bei allen. Auf anderen PCs funktionieren die Sticks problemlos.

meine bisherige Vorgehensweise:

1. USB Stick -> Bluescreen
2. Nach Lösung gegoogelt
3. Stick formatiert
4. Stick (aus und)eingesteckt -> Bluescreen
5. Acronis deinstalliert
6. neustart
7. reste in der Registry gelöscht
8. neustart
9. Stick eingesteckt -> Bluescreen
10. Foto gemacht, und diesen Beitrag erstellt

Dieses Problem begegnete mir schon des öfteren auf anderen PCs. Es half am Ende immer nur eine komplette Neuinstallation. Diesen Schritt möchte ich diesmal aber unbedingt vermeiden.
Gibt es wirklich keine andere Lösung als den Fehler hinnehmen, oder Neuinstallation?

Im Anhang der Bluescreen, der sich NIE ändert. immer 3B, immer SYSTEM_SERVICE_EXCEPTION...
Ich bin am Rande der Verzweiflung.

MfG,
Timmy99


----------



## steinschock (29. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Poste mal dein Sys.

Bios Reste oder Update gemacht ?


----------



## fpsJunkie (29. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Sowas hatte ich auch mal, da war aber irgendwas mit dem Frontpanel nicht in Ordnung, also hinten aufm Board ist nix passiert.


----------



## Timmy99 (29. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Bluescreen erscheint bei allen USB Ports. Am Frontpanel und hinten direkt am Mainboard.

SYS:
CPU: Intel i7 860
RAM: 4x 2GB G.Skill 1333MHz
GPU: Palit GTS250
Mainboard: MSI GD-80
HDD: WD Caviar Black 1TB
Sound: ALC 889 (S)

BIOS: 1.10 / 1.1A (aktuell)

OC:
FSB/BLCK 149MHz
CPU: 3,20Ghz (Turbo x22)
RAM: 1490MHz (1333MHz default)

Fehler tritt auch im *Stock *Betrieb auf (133er BLCK etc)

Software:
Win7 x64 Ultimate (WAT-removed)
Acronis True Image home (deinstalliert und Registry gesäubert) (!!)

In der Registry lässt sich folgender Schlüssel nicht entfernen:
HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Auch nicht im abgesicherten Modus.
Der Rest ist von Acronis befreit.


----------



## simpel1970 (29. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Nach dem Stopfehlercode tritt ein Speicherzugriffsfehler auf. Hast du es schon mit den aktuellsten Chipsatztreibern ausprobiert?

Du könntest noch die Minidump auswerten, die zum Bluescreen geschrieben wird. Evtl. bringt das noch ein paar Hinweise. (Habe da zwar wenig Hoffnung, ein Versuch schadet aber auch nicht).


----------



## Timmy99 (29. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Beschreibung             Ver: 9.1.2.1008                                   Datum             2010-07-30
Habe den aktuellsten Intel Chipsatztreiber drauf.


Die dmp File lese ich mir mal durch, und poste sie wenn nötig.

MfG,
Timmy99

EDITH:
Mir fällt da "ntoskrnl.exe" ins Auge... Scheint was mit Physical Adress Extension zu tun zu haben. (Was hat PSE mit USB/Win7 *x64* zu tun?)
Es sieht allem anschein nach einem Adressenkonflikt aus. Nun die Frage, wie behebt man diesen Konflikt?^^

Edit2:-.-.-.-.-.-.-.-.-1-.-.-.-.-.-.-.-.-2-.-.-.-..--.-.-.-.3-.-.-.-.-.-.-.4
*BugCheck 3B, {c0000005, fffff80003564465, fffff8800b51f770, 0}*

*0xZZZZZZZZ* 
                                                       Falsche Adresse, auf die verwiesen wurde
*0xYYYYYYYY* 
                                                       IRQL, der erforderlich war, um auf den Speicher zuzugreifen
*0xXXXXXXXX* 
                                                       Zugriffsart (0 lesen oder 1 schreiben)
*0xVVVVVVVV* 
                                                       Adresse der Instruktion die versuchte, auf den Speicherbereich zuzugreifen
http://www.winfaq.de/faq_html/Content/tip0000/onlinefaq.php?h=tip0391.htm

Scheint auf 1, 2, und 3 zuzutreffen... Bin echt übefragt.


```
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\092910-19578-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff800`0320e000 PsLoadedModuleList = 0xfffff800`0344be50
Debug session time: Wed Sep 29 17:14:01.301 2010 (UTC + 2:00)
System Uptime: 0 days 0:11:44.175
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80003564465, fffff8800b51f770, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+356465 )

Followup: MachineOwner
---------

----- 64 bit Kernel Mini Dump Analysis

DUMP_HEADER64:
MajorVersion        0000000f
MinorVersion        00001db0
KdSecondaryVersion  00000000
DirectoryTableBase  00000001`eb9a1000
PfnDataBase         fffffa80`00000000
PsLoadedModuleList  fffff800`0344be50
PsActiveProcessHead fffff800`0342db30
MachineImageType    00008664
NumberProcessors    00000004
BugCheckCode        0000003b
BugCheckParameter1  00000000`c0000005
BugCheckParameter2  fffff800`03564465
BugCheckParameter3  fffff880`0b51f770
BugCheckParameter4  00000000`00000000
KdDebuggerDataBlock fffff800`033f7070
SecondaryDataState  00000000
ProductType         00000001
SuiteMask           00000110
MiniDumpFields      00000dff 

TRIAGE_DUMP64:
ServicePackBuild      00000000 
SizeOfDump            00040000 
ValidOffset           0003fffc 
ContextOffset         00000348 
ExceptionOffset       00000f00 
MmOffset              00002080 
UnloadedDriversOffset 00009bd0 
PrcbOffset            000020d0 
ProcessOffset         00006dd0 
ThreadOffset          000072a0 
CallStackOffset       00007738 
SizeOfCallStack       00002158 
DriverListOffset      0000a6c8 
DriverCount           000000c3 
StringPoolOffset      00011478 
StringPoolSize        00001b80 
BrokenDriverOffset    00000000 
TriageOptions         00000041 
TopOfStack            fffff880`0b51eea8 
BStoreOffset          00000000 
SizeOfBStore          00000000 
LimitOfBStore         00000000`00000000 
DebuggerDataOffset    00009890 
DebuggerDataSize      00000340 
DataBlocksOffset      00012ff8 
DataBlocksCount       0000000b 
  fffff800`034b6074 - fffff800`034b6077 at offset 000130a8
  fffff800`034b6068 - fffff800`034b606b at offset 000130ac
  fffffa80`06ee5000 - fffffa80`06ee5517 at offset 000130b0
  fffff800`0341f5a8 - fffff800`0341f5af at offset 000135c8
  fffff800`0341f5b0 - fffff800`0341f5b7 at offset 000135d0
  fffff800`03564000 - fffff800`03564fff at offset 000135d8
  fffff880`0b51f000 - fffff880`0b51ffff at offset 000145d8
  fffff800`0327e640 - fffff800`0327e83f at offset 000155d8
  fffff800`033ce000 - fffff800`033cefff at offset 000157d8
  fffff800`0320e000 - fffff800`0320efff at offset 000167d8
  fffff800`0327e000 - fffff800`0327efff at offset 000177d8
  Max offset 187d8, 316a1 from end of file


Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:*** WARNING: Unable to verify timestamp for srv.sys
*** ERROR: Module load completed but symbols could not be loaded for srv.sys

Kernel base = 0xfffff800`0320e000 PsLoadedModuleList = 0xfffff800`0344be50
Debug session time: Wed Sep 29 17:14:01.301 2010 (UTC + 2:00)
System Uptime: 0 days 0:11:44.175
start             end                 module name
fffff800`03171000 fffff800`0317b000   kdcom     Tue Jul 14 03:31:07 2009 (4A5BDFDB)
fffff800`0320e000 fffff800`037ea000   nt        Sat Jun 19 06:16:41 2010 (4C1C44A9)
fffff800`037ea000 fffff800`03833000   hal       Tue Jul 14 03:27:36 2009 (4A5BDF08)
fffff880`00c00000 fffff880`00c0e000   SscRdCls  Fri Nov 16 20:59:09 2007 (473DF68D)
fffff880`00c0e000 fffff880`00c5a000   fltmgr    Tue Jul 14 01:19:59 2009 (4A5BC11F)
fffff880`00c5a000 fffff880`00c6e000   fileinfo  Tue Jul 14 01:34:25 2009 (4A5BC481)
fffff880`00c6e000 fffff880`00c79700   PxHlpa64  Thu Jun 21 00:27:08 2007 (4679A9BC)
fffff880`00c89000 fffff880`00ccd000   mcupdate  Tue Jul 14 03:29:10 2009 (4A5BDF66)
fffff880`00ccd000 fffff880`00ce1000   PSHED     Tue Jul 14 03:32:23 2009 (4A5BE027)
fffff880`00ce1000 fffff880`00d3f000   CLFS      Tue Jul 14 01:19:57 2009 (4A5BC11D)
fffff880`00d3f000 fffff880`00dff000   CI        Tue Jul 14 03:32:13 2009 (4A5BE01D)
fffff880`00e00000 fffff880`00e5c000   volmgrx   Tue Jul 14 01:20:33 2009 (4A5BC141)
fffff880`00e5c000 fffff880`00e64000   intelide  Tue Jul 14 01:19:48 2009 (4A5BC114)
fffff880`00e64000 fffff880`00e74000   PCIIDEX   Tue Jul 14 01:19:48 2009 (4A5BC114)
fffff880`00e74000 fffff880`00e8e000   mountmgr  Tue Jul 14 01:19:54 2009 (4A5BC11A)
fffff880`00e8e000 fffff880`00e97000   atapi     Tue Jul 14 01:19:47 2009 (4A5BC113)
fffff880`00e97000 fffff880`00ea2000   amdxata   Tue May 19 19:56:59 2009 (4A12F2EB)
fffff880`00ea5000 fffff880`00f49000   Wdf01000  Tue Jul 14 01:22:07 2009 (4A5BC19F)
fffff880`00f49000 fffff880`00f58000   WDFLDR    Tue Jul 14 01:19:54 2009 (4A5BC11A)
fffff880`00f58000 fffff880`00f8b000   pci       Tue Jul 14 01:19:51 2009 (4A5BC117)
fffff880`00f8b000 fffff880`00f97000   BATTC     Tue Jul 14 01:31:01 2009 (4A5BC3B5)
fffff880`00f97000 fffff880`00fac000   volmgr    Tue Jul 14 01:19:57 2009 (4A5BC11D)
fffff880`00fac000 fffff880`00fd6000   ataport   Tue Jul 14 01:19:52 2009 (4A5BC118)
fffff880`00fd6000 fffff880`00fe1000   msahci    Tue Jul 14 02:01:01 2009 (4A5BCABD)
fffff880`00fe1000 fffff880`00ff6000   SscRdBus  Thu Jun 18 14:12:35 2009 (4A3A2F33)
fffff880`01000000 fffff880`01015000   partmgr   Tue Jul 14 01:19:58 2009 (4A5BC11E)
fffff880`01015000 fffff880`0101c000   pciide    Tue Jul 14 01:19:49 2009 (4A5BC115)
fffff880`0101c000 fffff880`01150000   spql      Sun Mar 22 13:35:35 2009 (49C63097)
fffff880`01150000 fffff880`01159000   WMILIB    Tue Jul 14 01:19:51 2009 (4A5BC117)
fffff880`01159000 fffff880`01188000   SCSIPORT  Tue Jul 14 02:01:04 2009 (4A5BCAC0)
fffff880`01188000 fffff880`011df000   ACPI      Tue Jul 14 01:19:34 2009 (4A5BC106)
fffff880`011df000 fffff880`011e9000   msisadrv  Tue Jul 14 01:19:26 2009 (4A5BC0FE)
fffff880`011e9000 fffff880`011f6000   vdrvroot  Tue Jul 14 02:01:31 2009 (4A5BCADB)
fffff880`011f6000 fffff880`011ff000   compbatt  Tue Jul 14 01:31:02 2009 (4A5BC3B6)
fffff880`0121d000 fffff880`013c0000   Ntfs      Tue Jul 14 01:20:47 2009 (4A5BC14F)
fffff880`013c0000 fffff880`013fe000   1394ohci  Tue Jul 14 02:07:12 2009 (4A5BCC30)
fffff880`01400000 fffff880`0140d000   TDI       Tue Jul 14 01:21:18 2009 (4A5BC16E)
fffff880`0140f000 fffff880`0146d000   msrpc     Tue Jul 14 01:21:32 2009 (4A5BC17C)
fffff880`0146d000 fffff880`01487000   ksecdd    Tue Jul 14 01:20:54 2009 (4A5BC156)
fffff880`01487000 fffff880`014fa000   cng       Tue Jul 14 01:49:40 2009 (4A5BC814)
fffff880`014fa000 fffff880`0150b000   pcw       Tue Jul 14 01:19:27 2009 (4A5BC0FF)
fffff880`0150b000 fffff880`01515000   Fs_Rec    Tue Jul 14 01:19:45 2009 (4A5BC111)
fffff880`01515000 fffff880`015fa000   timntr    Mon Aug 17 09:16:13 2009 (4A8903BD)
fffff880`01600000 fffff880`0164a000   fwpkclnt  Tue Jul 14 01:21:08 2009 (4A5BC164)
fffff880`0164a000 fffff880`0165a000   vmstorfl  Tue Jul 14 01:42:54 2009 (4A5BC67E)
fffff880`01664000 fffff880`01756000   ndis      Tue Jul 14 01:21:40 2009 (4A5BC184)
fffff880`01756000 fffff880`017b6000   NETIO     Tue Jul 14 01:21:46 2009 (4A5BC18A)
fffff880`017b6000 fffff880`017e1000   ksecpkg   Fri Dec 11 07:03:32 2009 (4B21E0B4)
fffff880`017e1000 fffff880`017ff000   tdx       Tue Jul 14 01:21:15 2009 (4A5BC16B)
fffff880`01801000 fffff880`019fe000   tcpip     Mon Jun 14 05:39:04 2010 (4C15A458)
fffff880`01a00000 fffff880`01a25000   VIDEOPRT  Tue Jul 14 01:38:51 2009 (4A5BC58B)
fffff880`01a25000 fffff880`01a35000   watchdog  Tue Jul 14 01:37:35 2009 (4A5BC53F)
fffff880`01a35000 fffff880`01a3e000   RDPCDD    Tue Jul 14 02:16:34 2009 (4A5BCE62)
fffff880`01a3e000 fffff880`01a47000   rdpencdd  Tue Jul 14 02:16:34 2009 (4A5BCE62)
fffff880`01a47000 fffff880`01a50000   rdprefmp  Tue Jul 14 02:16:35 2009 (4A5BCE63)
fffff880`01a50000 fffff880`01a5b000   Msfs      Tue Jul 14 01:19:47 2009 (4A5BC113)
fffff880`01a5f000 fffff880`01aab000   volsnap   Tue Jul 14 01:20:08 2009 (4A5BC128)
fffff880`01aab000 fffff880`01abd000   mup       Tue Jul 14 01:23:45 2009 (4A5BC201)
fffff880`01abd000 fffff880`01af7000   fvevol    Sat Sep 26 04:34:26 2009 (4ABD7DB2)
fffff880`01af7000 fffff880`01b0d000   disk      Tue Jul 14 01:19:57 2009 (4A5BC11D)
fffff880`01b0d000 fffff880`01b3d000   CLASSPNP  Tue Jul 14 01:19:58 2009 (4A5BC11E)
fffff880`01b3d000 fffff880`01b6e000   WUDFRd    Tue Jul 14 02:06:06 2009 (4A5BCBEE)
fffff880`01b73000 fffff880`01b9d000   cdrom     Tue Jul 14 01:19:54 2009 (4A5BC11A)
fffff880`01b9d000 fffff880`01bca000   MpFilter  Sat Mar 20 06:58:08 2010 (4BA463F0)
fffff880`01bca000 fffff880`01bd3000   Null      Tue Jul 14 01:19:37 2009 (4A5BC109)
fffff880`01bd3000 fffff880`01bda000   Beep      Tue Jul 14 02:00:13 2009 (4A5BCA8D)
fffff880`01bda000 fffff880`01be8000   vga       Tue Jul 14 01:38:47 2009 (4A5BC587)
fffff880`01be8000 fffff880`01bf9000   Npfs      Tue Jul 14 01:19:48 2009 (4A5BC114)
fffff880`01c00000 fffff880`01c3f000   snapman   Tue Sep 08 09:57:04 2009 (4AA60E50)
fffff880`01c3f000 fffff880`01c79000   rdyboost  Tue Jul 14 01:34:34 2009 (4A5BC48A)
fffff880`01c79000 fffff880`01c82000   hwpolicy  Tue Jul 14 01:19:22 2009 (4A5BC0FA)
fffff880`01c84000 fffff880`01dea000   tdrpm251  Fri Jul 31 15:59:53 2009 (4A72F8D9)
fffff880`01dea000 fffff880`01df2000   spldr     Mon May 11 18:56:27 2009 (4A0858BB)
fffff880`01df2000 fffff880`01dfe000   hotcore3  Fri Mar 20 11:35:11 2009 (49C3715F)
fffff880`03000000 fffff880`03056180   vpcvmm    Wed Sep 23 03:32:38 2009 (4AB97AB6)
fffff880`03057000 fffff880`03062600   VBoxUSBMon  Thu Dec 17 14:58:01 2009 (4B2A38E9)
fffff880`03063000 fffff880`030908c0   VBoxDrv   Thu Dec 17 14:58:01 2009 (4B2A38E9)
fffff880`03091000 fffff880`030a5000   termdd    Tue Jul 14 02:16:36 2009 (4A5BCE64)
fffff880`030af000 fffff880`03139000   afd       Tue Jul 14 01:21:40 2009 (4A5BC184)
fffff880`03139000 fffff880`0317e000   netbt     Tue Jul 14 01:21:28 2009 (4A5BC178)
fffff880`0317e000 fffff880`03189000   ws2ifsl   Tue Jul 14 02:10:33 2009 (4A5BCCF9)
fffff880`03189000 fffff880`03192000   wfplwf    Tue Jul 14 02:09:26 2009 (4A5BCCB6)
fffff880`03192000 fffff880`031b8000   pacer     Tue Jul 14 02:09:41 2009 (4A5BCCC5)
fffff880`031b8000 fffff880`031cc000   vpcnfltr  Wed Sep 23 03:32:30 2009 (4AB97AAE)
fffff880`031cc000 fffff880`031db000   netbios   Tue Jul 14 02:09:26 2009 (4A5BCCB6)
fffff880`031db000 fffff880`031f6000   wanarp    Tue Jul 14 02:10:21 2009 (4A5BCCED)
fffff880`03200000 fffff880`0321e000   dfsc      Tue Jul 14 01:23:44 2009 (4A5BC200)
fffff880`0321e000 fffff880`0322f000   blbdrive  Tue Jul 14 01:35:59 2009 (4A5BC4DF)
fffff880`0322f000 fffff880`03255000   tunnel    Tue Jul 14 02:09:37 2009 (4A5BCCC1)
fffff880`03255000 fffff880`0326b000   intelppm  Tue Jul 14 01:19:25 2009 (4A5BC0FD)
fffff880`0326b000 fffff880`032c2000   Rt64win7  Thu Mar 04 14:42:52 2010 (4B8FB8DC)
fffff880`032c2000 fffff880`032e3000   WudfPf    Tue Jul 14 02:05:37 2009 (4A5BCBD1)
fffff880`032f9000 fffff880`0334a000   rdbss     Tue Jul 14 01:24:09 2009 (4A5BC219)
fffff880`0334a000 fffff880`03356000   nsiproxy  Tue Jul 14 01:21:02 2009 (4A5BC15E)
fffff880`03356000 fffff880`03361000   mssmbios  Tue Jul 14 01:31:10 2009 (4A5BC3BE)
fffff880`03361000 fffff880`03370000   discache  Tue Jul 14 01:37:18 2009 (4A5BC52E)
fffff880`03370000 fffff880`033f3000   csc       Tue Jul 14 01:24:26 2009 (4A5BC22A)
fffff880`03412000 fffff880`03fe2f00   nvlddmkm  Sat Sep 11 06:24:42 2010 (4C8B048A)
fffff880`03fe3000 fffff880`03fe4180   nvBridge  Sat Sep 11 06:21:30 2010 (4C8B03CA)
fffff880`03fe5000 fffff880`03ffa000   lltdio    Tue Jul 14 02:08:50 2009 (4A5BCC92)
fffff880`04200000 fffff880`04256000   USBPORT   Tue Jul 14 02:06:31 2009 (4A5BCC07)
fffff880`04256000 fffff880`0427a000   HDAudBus  Tue Jul 14 02:06:13 2009 (4A5BCBF5)
fffff880`0427a000 fffff880`0429d000   luafv     Tue Jul 14 01:26:13 2009 (4A5BC295)
fffff880`042b0000 fffff880`043a4000   dxgkrnl   Fri Oct 02 03:00:14 2009 (4AC5509E)
fffff880`043a4000 fffff880`043ea000   dxgmms1   Tue Jul 14 01:38:32 2009 (4A5BC578)
fffff880`043ea000 fffff880`043fb000   usbehci   Sat Oct 24 06:27:33 2009 (4AE28235)
fffff880`0460f000 fffff880`04651000   a9cv8vyh  Tue Apr 07 18:07:00 2009 (49DB7A24)
fffff880`04651000 fffff880`0465a000   wmiacpi   Tue Jul 14 01:31:02 2009 (4A5BC3B6)
fffff880`0465a000 fffff880`04772000   cfosspeed  Tue Feb 10 11:45:55 2009 (49915AE3)
fffff880`04772000 fffff880`04782000   CompositeBus  Tue Jul 14 02:00:33 2009 (4A5BCAA1)
fffff880`04782000 fffff880`04788a00   ManyCam_x64  Thu Mar 13 08:46:01 2008 (47D8DBB9)
fffff880`04789000 fffff880`04799d00   STREAM    Tue Jul 14 02:06:18 2009 (4A5BCBFA)
fffff880`0479a000 fffff880`047dd000   ks        Tue Jul 14 02:00:31 2009 (4A5BCA9F)
fffff880`047dd000 fffff880`047e2200   ksthunk   Tue Jul 14 02:00:19 2009 (4A5BCA93)
fffff880`047e3000 fffff880`047ef000   SndTAudio  Fri Jan 15 10:39:22 2010 (4B5037CA)
fffff880`047ef000 fffff880`047f9000   VMNET     Mon Aug 10 14:04:50 2009 (4A800CE2)
fffff880`04800000 fffff880`04808000   LHidEqd   Wed Jun 17 18:49:56 2009 (4A391EB4)
fffff880`04808000 fffff880`0481b000   LHidFilt  Wed Jun 17 18:49:39 2009 (4A391EA3)
fffff880`0481b000 fffff880`04829000   monitor   Tue Jul 14 01:38:52 2009 (4A5BC58C)
fffff880`0482d000 fffff880`04869000   vpchbus   Wed Sep 23 03:32:32 2009 (4AB97AB0)
fffff880`04869000 fffff880`048c3000   usbhub    Sat Oct 24 06:28:24 2009 (4AE28268)
fffff880`048c3000 fffff880`048d8000   NDProxy   Tue Jul 14 02:10:05 2009 (4A5BCCDD)
fffff880`048d8000 fffff880`0495ef00   fwlanusbn  Mon Feb 09 10:41:22 2009 (498FFA42)
fffff880`0495f000 fffff880`0497c000   usbccgp   Tue Jul 14 02:06:45 2009 (4A5BCC15)
fffff880`0497c000 fffff880`04997000   USBSTOR   Tue Jul 14 02:06:34 2009 (4A5BCC0A)
fffff880`04997000 fffff880`049b0000   HIDCLASS  Tue Jul 14 02:06:21 2009 (4A5BCBFD)
fffff880`049b0000 fffff880`049c7000   LEqdUsb   Wed Jun 17 18:49:54 2009 (4A391EB2)
fffff880`049c7000 fffff880`049d3000   Dxapi     Tue Jul 14 01:38:28 2009 (4A5BC574)
fffff880`049d3000 fffff880`049e1000   kbdhid    Tue Jul 14 02:00:20 2009 (4A5BCA94)
fffff880`049e1000 fffff880`049ec000   VMkbd     Fri May 21 08:43:49 2010 (4BF62BA5)
fffff880`049ec000 fffff880`049f9000   mouhid    Tue Jul 14 02:00:20 2009 (4A5BCA94)
fffff880`04a00000 fffff880`04a26b40   VBoxNetFlt  Thu Dec 17 14:58:01 2009 (4B2A38E9)
fffff880`04a27000 fffff880`04a28480   swenum    Tue Jul 14 02:00:18 2009 (4A5BCA92)
fffff880`04a29000 fffff880`04a3b000   circlass  Tue Jul 14 02:06:34 2009 (4A5BCC0A)
fffff880`04a3b000 fffff880`04a4d000   umbus     Tue Jul 14 02:06:56 2009 (4A5BCC20)
fffff880`04a4d000 fffff880`04a5d000   vmnetbridge  Mon Aug 10 14:05:58 2009 (4A800D26)
fffff880`04a63000 fffff880`04aa0000   portcls   Tue Jul 14 02:06:27 2009 (4A5BCC03)
fffff880`04aa0000 fffff880`04ac2000   drmk      Tue Jul 14 03:01:25 2009 (4A5BD8E5)
fffff880`04ac2000 fffff880`04ad8000   AgileVpn  Tue Jul 14 02:10:24 2009 (4A5BCCF0)
fffff880`04ad8000 fffff880`04afc000   rasl2tp   Tue Jul 14 02:10:11 2009 (4A5BCCE3)
fffff880`04afc000 fffff880`04b08000   ndistapi  Tue Jul 14 02:10:00 2009 (4A5BCCD8)
fffff880`04b08000 fffff880`04b37000   ndiswan   Tue Jul 14 02:10:11 2009 (4A5BCCE3)
fffff880`04b37000 fffff880`04b52000   raspppoe  Tue Jul 14 02:10:17 2009 (4A5BCCE9)
fffff880`04b52000 fffff880`04b73000   raspptp   Tue Jul 14 02:10:18 2009 (4A5BCCEA)
fffff880`04b73000 fffff880`04b8d000   rassstp   Tue Jul 14 02:10:25 2009 (4A5BCCF1)
fffff880`04b8d000 fffff880`04baa000   vpcusb    Wed Sep 23 03:32:39 2009 (4AB97AB7)
fffff880`04baa000 fffff880`04bb9000   usbrpm    Tue Jul 14 02:35:14 2009 (4A5BD2C2)
fffff880`04bb9000 fffff880`04bbaf00   USBD      Tue Jul 14 02:06:23 2009 (4A5BCBFF)
fffff880`04bbe000 fffff880`04bc9000   rdpbus    Tue Jul 14 02:17:46 2009 (4A5BCEAA)
fffff880`04bc9000 fffff880`04bd8000   kbdclass  Tue Jul 14 01:19:50 2009 (4A5BC116)
fffff880`04bd8000 fffff880`04be7000   mouclass  Tue Jul 14 01:19:50 2009 (4A5BC116)
fffff880`04be7000 fffff880`04bfb000   LMouFilt  Wed Jun 17 18:49:43 2009 (4A391EA7)
fffff880`06000000 fffff880`0600e000   crashdmp  Tue Jul 14 02:01:01 2009 (4A5BCABD)
fffff880`0600e000 fffff880`0601a000   dump_ataport  Tue Jul 14 01:19:47 2009 (4A5BC113)
fffff880`0601a000 fffff880`06023000   dump_atapi  Tue Jul 14 01:19:47 2009 (4A5BC113)
fffff880`06023000 fffff880`06036000   dump_dumpfve  Tue Jul 14 01:21:51 2009 (4A5BC18F)
fffff880`06036000 fffff880`06044000   hidusb    Tue Jul 14 02:06:22 2009 (4A5BCBFE)
fffff880`06049000 fffff880`061f4600   RTKVHD64  Tue Apr 14 10:18:07 2009 (49E446BF)
fffff880`061f5000 fffff880`061fd080   HIDPARSE  Tue Jul 14 02:06:17 2009 (4A5BCBF9)
fffff880`09a00000 fffff880`09a18000   mpsdrv    Tue Jul 14 02:08:25 2009 (4A5BCC79)
fffff880`09a18000 fffff880`09a45000   mrxsmb    Sat Feb 27 08:52:19 2010 (4B88CF33)
fffff880`09a51000 fffff880`09aa4000   nwifi     Tue Jul 14 02:07:23 2009 (4A5BCC3B)
fffff880`09aa4000 fffff880`09ab7000   ndisuio   Tue Jul 14 02:09:25 2009 (4A5BCCB5)
fffff880`09ab7000 fffff880`09acf000   rspndr    Tue Jul 14 02:08:50 2009 (4A5BCC92)
fffff880`09acf000 fffff880`09ad6000   TurboB    Mon Nov 02 21:47:34 2009 (4AEF4566)
fffff880`09ad6000 fffff880`09b0c000   fastfat   Tue Jul 14 01:23:28 2009 (4A5BC1F0)
fffff880`09b0c000 fffff880`09bd4000   HTTP      Tue Jul 14 01:22:16 2009 (4A5BC1A8)
fffff880`09bd4000 fffff880`09bf2000   bowser    Tue Jul 14 01:23:50 2009 (4A5BC206)
fffff880`0b000000 fffff880`0b0d6000   vmx86     Fri May 21 09:31:12 2010 (4BF636C0)
fffff880`0b0eb000 fffff880`0b139000   mrxsmb10  Sat Feb 27 08:52:28 2010 (4B88CF3C)
fffff880`0b139000 fffff880`0b15c000   mrxsmb20  Sat Feb 27 08:52:26 2010 (4B88CF3A)
fffff880`0b15c000 fffff880`0b168000   hcmon     Fri May 21 07:54:08 2010 (4BF62000)
fffff880`0b168000 fffff880`0b180000   vmci      Fri May 21 07:22:24 2010 (4BF61890)
fffff880`0b180000 fffff880`0b1cf000   atksgt    Sun May 17 15:36:34 2009 (4A1012E2)
fffff880`0b1cf000 fffff880`0b1d7000   cpuz132_x64  Fri Mar 27 00:17:23 2009 (49CC0D03)
fffff880`0b1d7000 fffff880`0b1e4000   lirsgt    Sun May 17 15:06:57 2009 (4A100BF1)
fffff880`0bc00000 fffff880`0bc2d000   srvnet    Tue Jun 22 05:20:32 2010 (4C202C00)
fffff880`0bc2d000 fffff880`0bc3f000   tcpipreg  Tue Jul 14 02:09:49 2009 (4A5BCCCD)
fffff880`0bc3f000 fffff880`0bc49000   vmnetuserif  Fri May 21 08:08:24 2010 (4BF62358)
fffff880`0bc49000 fffff880`0bc55000   vstor2_ws60  Wed Apr 28 01:16:25 2010 (4BD77049)
fffff880`0bc55000 fffff880`0bcbd000   srv2      Tue Jun 22 05:20:47 2010 (4C202C0F)
fffff880`0bcde000 fffff880`0bd84000   peauth    Tue Jul 14 03:01:19 2009 (4A5BD8DF)
fffff880`0bddb000 fffff880`0bde6000   secdrv    Wed Sep 13 15:18:38 2006 (4508052E)
fffff880`0c26d000 fffff880`0c303000   srv       Tue Jun 22 05:21:11 2010 (4C202C27)
fffff880`0c303000 fffff880`0c332000   ipnat     Tue Jul 14 02:10:03 2009 (4A5BCCDB)
fffff880`0c332000 fffff880`0c342000   MpNWMon   Sat Mar 20 06:58:00 2010 (4BA463E8)
fffff880`0c342000 fffff880`0c348000   RTCore64  Wed May 25 08:39:12 2005 (42941D90)
fffff880`0c348000 fffff880`0c352000   kerneld   Sat Sep 05 19:27:16 2009 (4AA29F74)
fffff880`0c352000 fffff880`0c35d000   tdtcp     Tue Jul 14 02:16:32 2009 (4A5BCE60)
fffff880`0c35d000 fffff880`0c36c000   tssecsrv  Tue Jul 14 02:16:41 2009 (4A5BCE69)
fffff880`0c36c000 fffff880`0c3a4000   RDPWD     Tue Jul 14 02:16:47 2009 (4A5BCE6F)
fffff960`000e0000 fffff960`003ef000   win32k    Sat Jun 19 06:31:59 2010 (4C1C483F)
fffff960`00450000 fffff960`0045a000   TSDDD     Tue Jul 14 02:16:34 2009 (4A5BCE62)
fffff960`00780000 fffff960`007a7000   cdd       Wed May 19 21:48:26 2010 (4BF4408A)
fffff960`00910000 fffff960`00971000   ATMFD     Thu May 27 06:11:31 2010 (4BFDF0F3)

Unloaded modules:
fffff880`0bd84000 fffff880`0bddb000   rixdpx64.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00057000
fffff880`01b3d000 fffff880`01b4b000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`01b4b000 fffff880`01b57000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`01b57000 fffff880`01b60000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
fffff880`01b60000 fffff880`01b73000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`04b8d000 fffff880`04bbe000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00031000
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80003564465, fffff8800b51f770, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+356465 )

Followup: MachineOwner
---------

Finished dump check
```

Habe mal das folden an diesem Rechner stillgelegt. Mir gehen da zu viele WUs kaputt. (sorry)


----------



## simpel1970 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Der Symbolpfad ist im Debugger nicht korrekt hinterlegt.
Stelle den richtigen Symbopfad ein und werte die Minidump erneut aus.


----------



## Timmy99 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Habe ich getan. Dann kam folgendes raus:

```
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\092910-19578-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`0320e000 PsLoadedModuleList = 0xfffff800`0344be50
Debug session time: Wed Sep 29 17:14:01.301 2010 (UTC + 2:00)
System Uptime: 0 days 0:11:44.175
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80003564465, fffff8800b51f770, 0}

Unable to load image tdrpm251.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tdrpm251.sys
*** ERROR: Module load completed but symbols could not be loaded for tdrpm251.sys
Probably caused by : tdrpm251.sys ( tdrpm251+4c0c8 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80003564465, Address of the instruction which caused the bugcheck
Arg3: fffff8800b51f770, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

FAULTING_IP: 
nt!ObpQueryNameString+51
fffff800`03564465 410fb64718      movzx   eax,byte ptr [r15+18h]

CONTEXT:  fffff8800b51f770 -- (.cxr 0xfffff8800b51f770)
rax=fffff8800b520238 rbx=0000000000000000 rcx=00000000c0a8027b
rdx=fffffa8008669330 rsi=0000000000000001 rdi=0000000000000000
rip=fffff80003564465 rsp=fffff8800b520140 rbp=00000000c0a8027b
 r8=0000000000000080  r9=fffff8800b5202a0 r10=fffff880009ead00
r11=fffff88001c8b3c0 r12=0000000000000000 r13=fffffa800b246800
r14=fffffa8008669330 r15=00000000c0a8024b
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!ObpQueryNameString+0x51:
fffff800`03564465 410fb64718      movzx   eax,byte ptr [r15+18h] ds:002b:00000000`c0a80263=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  DfSdkS.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000356556a to fffff80003564465

STACK_TEXT:  
fffff880`0b520140 fffff800`0356556a : 00000000`c0a8027b fffffa80`08669330 fffffa80`00000080 fffff880`0b5202a0 : nt!ObpQueryNameString+0x51
fffff880`0b520240 fffff880`01cd00c8 : fffff880`00000009 00000000`c0a8027b 00000000`00000001 00000000`00000000 : nt!ObQueryNameString+0xe
fffff880`0b520280 fffff880`00000009 : 00000000`c0a8027b 00000000`00000001 00000000`00000000 00000000`00000080 : tdrpm251+0x4c0c8
fffff880`0b520288 00000000`c0a8027b : 00000000`00000001 00000000`00000000 00000000`00000080 fffff880`0b5203a0 : 0xfffff880`00000009
fffff880`0b520290 00000000`00000001 : 00000000`00000000 00000000`00000080 fffff880`0b5203a0 fffffa80`0b6dd710 : 0xc0a8027b
fffff880`0b520298 00000000`00000000 : 00000000`00000080 fffff880`0b5203a0 fffffa80`0b6dd710 fffff880`01cd7a0b : 0x1


FOLLOWUP_IP: 
tdrpm251+4c0c8
fffff880`01cd00c8 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  tdrpm251+4c0c8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tdrpm251

IMAGE_NAME:  tdrpm251.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a72f8d9

STACK_COMMAND:  .cxr 0xfffff8800b51f770 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_tdrpm251+4c0c8

BUCKET_ID:  X64_0x3B_tdrpm251+4c0c8

Followup: MachineOwner
---------
```
*(ALT)*Ich habe die minidump Datei einfach mal auf RS hochgeladen, damit ihr sie euch selbst anschauen könnt. Ich bekomms nicht gebacken 
http://rapidshare.com/files/422266689/092910-19578-01.dmp
Falls nicht erlaubt, entferne ich den Link natürlich sofort.*(/ALT)*

EDIT: jetz aber endgültig gefixt xD

MfG,
Timmy99


----------



## simpel1970 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Sieht doch bis jetzt gut aus. Einzige was noch fehlt ist die Eingabe des Befehls "!analyze -v" (ohne "") - ganz unten in der Eingabeleiste.

Die Minidump könnte ich frühestens heute Abend ansehen (geht nur zu Hause). Aber den letzten Schritt bekommst du sicherlich noch hin.


----------



## Timmy99 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

habs oben gefixt und ergänzt 

BUGCHECK_STR:  0x3B  PROCESS_NAME:  DfSdkS.exe Ashampoo Win Optimizer 7 -> Auto Defrag (ProDefrag)
Ich deaktivier mal den Prozess, mal guckn...


----------



## simpel1970 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Der schuldige Treiber ist "tdrpm251.sys". Der hat den Bluescreen ausgelöst. Der Treiber gehört zu Acronis. Scheinbar ist das Programm noch nicht korrekt deinstalliert?

Nutzt du von Acronis TI die aktuellste Version?

Edit: "PROCESS_NAME: DfSdkS.exe" besagt nur, dass der Bluescreen bei der Ausführung dieses Prozesses aufgetreten ist.

"IMAGE_NAME: tdrpm251.sys" hier steht der Treiber, der den Bluescreen vermutlich ausgelöst hat ("Probably caused by : tdrpm251.sys").



> STACK_TEXT:
> fffff880`0b520140 fffff800`0356556a : 00000000`c0a8027b fffffa80`08669330 fffffa80`00000080 fffff880`0b5202a0 : nt!ObpQueryNameString+0x51
> fffff880`0b520240 fffff880`01cd00c8 : fffff880`00000009 00000000`c0a8027b 00000000`00000001 00000000`00000000 : nt!ObQueryNameString+0xe
> fffff880`0b520280 fffff880`00000009 : 00000000`c0a8027b 00000000`00000001 00000000`00000000 00000000`00000080 : *tdrpm251*+0x4c0c8
> ...


hier (fettgedruckt) ist die Bestätigung, dass es der Treiber auch tatsächlich war.


----------



## Timmy99 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

ok, das Problem: Acronis konnte ich fast komplett deinstallieren. Lediglich der Scheduler-Sercvice lässt sich in der Registry nicht löschen...
Auch re-install und drauffolgende deinstallation half nicht. (Steht im Anfangspost)


----------



## simpel1970 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Jupp, habe ich gelesen. Welche Version von Acronis TI ist es denn? Die aktuellste Version (2011) läuft mit Win7 problemlos. Evtl. einfach die 2011er Version "drüber-" installieren.

Alternativ schon mit dem CCleaner versucht zu säubern?

Edit: http://www.chip.de/downloads/Revo-Uninstaller_27291156.html wäre noch eine Möglichkeit.

Edit2: Was mir gerade noch einfällt...hast du vor der Deinstallation den Acronis Startup Recovery Manager (Secure Zone) deaktiviert? Evtl. lässt sich deswegen das Programm nicht vollständig entfernen?

Des weiteren besteht die Möglichkeit sich bei Acronis zu registrieren und über den Support (https://www.acronis.com/my/products/index.html) das Acronis Clean Up Utility anzufordern/runter zu laden. Evtl geht es ja damit.

Edit3: Und noch eine Idee...da sich der Registry Schlüssel des Schedulers nicht löschen lässt, einfach mal über Start -> msconfig -> Autostart nachsehen, ob dort ein Haken beim Acronis Scheduler drin ist. In dem Fall den Haken entfernen, neu starten, Registry Schlüssel entfernen.


----------



## Timmy99 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Ok, ich werde mal die Ideen ausprobieren. Thx. Ich melde mich dann obs geklappt, oder nicht geklappt hat.


----------



## simpel1970 (30. September 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Ok. Viel Erfolg.


----------



## Timmy99 (1. Oktober 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Soo..
Also ich habe Acronis 2010 über den Installer sauber deinstalliert. Daraufhin 2011 installiert. Am Ende forderte es einen neustart.
Ich starte neu, und was sehe ich direkt nach "Windows wird gestartet"? Einen Bluescreen!
Und zwar begann der mit 50...
Auch der abgesicherte Modus half nichtmehr weiter. Windows bootete nichtmehr...
Es half nurnoch das einspielen eines Acronis Backups(Welche Ironie), dass ich vor 3 Tagen zum Glück erstellt hatte.
Nun bin ich so weit wie am anfang: Der Schudeler lässt sich nicht löschen, und wenn man ihn dann (unabsichtlich) mit Gewalt überschreibt, verweigert Windows seinen Dienst.
Was nun?


----------



## simpel1970 (1. Oktober 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*



> Also ich habe Acronis 2010 über den Installer sauber deinstalliert. Daraufhin 2011 installiert. Am Ende forderte es einen neustart



Hast du nach der Deinstallation von TI 2010 einen Neustart gemacht?

Du könntest noch das Acronis Clean Up Utility ausprobieren. Nach dem Acronis deinstalliert wurde, aber erst einmal testen, ob das System korrekt läuft (auch nach Neustart).


----------



## Timmy99 (1. Oktober 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks...*

Ich habe die Acronis Clean Up Utility ausprobiert.
Am ende war die deinstallation/löscung von Acronis laut Utility erfolgreich, ich solle Y für einen neustart drücken. habe ich getan.
Und was kam? Richtig, ein Bluescreen. Wieder half der abgesicherte Modus und die Windows Reperatur nicht, ich musste erneut das System zurücksetzen...

Edit:
So.. nachdem ich mehrere male das System zurücksetzen musste, hat es nun wie folgt geklappt:

1. Acronis Cleaner 2011 geladen
2. 1 gedrückt, und im Gerätemanager den Acronis Dienst gelöscht.
3. Enter, und danach die 2 gedrückt
4. immer y drücken, bis zum neustart.
5. wieder y drücken. PC startet neu
6. USB Ports sind deaktiviert/nicht ansprechbar.
7. Acronis 2011 installiert
8. KEIN NEUSTART machen.
9. Alle Acronis Dienste die nun aufgetaucht sind auf Manueller Start setzen.
10. PC-HDD ausrödeln lassen und die CPU last beobachten (sollte möglichst 0% betragen).
11. Herunterfahren
12. Starten

Das wars. Nun funzt Win7 wieder, die USB Ports funzen alle, und es gibt keinen Bluescreen mehr beim einstecken eines USB Sticks in eines der 13 USB Steckplätze.

Danke für die Tipps und Lösungsvorschläge. ;D

MfG,
Timmy99, die gelbe Ratte


----------



## simpel1970 (2. Oktober 2010)

*AW: Win7 - Bluescreen beim einstecken eines USB Sticks... (GELÖST!)*

Wow, was eine Odyssee nur wegen Acronis TI.

Gratuliere, dass du die Nerven behalten und eine Lösung hinbekommen hast.


----------

