Witam thermalfake
Bardzo dziękuję za Twoje zainteresowanie moim problemem.
Wstrzymaj się jednak z analizą. Znalazłem jeszcze jeden, a właściwie dwa problemy w moim laptopie - sprzętowe.
Wpierw muszę wymienić pamięć, potem "podreperować" HDD.
Wtedy zobaczę co się będzie działo.
23:15
Dysk wydaje się jednak OK. Pamięć wymieniam jutro.
Pamięć wymieniłem. Memtest86 pełny cykl - wszystko OK.
Dyski twarde przeleciałem SeeTools i też jest OK.
Uruchomiłem Arcabit i wybrałem pełne skanowanie systemu. Znowu BSOD.
Wynik ostatniego dmp - poniżej.
Kod:
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Windows\Minidump\070915-38017-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
Machine Name:
Kernel base = 0xfffff800`02e5e000 PsLoadedModuleList = 0xfffff800`030a5730
Debug session time: Thu Jul 9 00: 47: 17.059 2015 (UTC + 2: 00)
System Uptime: 0 days 0: 02: 58.776
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002ec9530, fffff88002fd2368, fffff88002fd1bc0}
Probably caused by : fileinfo.sys ( fileinfo!FIStreamLog+1be )
Followup: MachineOwner
---------
Po kliknięciu linku !analyze -v pojawiło się to co poniżej.
Kod:
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Windows\Minidump\070915-38017-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
Machine Name:
Kernel base = 0xfffff800`02e5e000 PsLoadedModuleList = 0xfffff800`030a5730
Debug session time: Thu Jul 9 00: 47: 17.059 2015 (UTC + 2: 00)
System Uptime: 0 days 0: 02: 58.776
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002ec9530, fffff88002fd2368, fffff88002fd1bc0}
Probably caused by : fileinfo.sys ( fileinfo!FIStreamLog+1be )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002ec9530, The address that the exception occurred at
Arg3: fffff88002fd2368, Exception Record Address
Arg4: fffff88002fd1bc0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
nt!memcpy+250
fffff800`02ec9530 488b440af8 mov rax,qword ptr [rdx+rcx-8]
EXCEPTION_RECORD: fffff88002fd2368 -- (.exr 0xfffff88002fd2368)
ExceptionAddress: fffff80002ec9530 (nt!memcpy+0x0000000000000250)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88002fd1bc0 -- (.cxr 0xfffff88002fd1bc0)
rax=fffffa8004b76ba0 rbx=fffff88002fd2801 rcx=fffffa8004b76c08
rdx=006505edfbb194b9 rsi=0000000000000001 rdi=0000000000000060
rip=fffff80002ec9530 rsp=fffff88002fd25a8 rbp=0000000000000002
r8=0000000000000060 r9=0000000000000003 r10=0000000000401802
r11=fffffa8004b76ba8 r12=fffffa800472f440 r13=fffffa8004b76ba8
r14=fffff80002e5e000 r15=fffff88002fd2698
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010287
nt!memcpy+0x250:
fffff800`02ec9530 488b440af8 mov rax,qword ptr [rdx+rcx-8] ds: 002b: 0065006e`006900b9=???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310f100
GetUlongFromAddress: unable to read from fffff8000310f1c0
ffffffffffffffff
FOLLOWUP_IP:
fileinfo!FIStreamLog+1be
fffff880`0106b692 4c8d9c24c0000000 lea r11,[rsp+0C0h]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff80002fbdb24 to fffff80002ec9530
STACK_TEXT:
fffff880`02fd25a8 fffff800`02fbdb24 : fffff800`00020000 fffff880`02fd2801 fffff8a0`03424670 fffff880`02fd25e8 : nt!memcpy+0x250
fffff880`02fd25b0 fffff800`02fd067f : fffff880`02fd2800 00000000`00000000 fffffa80`00000002 fffff880`02fd2850 : nt!EtwpLogKernelEvent+0x2a4
fffff880`02fd2650 fffff880`0106b692 : 00000000`00000000 fffffa80`0ab72af0 fffff880`02fd2800 00000000`00000000 : nt!EtwpTraceFileName+0x15f
fffff880`02fd26e0 fffff880`0106c43b : fffff8a0`00000030 fffff8a0`03a8d4b0 00000000`00000002 fffffa80`04e14c00 : fileinfo!FIStreamLog+0x1be
fffff880`02fd27b0 fffff880`01069563 : fffffa80`0ab72af0 fffffa80`0ab72af0 fffffa80`0ab72a0c fffffa80`0ab72af0 : fileinfo!FIEnumerate+0x117
fffff880`02fd2830 fffff880`0106960b : fffff8a0`0e8329d0 fffff880`02fd29c0 00000000`00000000 fffff880`02fd29c0 : fileinfo!FIControlDispatchSystemControl+0x73
fffff880`02fd2870 fffff800`03168e68 : fffffa80`047279c0 fffffa80`0ab72a0c fffffa80`0ab72af0 fffffa80`0ab72a0c : fileinfo!FIControlDispatch+0x4b
fffff880`02fd28b0 fffff800`032a32b6 : 00000000`0000000c 00000000`0000000c 00000000`00000001 fffffa80`0ab72af0 : nt!WmipForwardWmiIrp+0x16c
fffff880`02fd2930 fffff800`032a3ddb : fffff880`02fd2a98 fffffa80`0472f601 00000000`0000000c 00000000`00000000 : nt!WmipSendWmiIrpToTraceDeviceList+0xe6
fffff880`02fd2990 fffff800`032b0c54 : fffffa80`0472f400 00000000`00000001 fffff8a0`0e8329d0 fffffa80`0472f440 : nt!WmiTraceRundownNotify+0x6b
fffff880`02fd29e0 fffff800`03323fac : 00000000`00401802 fffffa80`0472f6e8 fffffa80`0472f440 fffff800`02eed832 : nt!EtwpKernelTraceRundown+0xc4
fffff880`02fd2a10 fffff800`033240af : fffffa80`0472f440 00000000`00000002 fffff8a0`03e398d0 fffffa80`0472f400 : nt!EtwpUpdateLoggerGroupMasks+0x22c
fffff880`02fd2b10 fffff800`0312d3d9 : 00000000`00000000 fffff8a0`03e398d0 00000000`00000000 fffff800`02ee68e6 : nt!EtwpStopLoggerInstance+0x4f
fffff880`02fd2b50 fffff800`03174973 : 00000000`00000000 00000000`00000001 fffffa80`0472f440 ffffffff`88ca6c00 : nt!EtwpStopTrace+0x129
fffff880`02fd2bc0 fffff800`0334c695 : ffffffff`ffffffff 00000000`00000001 ffffffff`000000b4 fffff800`030857c8 : nt!NtTraceControl+0x263
fffff880`02fd2c30 fffff800`02edc4b5 : fffff800`0307c200 fffff800`0334c4d0 fffff800`0307c2d8 fffffa80`03ce5660 : nt!PerfDiagpProxyWorker+0x1c5
fffff880`02fd2c70 fffff800`0316c456 : 00000000`00000000 fffffa80`03ce5660 00000000`00000080 fffffa80`03cd2870 : nt!ExpWorkerThread+0x111
fffff880`02fd2d00 fffff800`02ec42c6 : fffff880`009e7180 fffffa80`03ce5660 fffff880`009f1f40 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02fd2d40 00000000`00000000 : fffff880`02fd3000 fffff880`02fcd000 fffff880`02fd21b0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: fileinfo!FIStreamLog+1be
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc481
STACK_COMMAND: .cxr 0xfffff88002fd1bc0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_fileinfo!FIStreamLog+1be
BUCKET_ID: X64_0x7E_fileinfo!FIStreamLog+1be
Followup: MachineOwner
---------
Post: #4
