Problem (wirus?) podczs skanowania


(Flyby) #1

Witam.

Podczas skanowania partycji starego dysku twardego komputer się resetuje. Wywala komunikat o krytycznym błędzie, który po wgraniu do dumpa wygląda następująco:

"Microsoft ® Windows Debugger Version 6.11.0001.402 X86

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Built by: 2600.xpsp_sp3_gdr.080814-1236

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Sun Apr 5 13:24:07.984 2009 (GMT+2)

System Uptime: 0 days 1:32:45.562

Loading Kernel Symbols

...............................................................

................................................................

Loading User Symbols

Loading unloaded module list

...............

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9C, {4, 80546e70, b2000000, 70f0f}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

MACHINE_CHECK_EXCEPTION (9c)

A fatal Machine Check Exception has occurred.

KeBugCheckEx parameters;

x86 Processors

If the processor has ONLY MCE feature available (For example Intel

Pentium), the parameters are:

1 - Low 32 bits of P5_MC_TYPE MSR

2 - Address of MCA_EXCEPTION structure

3 - High 32 bits of P5_MC_ADDR MSR

4 - Low 32 bits of P5_MC_ADDR MSR

If the processor also has MCA feature available (For example Intel

Pentium Pro), the parameters are:

1 - Bank number

2 - Address of MCA_EXCEPTION structure

3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error

4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error

IA64 Processors

1 - Bugcheck Type

1 - MCA_ASSERT

2 - MCA_GET_STATEINFO

SAL returned an error for SAL_GET_STATEINFO while processing MCA.

3 - MCA_CLEAR_STATEINFO

SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.

4 - MCA_FATAL

FW reported a fatal MCA.

5 - MCA_NONFATAL

SAL reported a recoverable MCA and we don't support currently

support recovery or SAL generated an MCA and then couldn't

produce an error record.

0xB - INIT_ASSERT

0xC - INIT_GET_STATEINFO

SAL returned an error for SAL_GET_STATEINFO while processing INIT event.

0xD - INIT_CLEAR_STATEINFO

SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT event.

0xE - INIT_FATAL

Not used.

2 - Address of log

3 - Size of log

4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO

AMD64 Processors

1 - Bank number

2 - Address of MCA_EXCEPTION structure

3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error

4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error

Arguments:

Arg1: 00000004

Arg2: 80546e70

Arg3: b2000000

Arg4: 00070f0f

Debugging Details:


NOTE: This is a hardware error. This error was reported by the CPU

via Interrupt 18. This analysis will provide more information about

the specific error. Please contact the manufacturer for additional

information about this error and troubleshooting assistance.

This error is documented in the following publication:

  • Bios and Kernel Developers Guid for AMD Athlon® 64 and AMD Opteron® Processors

Bit Mask:

MA Model Specific MCA

O ID Other Information Error Code Error Code

VV SDP ___________|____________ _______|_______ _______|______

AEUECRC| | | |

LRCNVVC| | | |

^^^^^^^| | | |

6 5 4 3 2 1

3210987654321098765432109876543210987654321098765432109876543210


1011001000000000000000000000000000000000000001110000111100001111

VAL - MCi_STATUS register is valid

Indicates that the information contained within the IA32_MCi_STATUS

register is valid. When this flag is set, the processor follows the

rules given for the OVER flag in the IA32_MCi_STATUS register when

overwriting previously valid entries. The processor sets the VAL

flag and software is responsible for clearing it.

UC - Error Uncorrected

Indicates that the processor did not or was not able to correct the

error condition. When clear, this flag indicates that the processor

was able to correct the error condition.

EN - Error Enabled

Indicates that the error was enabled by the associated EEj bit of the

IA32_MCi_CTL register.

PCC - Processor Context Corrupt

Indicates that the state of the processor might have been corrupted

by the error condition detected and that reliable restarting of the

processor may not be possible.

BUSCONNERR - Bus and Interconnect Error BUS{LL}_{PP}_{RRRR}_{II}_{T}_err

These errors match the format 0000 1PPT RRRR IILL

Concatenated Error Code:


_VAL_UC_EN_PCC_BUSCONNERR_30F

This error code can be reported back to the manufacturer.

They may be able to provide additional information based upon

this error. All questions regarding STOP 0x9C should be

directed to the hardware manufacturer.

BUGCHECK_STR: 0x9C_AuthenticAMD

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: GDFwSvc.exe

LAST_CONTROL_TRANSFER: from 806d58db to 804f8cc5

STACK_TEXT:

80546e48 806d58db 0000009c 00000004 80546e70 nt!KeBugCheckEx+0x1b

80546f74 806d0c2e 80042000 00000000 00000000 hal!HalpMcaExceptionHandler+0xdd

80546f74 00000000 80042000 00000000 00000000 hal!HalpMcaExceptionHandlerWrapper+0x46

STACK_COMMAND: kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

BUCKET_ID: 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner"

Dodam, że wystarczy, że chcę wejść w którykolwiek folder na partycji o której mowa, klikając na niego, i następuje restart.

Ja nic z tego nie czaję.

Proszę o pomoc.


(FXJ) #2

Spróbuj wykonać CHKDSK. Możliwe że uszkodziła się partycja, w większości to polecenie ją naprawi.


(Flyby) #3

Zapuszczenie CHKDSK powoduje restart. Przychodzi mi do głowy, że mam chyba dysk do wymiany. Dobrze główkuję?


(Kubachr) #4

spr uruchomi tryb awaryjny z wierszem poleceń i wpisz chkdsk c: /f potem naciśnij literke "T" potem uruchom ponownie komp i daj mu przeskanowac kompa. Przeskanuj komputer programem Combofix ( w dziele bezpieczeństwo dowiesz się jak to zrobić) logi wyślij na http://www.wklei.eu albo http://www.wklei.org , a tu daj tylko link do logów, a najlepiej bedzie jeśli w dziale bezpieczeństwo poprosisz o sprawdzenie logów. :smiley: