Blue screen na nowo postawionym systemie!

Post29 gru 2013, 14:17

Witam, wczoraj po instalacji systemu pojawił się BSOD. Po odczytaniu pliku dmp wyszło coś takiego:

*
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff8800a811f28, fffff8800a811780, fffff8000348ffec}

Probably caused by : Ntfs.sys ( Ntfs! ?? ::FNODOBFM::`string'+2899 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800a811f28
Arg3: fffff8800a811780
Arg4: fffff8000348ffec

Debugging Details:
------------------

EXCEPTION_RECORD: fffff8800a811f28 -- (.exr 0xfffff8800a811f28)
ExceptionAddress: fffff8000348ffec (nt!MmMapViewInSystemCache+0x00000000000003cc)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

CONTEXT: fffff8800a811780 -- (.cxr 0xfffff8800a811780)
rax=f8a0022db8080400 rbx=fffff6fcc000be00 rcx=000000000000000f
rdx=fffffa800792e650 rsi=fffff8a0022db810 rdi=fffff8a0022db810
rip=fffff8000348ffec rsp=fffff8800a812160 rbp=fffff6fcc000b800
r8=fffffa8000000020 r9=fffff80003403000 r10=fffff80003601c00
r11=fffff8800a811fb0 r12=fffffa80076569e0 r13=fffffa80049b9d38
r14=fffffa80076569e0 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!MmMapViewInSystemCache+0x3cc:
fffff800`0348ffec 498b7f08 mov rdi,qword ptr [r15+8] ds:002b:00000000`00000008=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: ismagent.exe

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000008

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036b0100
0000000000000008

FOLLOWUP_IP:
Ntfs! ?? ::FNODOBFM::`string'+2899
fffff880`0123f688 cc int 3

FAULTING_IP:
nt!MmMapViewInSystemCache+3cc
fffff800`0348ffec 498b7f08 mov rdi,qword ptr [r15+8]

BUGCHECK_STR: 0x24

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff8000348ffec

STACK_TEXT:
fffff880`0a810f18 fffff880`0123f688 : 00000000`00000024 00000000`001904fb fffff880`0a811f28 fffff880`0a811780 : nt!KeBugCheckEx
fffff880`0a810f20 fffff880`01254c29 : fffff880`01285d40 fffff880`0a812780 fffff880`0a812750 00000000`00000003 : Ntfs! ?? ::FNODOBFM::`string'+0x2899
fffff880`0a810f60 fffff800`034a3cdc : 00000000`00000000 00000000`00000000 fffff8a0`01a47af8 fffff880`012fbd50 : Ntfs! ?? ::FNODOBFM::`string'+0x11e6
fffff880`0a810fa0 fffff880`01254265 : fffff880`01285d48 fffff880`0a812750 fffff880`0a811f28 fffff880`0a812750 : nt!_C_specific_handler+0x8c
fffff880`0a811010 fffff800`034a375d : fffff880`01285d34 00000000`00000000 fffff880`0123b000 00000000`00000000 : Ntfs!_GSHandlerCheck_SEH+0x75
fffff880`0a811040 fffff800`034a2535 : fffff880`01285d34 fffff880`0a8110b8 fffff880`0a811f28 fffff880`0123b000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0a811070 fffff800`034b34e1 : fffff880`0a811f28 fffff880`0a811780 fffff880`00000000 fffff8a0`022db810 : nt!RtlDispatchException+0x415
fffff880`0a811750 fffff800`03478202 : fffff880`0a811f28 fffff6fc`c000be00 fffff880`0a811fd0 fffff8a0`022db810 : nt!KiDispatchException+0x135
fffff880`0a811df0 fffff800`03476d7a : 00000000`00000000 00000000`00000008 fffffa80`0393f100 fffff6fc`c000be00 : nt!KiExceptionDispatch+0xc2
fffff880`0a811fd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a

STACK_COMMAND: kb

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: Ntfs! ?? ::FNODOBFM::`string'+2899

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME: Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5167f5fc

FAILURE_BUCKET_ID: X64_0x24_Ntfs!_??_::FNODOBFM::_string_+2899

BUCKET_ID: X64_0x24_Ntfs!_??_::FNODOBFM::_string_+2899

Followup: MachineOwner
---------

1: kd> lmvm Ntfs
start end module name
fffff880`0123b000 fffff880`013dd000 Ntfs (pdb symbols) c:\symbols\ntfs.pdb\0842A8FED1C5463FB4078078781F5C622\ntfs.pdb
Loaded symbol image file: Ntfs.sys
Mapped memory image file: c:\symbols\Ntfs.sys\5167F5FC1a2000\Ntfs.sys
Image path: \SystemRoot\System32\Drivers\Ntfs.sys
Image name: Ntfs.sys
Timestamp: Fri Apr 12 13:54:36 2013 (5167F5FC)
CheckSum: 001A27D8
ImageSize: 001A2000
File version: 6.1.7601.18127
Product version: 6.1.7601.18127
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 6.1.7601.18127
FileVersion: 6.1.7601.18127 (win7sp1_gdr.130412-0013)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.

Nie wiem co dalej zrobić, proszę o pomoc

Strona WWW · Post29 gru 2013, 14:23

Zainstalowałeś wszystkie sterowniki? nie ma w menedzerze urządzeń znaków zapytania itp? Podaj jeszcze smart dysku:
sprzet-komputerowy/odczytanie-smart-programem-hd-tune-t512.html

Post29 gru 2013, 14:52

Tak sterowniki zainstalowane wszystkie ze strony producenta w menadżerze urządzeń nie ma żadnych znaków zapytania

HD Tune: ST9500325AS Health

ID Current Worst Threshold Data Status
(01) Raw Read Error Rate 115 99 34 100199814 Ok
(03) Spin Up Time 99 99 0 0 Ok
(04) Start/Stop Count 100 100 20 758 Ok
(05) Reallocated Sector Count 100 100 36 0 Ok
(07) Seek Error Rate 78 60 30 81079736 Ok
(09) Power On Hours Count 95 95 0 4802 Ok
(0A) Spin Retry Count 100 100 97 0 Ok
(0C) Power Cycle Count 100 100 20 744 Ok
(B8) (unknown attribute) 100 100 99 0 Ok
(BB) (unknown attribute) 100 100 0 0 Ok
(BC) (unknown attribute) 100 100 0 0 Ok
(BD) (unknown attribute) 100 100 0 0 Ok
(BE) Airflow Temperature 60 46 45 672530472 Ok
(BF) G-sense Error Rate 100 100 0 13 Ok
(C0) Power Off Retract Count 100 100 0 0 Ok
(C1) Load Cycle Count 88 88 0 25640 Ok
(C2) Temperature 40 54 0 40 Ok
(C3) Hardware ECC Recovered 55 48 0 100199814 Ok
(C4) Reallocated Event Count 95 95 30 4717 Ok
(C5) Current Pending Sector 100 100 0 0 Ok
(C6) Offline Uncorrectable 100 100 0 0 Ok
(C7) Ultra DMA CRC Error Count 200 200 0 0 Ok

Power On Time : 4802
Health Status : Ok

Strona WWW · Post29 gru 2013, 15:43

dok pisze:(C4) Reallocated Event Count 95 95 30 4717 Ok

to dosyć dziwne, jeśli mozesz to daj smart z mhdd:
sprzet-komputerowy/odczytanie-smart-programem-mhdd-t538.html
oraz skan powierzchni:
sprzet-komputerowy/skanowanie-powierzchni-dysku-programem-mhdd-t753.html

Post29 gru 2013, 16:53

Program który podałeś nie wykrywa dysku!

To jest dysk z laptopa nie z kompa stacjonarnego sorry że wcześniej tego nie podałem :oops:

I jeszcze jeden blue screen sprzed kilku minut, poniżej zawartość pliku dmp:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F7, {200a29a3a0, 146a1b7e6754, ffffeb95e48198ab, 0}

Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 000000200a29a3a0, Actual security check cookie from the stack
Arg2: 0000146a1b7e6754, Expected security check cookie
Arg3: ffffeb95e48198ab, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------

DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME

SECURITY_COOKIE: Expected 0000146a1b7e6754 found 000000200a29a3a0

CUSTOMER_CRASH_COUNT: 1

BUGCHECK_STR: 0xF7

PROCESS_NAME: cavwp.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80003570b05 to fffff800034dcb80

STACK_TEXT:
fffff880`0b742298 fffff800`03570b05 : 00000000`000000f7 00000020`0a29a3a0 0000146a`1b7e6754 ffffeb95`e48198ab : nt!KeBugCheckEx
fffff880`0b7422a0 fffff800`034a93be : fffffa80`01fc0fb0 00000000`00002a80 00000000`0000000f fffffa80`0000000f : nt!_report_gsfailure+0x25
fffff880`0b7422e0 00000000`00000000 : fffff880`0b7426b0 fffff880`0b7426f8 fffff880`0b7426f8 fffff880`0b742708 : nt!LdrpResSearchResourceMappedFile+0x33a

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!_report_gsfailure+25
fffff800`03570b05 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!_report_gsfailure+25

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 51fb06cd

FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25

BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25

Followup: MachineOwner
---------

0: kd> lmvm nt
start end module name
fffff800`03467000 fffff800`03a4d000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\444961FE7BC64E8ABAA9F36D9855C08C2\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: c:\symbols\ntoskrnl.exe\51FB06CD5e6000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Fri Aug 02 03:09:33 2013 (51FB06CD)
CheckSum: 0055A245
ImageSize: 005E6000
File version: 6.1.7601.18229
Product version: 6.1.7601.18229
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.18229
FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.

Post30 gru 2013, 00:13

Zrób skanowanie powierzchni vivardem z ultimate boot cd.

Zmień też comodo na innego firewalla, na razie dla testu.

Post30 gru 2013, 03:04

Skan powierzchni zakończony, żadnych błędów i realokowanych sektorów.