我强烈怀疑我的 Windows 8 笔记本电脑中存在恶意应用程序(或服务或错误),它会终止我的资源管理器进程,有时会导致任务栏无响应并一直显示忙碌图标。因此,我必须使用 Alt+Tab 在应用程序之间切换。当任务栏无响应时,我甚至无法在应用程序之间切换,我必须使用任务管理器来运行资源管理器进程。
我的笔记本电脑有 6GB RAM
那么如何归结为可能使用胭脂应用(我尝试了几乎所有的技术但都无济于事)以及如果没有使用胭脂应用如何解决这个问题。
我在事件日志中不断看到以下 3 个错误:
故障桶,类型 0 活动名称:APPCRASH 答复:暂无 出租车 ID:0 问题签名: P1:explorer.exe P2:6.2.9200.16628 P3:51a94434 P4:ntdll.dll P5:6.2.9200.16579 P6:51637f77 P7:c0000005 P8:00000000000054ec P9: 第10页: 附加的文件: C:\Users\ALI\AppData\Local\Temp\WER7C5A.tmp.appcompat.txt C:\用户\ALI\应用程序数据\本地\Temp\WER7C7A.tmp.WERInternalMetadata.xml C:\用户\ALI\应用程序数据\本地\Temp\WER7D37.tmp.hdmp C:\用户\ALI\应用程序数据\本地\Temp\WERC52E.tmp.mdmp 这些文件可能可以在这里获得: C:\用户\ALI\应用程序数据\本地\微软\的Windows\WER\ReportQueue\AppCrash_explorer.exe_b6c9fc2275b8269316d2d695cbf3f2ff98e379_cab_13c6edd1 分析符号: 重新检查解决方案:0 报告编号:164f935e-f6ea-11e2-be89-60eb69184d3d 报告状态:112 哈希桶: == 错误应用程序名称:backgroundTaskHost.exe,版本:6.2.9200.16384,时间戳:0x5010a827 错误模块名称:KERNELBASE.dll,版本:6.2.9200.16451,时间戳:0x50988aa6 异常代码:0xe0434352 故障偏移量:0x000000000003811c 错误进程 ID:0x205c 错误应用程序启动时间:0x01ce8af7d0fda8cf 错误应用程序路径:C:\WINDOWS\system32\backgroundTaskHost.exe 错误模块路径:C:\WINDOWS\system32\KERNELBASE.dll 报告编号:188b1b81-f6eb-11e2-be89-60eb69184d3d 错误包的全名:MarthaStewartLivingOmnime.EverydayFood_1.0.1.2_neutral__p79skxyasf6gr 错误程序包相关应用程序 ID:App === 故障桶,类型 0 事件名称:WPNConnectionFailure 答复:暂无 出租车 ID:0 问题签名: P1:数据重新连接 P2:8007274c P3:妇女党 P4:未知 P5:未知 P6:未知 P7:2 P8:244 P9: 第10页: 附加的文件: C:\用户\ALI\应用程序数据\本地\Temp\wpn_5487237965553919453.evtx 这些文件可能可以在这里获得: C:\Users\ALI\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Data Reconnect_1249b4f85ef55958ef36b1d42e2e8e111cf3dd8c_cab_1cc161dc 分析符号: 重新检查解决方案:0 报告编号:e9a99e36-f6ba-11e2-be89-60eb69184d3d 报告状态:116 哈希桶: === 无法找到来自源 HHCTRL 的事件 ID 1903 的描述。引发此事件的组件未安装在您的本地计算机上,或者安装已损坏。您可以在本地计算机上安装或修复该组件。 如果事件源自另一台计算机,则显示信息必须与事件一起保存。 此次活动包含以下信息: http://go.microsoft.com/fwlink?LinkID=45839
我卸载了 Marthstewart 食谱图块(如它出现在上面的日志中)但问题仍然存在,此外我尝试了所有的 tweakUI 清理工具和各种其他诊断工具但似乎没有什么可以诊断出问题。
更新:
我终于设法获取了 Explorer.exe 的完整转储,这是一个很大的文件,因此我将其上传到了这里(现已删除)。
在使用 revo 卸载了许多程序之后(可能的罪魁祸首是谷歌驱动器也被完全清理了),我恢复了 explorer.exe,也就是说,它至少从之前的错误 0x10000142 开始运行,其中 explorer.exe 甚至无法启动,但这只是短暂的,当我尝试从任务管理器重新启动 explorer.exe 进程时,我再次收到此错误,explorer 进程自上次崩溃后就无法重新启动,事实上,即使在启动时,我也收到此错误“Explorer.exe 无法正确启动(0x0000142)”,因此呈现一个空白屏幕而无事可做,现在您只能在安全模式下工作!
我在这里询问了 MS 支持团队,他们的团队仍然有类似的问题尚未解答。
更新:
一位回答者发现 Avast 是导致 explorer 无法启动的问题,但崩溃问题仍然存在,现在我已将问题缩小到右键单击上下文菜单,每当我按下开始并键入一些内容进行搜索或单击图块时,explorer 进程就会立即崩溃。此外,如果我右键单击任意位置的任意图标,资源管理器崩溃了。所以现在问题归结为如何解决这个右键单击上下文菜单问题。那么如何解决这个问题?有没有平铺视图的替代方案,因为我需要访问控制面板和各种应用程序?
另外,由于我不能使用右键单击或 Metro 磁贴,是否有其他方法可以用来访问控制面板和其他设置?
答案1
要自己分析问题,请按照以下步骤操作:
打开 WinDbg,打开转储(CTRL+ D)并输入此命令,然后按 ENTER:
!analyze -v
现在将输出与我发布的内容进行比较,看看您是否遇到相同的问题或新的问题。
////////////////////
编辑 2013-08-06
上次转储显示C:\Program 文件 (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll原因:
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify timestamp for ContextMenu64.dll
*** ERROR: Module load completed but symbols could not be loaded for ContextMenu64.dll
*** WARNING: Unable to verify timestamp for Adist64.dll
*** ERROR: Module load completed but symbols could not be loaded for Adist64.dll
APPLICATION_VERIFIER_LOCKS_LOCK_IN_UNLOADED_DLL (201)
Unloading DLL containing an active critical section.
This stop is generated if a DLL has a global variable containing a critical section
and the DLL is unloaded but the critical section has not been deleted. To debug
this stop use the following debugger commands:
$ du parameter3 - to dump the name of the culprit DLL.
$ .reload dllname or .reload dllname = parameter4 - to reload the symbols for that DLL.
$ !cs -s parameter1 - dump information about this critical section.
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the leaked critical section.
$ dps parameter2 - to dump the stack trace for this critical section initialization.
Arguments:
Arg1: 00000000160384b0, Critical section address.
Arg2: 0000000001381220, Critical section initialization stack trace.
Arg3: 000000000ffc49b2, DLL name address.
Arg4: 0000000016020000, DLL base address.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sppc.dll -
*** WARNING: Unable to verify timestamp for SugarSyncShellExt_x64.dll
*** ERROR: Module load completed but symbols could not be loaded for SugarSyncShellExt_x64.dll
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007feb74da7fc (verifier!VerifierStopMessageEx+0x00000000000006d0)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: explorer.exe
CRITICAL_SECTION: 00000000160384b0 -- (!cs -s 00000000160384b0)
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
FAULTING_THREAD: 0000000000000df4
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007feb74e557b to 000007feb74da7fc
STACK_TEXT:
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpFreeMemLockChecks
verifier!AVrfpFreeMemNotify
verifier!AVrfpDllUnloadCallback
ntdll!AVrfDllUnloadNotification
ntdll!LdrpUnloadNode
ntdll!LdrpDecrementNodeLoadCount
ntdll!LdrUnloadDll
KERNELBASE!FreeLibrary
ContextMenu64
0x0
0x0
0x0
0x0
0x0
Adist64
Adist64
0x0
0x0
ContextMenu64
0x0
0x0
0x0
0x0
SYMBOL_NAME: contextmenu64+110a6
IMAGE_NAME: ContextMenu64.dll
Image path: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll
Image name: ContextMenu64.dll
Timestamp: Mon Oct 06 21:22:22 2008 (48EA656E)
CheckSum: 001880E9
ImageSize: 00189000
File version: 9.0.0.373
Product version: 9.0.0.373
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
AppVerifier 可以出色地显示您使用的所有有缺陷、陈旧和不兼容的软件。
////////////////
转储显示 Avast (AVAST Software\Avast\snxhk64.dll) 导致 Explorer 崩溃:
APPLICATION_VERIFIER_MEMORY_SIZE_HEAP_UNEXPECTED_EXCEPTION (618)
Unexpected exception when trying to find heap block size.
This stop is generated if we get an exception while calling HeapSize for a heap block
that is being freed. This typically means that the specified heap block address is
incorrect or the heap is corrupted.
To debug this stop:
$ .exr parameter3 - to display the exception record;
$ .cxr parameter4 followed by kb - to display the exception context information
and stack trace at the time when the exception was raised.
Arguments:
Arg1: 000000000474d800, Address of the heap block being freed.
Arg2: 0000000003680000, Heap handle.
Arg3: 0000000000caeea0, Exception record. Use .exr to display it.
Arg4: 0000000000cae9b0, Context record. Use .cxr to display it.
FAULTING_IP:
verifier!VerifierStopMessageEx+6d0
000007fb`a324a7fc cc int 3
EXCEPTION_RECORD: 0000000000caeea0 -- (.exr 0xcaeea0)
ExceptionAddress: 000007fbb16fab00 (ntdll!RtlpWaitOnCriticalSection+0x00000000000000c0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: explorer.exe
CONTEXT: 0000000000cae9b0 -- (.cxr 0xcae9b0)
rax=0000000000000000 rbx=000007fba32842a0 rcx=00000000fffffffc
rdx=0000000000000088 rsi=0000000000000088 rdi=0000000000000000
rip=000007fbb16fab00 rsp=0000000000caef70 rbp=0000000000000000
r8=ffffffffffffffff r9=0000000000000004 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
r14=000007f60b35e000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010213
ntdll!RtlpWaitOnCriticalSection+0xc0:
000007fb`b16fab00 ff4024 inc dword ptr [rax+24h] ds:00000000`00000024=????????
Resetting default scope
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
FAULTING_THREAD: 0000000000000428
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fba3252861 to 000007fba324a7fc
STACK_TEXT:
ntdll!NtWaitForSingleObject
ntdll!RtlReportExceptionEx
ntdll!RtlReportException
ntdll!LdrpCalloutExceptionFilter
ntdll!LdrpInitializeNode$filt$1
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpSizeHeapExceptionFilter
verifier!AVrfpRtlFreeHeap$filt$0
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
ntdll!RtlpWaitOnCriticalSection
ntdll!RtlpEnterCriticalSectionContended
verifier!AVrfpFreeMemLockChecks
verifier!AVrfpFreeMemNotify
verifier!AVrfpRtlFreeHeap
snxhk64!SnxHk_UninstallHook
snxhk64
verifier!AVrfpInitializeExceptionChecking
verifier!DllMain
ntdll!LdrpCallInitRoutine
ntdll!LdrpInitializeNode
ntdll!LdrpInitializeGraph
ntdll!AVrfInitializeVerifier
ntdll!LdrpInitializeProcess
ntdll!_LdrpInitialize
ntdll!LdrInitializeThunk
FOLLOWUP_IP:
snxhk64!SnxHk_UninstallHook+7150
00000000`5d14fb40 85c0 test eax,eax
SYMBOL_STACK_INDEX: c
SYMBOL_NAME: snxhk64!SnxHk_UninstallHook+7150
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snxhk64
IMAGE_NAME: snxhk64.dll
Loaded symbol image file: snxhk64.dll
Image path: C:\Program Files\AVAST Software\Avast\snxhk64.dll
Image name: snxhk64.dll
Timestamp: Thu May 09 10:52:55 2013 (518B63E7)
CheckSum: 00000000
ImageSize: 0004D000
File version: 8.0.1489.300
Product version: 8.0.1489.300
File flags: 0 (Mask 17)
File OS: 4 Unknown Win32
File type: 0.0 Unknown
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: AVAST Software
ProductName: avast! Antivirus
InternalName: snxhk
OriginalFilename: snxhk.dll
ProductVersion: 8.0.1489.300
FileVersion: 8.0.1489.300
FileDescription: avast! snxhk
LegalCopyright: Copyright (c) 2013 AVAST Software
将此问题报告给 Avast并使用不同的 AV 工具直到问题得到解决。
运行我链接的 uninstall.reg 以禁用转储创建和应用程序验证程序,这会减慢 Explorer 的速度。
// 编辑:新的崩溃是由蓝牙驱动程序引起的:
APPLICATION_VERIFIER_LOCKS_LOCK_NOT_INITIALIZED (210)
Critical section not initialized.
This stop is generated if a critical section is used without being
initialized or after it has been deleted. To debug this stop:
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the critical section.
Arguments:
Arg1: 0000000009044c08, Critical section address.
Arg2: 0000000000000000, Critical section debug info address.
Arg3: 0000000000000000, Not used.
Arg4: 0000000000000000, Not used.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for GROOVEEX.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for SugarSyncShellExt_x64.dll -
FAULTING_IP:
verifier!VerifierStopMessageEx+6d0
000007ff`bba9a7fc cc int 3
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007ffbba9a7fc (verifier!VerifierStopMessageEx+0x00000000000006d0)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: explorer.exe
CRITICAL_SECTION: 0000000009044c08 -- (!cs -s 0000000009044c08)
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
FAULTING_THREAD: 0000000000000978
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007ffbbaa5338 to 000007ffbba9a7fc
STACK_TEXT:
ntdll!NtWaitForSingleObject
ntdll!RtlReportExceptionEx
ntdll!RtlReportException
verifier!AVrfpVectoredExceptionHandler
ntdll!RtlpCallVectoredHandlers
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpVerifyInitializedCriticalSection
verifier!AVrfpRtlDeleteCriticalSection
BtvAppExt!DllUnregisterServer
BtvAppExt!DllUnregisterServer
BtvAppExt
BtvAppExt
combase!CServerContextActivator::CreateInstance
combase!ActivationPropertiesIn::DelegateCreateInstance
combase!CApartmentActivator::CreateInstance
combase!CProcessActivator::CCICallback
combase!CProcessActivator::AttemptActivation
combase!CProcessActivator::ActivateByContext
combase!CProcessActivator::CreateInstance
combase!ActivationPropertiesIn::DelegateCreateInstance
combase!CClientContextActivator::CreateInstance
combase!ActivationPropertiesIn::DelegateCreateInstance
combase!ICoCreateInstanceEx
combase!CoCreateInstance
shell32!_SHCoCreateInstance
shell32!SHExtCoCreateInstance
shell32!HDXA_QueryContextMenu
shell32!CDefFolderMenu::QueryContextMenu
shlwapi!SHInvokeCommandOnContextMenu2
shlwapi!SHInvokeCommandOnContextMenu
shell32!SHInvokeCommandOnSelection
shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''
shell32!CRegDataDrivenCommand::_Invoke
explorerframe!CRibbonCommandHandlerOnExplorerCommand::Execute
UIRibbon!CControlUser::_ExecuteOnHandler
UIRibbon!CGenericControlUser::SetValueImpl
UIRibbon!CGenericDataSource::SetValue
UIRibbon!OfficeSpace::DataSource::SetValue
UIRibbon!OfficeSpace::FSControl::SetValue
UIRibbon!NetUI::DeferCycle::ProcessDataBindingPropertyChangeRecords
UIRibbon!NetUI::DeferCycle::HrAddDataBindingPropertyChangeRecord
UIRibbon!NetUI::Binding::SetDataSourceValue
UIRibbon!NetUI::Bindings::OnBindingPropertyChanged
UIRibbon!NetUI::Node::OnPropertyChanged
UIRibbon!FlexUI::Concept::OnPropertyChanged
UIRibbon!NetUI::Node::FExecuteCommand
UIRibbon!FlexUI::ExecuteAction::OnCommand
UIRibbon!NetUI::Node::FExecuteCommand
UIRibbon!NetUI::SimpleButton::OnEvent
UIRibbon!NetUI::Element::_DisplayNodeCallback
UIRibbon!GPCB::xwInvokeDirect
UIRibbon!GPCB::xwInvokeFull
UIRibbon!DUserSendEvent
UIRibbon!NetUI::Element::FireEvent
UIRibbon!NetUI::_FireClickEvent
UIRibbon!NetUI::SimpleButton::OnInput
UIRibbon!NetUI::Element::_DisplayNodeCallback
UIRibbon!GPCB::xwInvokeDirect
UIRibbon!GPCB::xwInvokeFull
UIRibbon!BaseMsgQ::xwProcessNL
UIRibbon!DelayedMsgQ::xwProcessDelayedNL
UIRibbon!ContextLock::~ContextLock
UIRibbon!HWndContainer::xdHandleMessage
UIRibbon!ExtraInfoWndProc
user32!UserCallWinProcCheckWow
user32!DispatchMessageWorker
explorerframe!CExplorerFrame::FrameMessagePump
explorerframe!CExplorerTask::InternalResumeRT
explorerframe!CRunnableTask::Run
shell32!CShellTask::TT_Run
shell32!CShellTaskThread::ThreadProc
shell32!CShellTaskThread::s_ThreadProc
SHCore!COplockFileHandle::v_GetHandlerCLSID
verifier!AVrfpStandardThreadFunction
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
Image path: C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll
Image name: BtvAppExt.dll
Timestamp: Fri Jan 15 13:41:32 2010 (4B50627C)
CheckSum: 000329B6
ImageSize: 0002D000
File version: 1.0.0.1
Product version: 1.0.0.1
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: TODO: <Company name>
ProductName: TODO: <Product name>
InternalName: BtvAppExt.dll
OriginalFilename: BtvAppExt.dll
ProductVersion: 1.0.0.1
FileVersion: 1.0.0.1
FileDescription: TODO: <File description>
LegalCopyright: TODO: (c) <Company name>. All rights reserved.
这蓝牙扩展存在很多缺陷,因此 Directory Opus 在两年前就将其屏蔽了。
列入黑名单的有问题的 shell 扩展:Qualcomm Atheros Commnucations Bluetooth Suite (BtvAppExt.dll,{B8952421-0E55-400B-94A6-FA858FC0A39F})。