Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola a todos,he instalado la versión de evaluación del AVG Internet Security 9.0
Y cuando le doy a la opción Anti-Rootkits y pincho en Analizar Rootkits,me sale el Pantallazo Azul y me reinicia el Pc.
Os dejo el informe del: Windows Debugger Version 6.9.0003.113 X86
porque creo que os será de ayuda para buscar una explicación y a ser posible una solución.
Muchas gracias y un saludo.


Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini110409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
************************************************** **************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
************************************************** **************************
Executable search path is:
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Nov 4 17:57:19.062 2009 (GMT+1)
System Uptime: 0 days 3:48:05.797
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
.................................................. .................................................. .............................
Loading User Symbols
Loading unloaded module list
.............
*** WARNING: Unable to verify timestamp for SCSIPORT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SCSIPORT.SYS
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, b7e9c457, b25e7764, 0}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for avgrkx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgrkx86.sys
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
Probably caused by : avgrkx86.sys ( avgrkx86+d4a )

Followup: MachineOwner
---------

0: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b7e9c457, The address that the exception occurred at
Arg3: b25e7764, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************
************************************************** *******************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
************************************************** *******************

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en "0x%08lx" hace referencia a la memoria en "0x%08lx". La memoria no se puede "%s".

FAULTING_IP:
SCSIPORT+457
b7e9c457 ?? ???

TRAP_FRAME: b25e7764 -- (.trap 0xffffffffb25e7764)
Unable to read trap frame at b25e7764

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from b25e78c8 to b7e9c457

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b25e77d4 b25e78c8 804ef19f 8a4b2f18 894b4b38 SCSIPORT+0x457
b25e77d8 804ef19f 8a4b2f18 894b4b38 894b4b38 0xb25e78c8
b25e78c8 805bf452 8a4b2f18 00000000 89688680 nt+0x1819f
b25e7940 805bb9de 00000000 b25e7980 00000240 nt+0xe8452
b25e7994 80576033 00000000 00000000 00000000 nt+0xe49de
b25e7a10 805769aa b25e7b8c 00000000 b25e7b64 nt+0x9f033
b25e7a6c 8057a1a9 b25e7b8c 00000000 b25e7b64 nt+0x9f9aa
b25e7aac 8054162c b25e7b8c 00000000 b25e7b64 nt+0xa31a9
b25e7acc 8050065d badb0d00 b25e7b44 8938a7f8 nt+0x6a62c
b25e7b84 b7ca3d4a b25e7bec 00000000 b25e7ba0 nt+0x2965d
b25e7ba4 b7ca3ef8 b25e7bec 00000000 8942bd70 avgrkx86+0xd4a
b25e7c10 b7ca4059 b25e7c20 8942bd70 00040002 avgrkx86+0xef8
b25e7c28 b7ca378b 8942bd70 8942bde0 89580d68 avgrkx86+0x1059
b25e7c40 804ef19f 8a141930 8942bd70 806e7410 avgrkx86+0x78b
b25e7c64 805807f7 8a141930 8942bd70 89580d68 nt+0x1819f
b25e7d00 80579274 000004f4 00000000 00000000 nt+0xa97f7
b25e7d34 8054162c 000004f4 00000000 00000000 nt+0xa2274
b25e7d64 7c91e514 badb0d00 0012f9c4 b2ffcd98 nt+0x6a62c
b25e7d68 badb0d00 0012f9c4 b2ffcd98 b2ffcdcc 0x7c91e514
b25e7d6c 0012f9c4 b2ffcd98 b2ffcdcc 00000000 0xbadb0d00
b25e7d70 b2ffcd98 b2ffcdcc 00000000 00000000 0x12f9c4
b25e7d74 b2ffcdcc 00000000 00000000 00000000 0xb2ffcd98
b25e7d78 00000000 00000000 00000000 00000000 0xb2ffcdcc


STACK_COMMAND: kb

FOLLOWUP_IP:
avgrkx86+d4a
b7ca3d4a ?? ???

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: avgrkx86+d4a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: avgrkx86

IMAGE_NAME: avgrkx86.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

Hola jose1001

Cito lo siguiente::


Fuente:: AVG Free - Descargar AVG Internet Security para Windows XP y Vista


¿Has comprado ese producto?

Vamos a ver Binnish,arriba lo primero que digo es que he descargado la versión de prueba de 30 días y si me gusta me lo compro.Pero lógicamente quiero saber si es problema de mi Pc y solucionarlo,o del Antivirus y no comprarlo.

Si . Lo he leído. Al igual que he revisado tu otro tema antes des contestar . La última respuesta es esta:::



Dejando tu otro post de lado, (aunque ya volveré a él)....

De primeras y según título; la mayoría de las páginas que salían en mi búsqueda no eran fiables; hasta que en la rebusqueda he dado con el producto.


Necesitaba asegurar la procedencia del supuesto antivirus, ya que es un problema muy común bajar un antivirus falso, pensando que es genuino. Sin ofensas y comprende mi postura.


El informe que has puesto de memory.dmp me parece que no está feliz.


Al parecer tienes un conflicto de Hardware cómo ya te han mencionado, y no un problema de RootKit cómo buscas.


Si fuera un rootkit causando maldades ya habría salido con los pasos que te mencionó mi compañero.


Remítete a esto::



Eso es probablemente el problema que tiene tu ordenador. Pero hace falta que lo expongas en el foro de Hardware.

Un saludo y me comentas

Bueno Binnish,te agradezco tu respuesta y ahora ya tengo algo claro,he puesto la consulta en el foro de Hardware.Y disculpa si me he puesto un poco respondón,pero es que este tema me lleva de cabeza porque me tiene preocupado,muchas gracias y un saludo.

Sin problema alguno


Ya he visto tu otro tema en el foro de Hardware .


Vas a tardar en obtener respuesta; ya que es complicado el tema, pero algo te comentarán .


Muchas gracias por considerar lo dicho y la paciencia.



Así que daremos este tema por TERMINADO,.



Si por alguna razón necesitas reabrir este mensaje, le das clik a esta imagen , en en margen superior derecho del post, comentando los motivos por los que necesitas reabrir el tema.