pantallazo azul en win xp

Iniciado por quetzalcoatl67, 2 Octubre 2011, 19:23 PM

0 Miembros y 2 Visitantes están viendo este tema.

quetzalcoatl67

he conseguido  capturar en un archivo de texto, lo que me sale en el pantallazo azul:


Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini100211-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Oct  2 19:06:03.199 2011 (UTC + 2:00)
System Uptime: 0 days 0:19:47.875
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
..........................................................
Loading User Symbols
Loading unloaded module list
..........
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, b068a217, ac4bfa10, 0}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for bckd.sys
*** ERROR: Module load completed but symbols could not be loaded for bckd.sys
*** WARNING: Unable to verify timestamp for afd.sys
*** ERROR: Module load completed but symbols could not be loaded for afd.sys
*** WARNING: Unable to verify timestamp for avipbb.sys
*** ERROR: Module load completed but symbols could not be loaded for avipbb.sys
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : bckd.sys ( bckd+2033 )

Followup: MachineOwner
---------

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b068a217, The address that the exception occurred at
Arg3: ac4bfa10, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT: 
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: bckd

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en "0x%08lx" hace referencia a la memoria en "0x%08lx". La memoria no se puede "%s".

FAULTING_IP:
tcpip+4a217
b068a217 ??              ???

TRAP_FRAME:  ac4bfa10 -- (.trap 0xffffffffac4bfa10)
Unable to read trap frame at ac4bfa10

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

LAST_CONTROL_TRANSFER:  from 8a3e1030 to b068a217

STACK_TEXT: 
WARNING: Stack unwind information not available. Following frames may be wrong.
ac4bfa80 8a3e1030 8902afbc 8902aee0 00000000 tcpip+0x4a217
ac4bfab8 b064a4b4 8a3e1030 8902aee0 8902afbc 0x8a3e1030
ac4bfaf4 804e13eb 8a3e1030 8902aee0 00000000 tcpip+0xa4b4
ac4bfb18 b062e033 89c460d0 00000000 8902aee0 nt+0xa3eb
ac4bfb44 b0633157 00000000 ac4bfb6c b0635837 bckd+0x2033
ac4bfb50 b0635837 89c46018 8902aee0 89c460d0 bckd+0x7157
ac4bfb6c b063593e 00c460d0 89021898 00000000 bckd+0x9837
ac4bfb88 b063688e 89c460d0 89021898 891c11dc bckd+0x993e
ac4bfba4 b0637336 89c460d0 891c1148 891c11dc bckd+0xa88e
ac4bfbc4 804e13eb 89c46018 891c1148 891c1148 bckd+0xb336
ac4bfc00 b05c8844 89034610 00000000 00000000 nt+0xa3eb
ac4bfc3c b05c7fe4 8a40d198 8a601030 ac4bfc8c afd+0xc844
ac4bfc4c 804e13eb 8a41e030 890c87c0 890c87c0 afd+0xbfe4
ac4bfc8c 8056f831 8a2edb00 8a41e030 001f01ff nt+0xa3eb
ac4bfcc0 8056f984 8a2edb00 00000001 8a660ad0 nt+0x98831
ac4bfce8 8056f8aa e109bd20 8a40d198 00000940 nt+0x98984
ac4bfd30 8056f8f4 00000940 00000001 00000000 nt+0x988aa
ac4bfd44 af71e810 00000940 ac4bfd64 0484fe00 nt+0x988f4
ac4bfd58 804dd99f 00000940 0484fe60 7c90e514 avipbb+0xb810
ac4bfd64 7c90e514 badb0d00 0484fdfc 00000000 nt+0x699f
ac4bfd68 badb0d00 0484fdfc 00000000 00000000 0x7c90e514
ac4bfd6c 0484fdfc 00000000 00000000 00000000 0xbadb0d00
ac4bfd70 00000000 00000000 00000000 00000000 0x484fdfc


STACK_COMMAND:  kb

FOLLOWUP_IP:
bckd+2033
b062e033 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  bckd+2033

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  bckd.sys

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------
A ver si alguien me puede ayudar.

Randomize

Citarhe conseguido  capturar en un archivo de texto, lo que me sale en el pantallazo azul:
...

A ver si alguien me puede ayudar.


¿A qué?

Vale, tienes un pantallazo azul, lo has conseguido capturar al portapapeles y...

De otra manera...

¿Qué te duele? ¿Cuáles son los síntomas?

quetzalcoatl67

me ha vuelto a pasar varias veces más, y siempre es cuando abro varios ventanas al navegar por internet; lo curiosos es que cada vez el error me lo da un archivo distinto.

Randomize

Puede ser desde la fuente de alimentación hasta la conexión por PCI que tengas, concreta un poco más los errores que te salen.


Piensa en tu placa base...

quetzalcoatl67

he utilizado el minidump y el blue screen view, para información, y siempre los archivos que me dan errores son los siguientes (unas veces unos y otras otros):

afcl.sys
avipbb.sys
bckd.sys
ntoskrnl.exe
tcpip.sys

el que más veces sale es el bckd.sys

Randomize

Pienso en malware...

No estaría de más que chequearas el disco duro con el hiren's mismo.

quetzalcoatl67

en un principio parece que es un driver del programa Blue K9 Web Protection, que uso desde hace ya unos años; pero también he leído por algún sitio en inglés que es un malware.
Pasaré algun antimalware desde live cd, y ya comentaré.
Muchas gracias por tus rápidas respuestas.