Цитата gorodskoi1@twitter:
|
потому что такого не нашел) »
|
Но в системе присутствует его драйвер C:\windows\system32\Drivers\
bdfsfltr.sys
и в первом и во втором дампе в стеке он фигурирует. Во втором даже очень:
Скрытый текст
Код:
0xfffff880`08f70b88 0xfffff800`03d8bb22 nt!CcMapData+0xd2
0xfffff880`08f70bd8 0xfffff880`014b8105 Ntfs!NtfsCheckAttributeRecord+0x289
0xfffff880`08f70c48 0xfffff880`014b8725 Ntfs!NtfsReadMftRecord+0x344
0xfffff880`08f70c88 0xfffff800`03ab15ba nt!FsRtlAddBaseMcbEntryEx+0x10a
0xfffff880`08f70ce8 0xfffff880`0141db4e Ntfs!NtfsAddNtfsMcbEntry+0x12e
0xfffff880`08f70d78 0xfffff800`03a8df8a nt!KiSwapContext+0x7a
0xfffff880`08f70d88 0xfffff880`0141ce60 Ntfs!NtfsLookupAllocation+0x1f0
0xfffff880`08f70e88 0xfffff800`03c0ae80 nt!KiInitialPCR+0x180
0xfffff880`08f70ef8 0xfffff880`0141ec65 Ntfs!NtfsPrepareSimpleBuffers+0x6c6
0xfffff880`08f70f38 0xfffff880`01413a81 Ntfs!NtfsVerifyAndRevertUsaBlock+0x81
0xfffff880`08f70f78 0xfffff880`00f212ec FLTMGR!FltpPerformPostCallbacks+0x3cc
0xfffff880`08f70ff8 0xfffff880`00f21785 FLTMGR!FltpFreeIrpCtrl+0x145
0xfffff880`08f71048 0xfffff880`00f22e1c FLTMGR!FltpProcessIoCompletion+0xec
0xfffff880`08f71078 0xfffff800`03a9befc nt!IopFreeIrp+0x11c
0xfffff880`08f710b8 0xfffff800`03a8ebe4 nt!IopfCompleteRequest+0x454
0xfffff880`08f711a8 0xfffff880`0141c84c Ntfs!NtfsExtendedCompleteRequestInternal+0x11c
0xfffff880`08f711e8 0xfffff880`01419225 Ntfs!NtfsCommonRead+0x1bdc
0xfffff880`08f71208 0xfffff800`03c18c80 nt!KiNode0+0x80
0xfffff880`08f71358 0xfffff880`01419514 Ntfs!NtfsFsdRead+0x2d4
0xfffff880`08f713f8 0xfffff800`03a7014a nt!EtwpReserveTraceBuffer+0xe2
0xfffff880`08f71468 0xfffff800`03a17000 nt!KiSelectNextThread <PERF> (nt+0x0)+0x0
0xfffff880`08f71498 0xfffff800`03b77094 nt!EtwpLogKernelEvent+0x2a4
0xfffff880`08f71538 0xfffff800`03b23ff9 nt!EtwTraceTimedEvent+0xd9
0xfffff880`08f71590 0xfffff880`0140c000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)+0x0
0xfffff880`08f715a0 0xfffff880`0145b1f0 Ntfs!SqmThrottle+0x30
0xfffff880`08f715b8 0xfffff880`0141c35c Ntfs!NtfsReleaseFcb+0x2c
0xfffff880`08f715e0 0xfffff880`0140c000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)+0x0
0xfffff880`08f715f8 0xfffff880`01426d8d Ntfs!NtfsCommonWrite+0x38fa
0xfffff880`08f71618 0xfffff880`0145b1f0 Ntfs!SqmThrottle+0x30
0xfffff880`08f71638 0xfffff800`03ccbb00 nt!MmSystemCacheWs+0x0
0xfffff880`08f71660 0xfffff880`0145b208 Ntfs!SqmThrottle+0x48
0xfffff880`08f71668 0xfffff800`03ab63e3 nt!_C_specific_handler+0x13f
0xfffff880`08f71698 0xfffff800`03ab5e7b nt!KeQueryCurrentStackInformation+0x4b
0xfffff880`08f716a0 0xfffff880`0145848c Ntfs!rcon+0xd6c
0xfffff880`08f716a8 0xfffff880`01426222 Ntfs!_GSHandlerCheck_SEH+0x42
0xfffff880`08f716c0 0xfffff880`01423e11 Ntfs!NtfsFsdWrite+0x301
0xfffff880`08f716f0 0xfffff880`01458478 Ntfs!rcon+0xd58
0xfffff880`08f716f8 0xfffff880`0140c000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)+0x0
0xfffff880`08f71708 0xfffff800`03ab5986 nt!RtlUnwindEx+0x590
0xfffff880`08f71718 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f71728 0xfffff880`0140c000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)+0x0
0xfffff880`08f71770 0xfffff880`014261e0 Ntfs!_GSHandlerCheck_SEH+0x0
0xfffff880`08f717a8 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f71848 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f71858 0xfffff800`03aaaf1d nt!ExpAllocateBigPool+0xcd
0xfffff880`08f718d8 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f718e8 0xfffff800`03aaaf1d nt!ExpAllocateBigPool+0xcd
0xfffff880`08f719a8 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f719c8 0xfffff880`0146b428 Ntfs!NtfsData+0x4a8
0xfffff880`08f719d8 0xfffff800`03bc3400 nt!ExAllocatePoolWithTag+0x7f0
0xfffff880`08f719e8 0xfffff800`03a8df8a nt!KiSwapContext+0x7a
0xfffff880`08f719f8 0xfffff880`0141ce60 Ntfs!NtfsLookupAllocation+0x1f0
0xfffff880`08f71a78 0xfffff800`03bbf572 nt!MiFreePoolPages+0x272
0xfffff880`08f71ac8 0xfffff880`014255f5 Ntfs!NtfsCreateMdlAndBuffer+0x135
0xfffff880`08f71af8 0xfffff800`03c0ae80 nt!KiInitialPCR+0x180
0xfffff880`08f71b28 0xfffff800`03a80ab2 nt!KiCommitThreadWait+0x1d2
0xfffff880`08f71b68 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f71b80 0xfffff800`03a17000 nt!KiSelectNextThread <PERF> (nt+0x0)+0x0
0xfffff880`08f71b88 0xfffff800`03bc28a7 nt!ExFreePoolWithTag+0x7c7
0xfffff880`08f71b98 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f71ba8 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f71bb8 0xfffff800`03a91edf nt!KeWaitForSingleObject+0x19f
0xfffff880`08f71be8 0xfffff800`03a8df8a nt!KiSwapContext+0x7a
0xfffff880`08f71bf8 0xfffff880`0141ce60 Ntfs!NtfsLookupAllocation+0x1f0
0xfffff880`08f71c88 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f71db8 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f71dc8 0xfffff800`03aaaf1d nt!ExpAllocateBigPool+0xcd
0xfffff880`08f71e88 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f71ea8 0xfffff880`0146b428 Ntfs!NtfsData+0x4a8
0xfffff880`08f71eb8 0xfffff800`03bc3400 nt!ExAllocatePoolWithTag+0x7f0
0xfffff880`08f71ec8 0xfffff800`03a8df8a nt!KiSwapContext+0x7a
0xfffff880`08f71ed8 0xfffff880`0141ce60 Ntfs!NtfsLookupAllocation+0x1f0
0xfffff880`08f71f58 0xfffff800`03bbf572 nt!MiFreePoolPages+0x272
0xfffff880`08f71fa8 0xfffff880`014255f5 Ntfs!NtfsCreateMdlAndBuffer+0x135
0xfffff880`08f71fd8 0xfffff800`03c0ae80 nt!KiInitialPCR+0x180
0xfffff880`08f72008 0xfffff800`03a80ab2 nt!KiCommitThreadWait+0x1d2
0xfffff880`08f72048 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f72060 0xfffff800`03a17000 nt!KiSelectNextThread <PERF> (nt+0x0)+0x0
0xfffff880`08f72068 0xfffff800`03bc28a7 nt!ExFreePoolWithTag+0x7c7
0xfffff880`08f72078 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f72088 0xfffff800`03bbf71e nt!MiAllocatePoolPages+0x9e
0xfffff880`08f72098 0xfffff800`03a91edf nt!KeWaitForSingleObject+0x19f
0xfffff880`08f720c8 0xfffff800`03a8df8a nt!KiSwapContext+0x7a
0xfffff880`08f720d8 0xfffff880`0141ce60 Ntfs!NtfsLookupAllocation+0x1f0
0xfffff880`08f721a8 0xfffff800`03c1f580 nt!NonPagedPoolDescriptor+0x0
0xfffff880`08f721b8 0xfffff800`03aaaf1d nt!ExpAllocateBigPool+0xcd
0xfffff880`08f72248 0xfffff880`0141ec65 Ntfs!NtfsPrepareSimpleBuffers+0x6c6
*** ERROR: Symbol file could not be found. Defaulted to export symbols for bdfsfltr.sys -
Возможно был когда-то установлен этот Антивирус, остался его filter driver.
Проверьте
Удаление продуктов BitDefender: