Top-Themen

AppleEntwicklungHardwareInternetLinuxMicrosoftMultimediaNetzwerkeOff TopicSicherheitSonstige SystemeVirtualisierungWeiterbildungZusammenarbeit

Aktuelle Themen

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit

Windows Crashlog Verständnissfrage

Frage Hardware

Mitglied: 4409

4409 (Level 1)

02.06.2009, aktualisiert 19:38 Uhr, 3601 Aufrufe, 4 Kommentare

Wie interpretiere ich folgendes Crashlog aus Windows XP64bit

Hallo zusammen

habe hier diverse baugleiche Win Xp 64bit Systeme, auf welchen auch die gleiche Software läuft. Einer dieser Rechner neigt dazu, hin und wieder recht unvorhersehbar abzustürzen. Die RAM Riegel sind es nicht, da ich diese schon mal gegen die in einem anderen System getauscht habe. Vllt kann mir ja einer einen kurzen Tipp geben, was mir die Infos aus folgendem Crashlog sagen. Wäre für jeden Tipp sehr dankbar.

Thomas


Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available


WARNING: Dump file has been truncated. Data may be missing.

Symbol search path is: * Invalid *

  • Symbol loading may be unreliable without a symbol search path. *
  • Use .symfix to have the debugger choose a symbol path. *
  • After setting your symbol path, use .reload to refresh symbol locations. *

Executable search path is:
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*
* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011ad0c0
Debug session time: Sun Dec 28 18:36:29.078 2008 (GMT+2)
System Uptime: 0 days 0:04:46.942
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*
* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
.......................................................
Loading User Symbols

Loading unloaded module list
.......
*
  • *
  • Bugcheck Analysis *
  • *
*

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffff84200107ca0, d, 0, fffff800010517d9}

* ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
* Kernel symbols are WRONG. Please fix symbols to do analysis.

*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*
Probably caused by : ntkrnlmp.exe ( nt!KeSynchronizeExecution+aa9 )

Followup: MachineOwner
0: kd> !analyze -v
*
  • *
  • Bugcheck Analysis *
  • *
*

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff84200107ca0, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800010517d9, address which referenced memory

Debugging Details:
* Kernel symbols are WRONG. Please fix symbols to do analysis.

*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*

MODULE_NAME: nt

FAULTING_MODULE: fffff80001000000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42436123

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffff84200107ca0

CURRENT_IRQL: 0

FAULTING_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from fffff8000104fef4 to fffff800010501d0

STACK_TEXT:
fffff800`001078b8 fffff800`0104fef4 : 00000000`0000000a fffff842`00107ca0 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
fffff800`001078c0 fffff800`0104ef07 : fffffadf`cdbcd380 fffffadf`c3628c98 00000000`00000000 00000000`00000000 : nt!ZwUnloadKey+0x22a4
fffff800`00107a40 fffff800`010517d9 : 00000000`00000000 01c9690a`6f119042 fffff800`0118b480 fffffadf`ce873280 : nt!ZwUnloadKey+0x12b7
fffff800`00107bd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0xaa9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!KeSynchronizeExecution+aa9

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
0: kd> !analyze -v
*
  • *
  • Bugcheck Analysis *
  • *
*

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff84200107ca0, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800010517d9, address which referenced memory

Debugging Details:
* Kernel symbols are WRONG. Please fix symbols to do analysis.

*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
*
*
  • Symbols can not be loaded because symbol path is not initialized. *
  • *
  • The Symbol Path can be set by: *
  • using the _NT_SYMBOL_PATH environment variable. *
  • using the -y <symbol_path> argument when starting the debugger. *
  • using .sympath and .sympath+ *
***

MODULE_NAME: nt

FAULTING_MODULE: fffff80001000000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42436123

READ_ADDRESS: fffff84200107ca0

CURRENT_IRQL: 0

FAULTING_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from fffff8000104fef4 to fffff800010501d0

STACK_TEXT:
fffff800`001078b8 fffff800`0104fef4 : 00000000`0000000a fffff842`00107ca0 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
fffff800`001078c0 fffff800`0104ef07 : fffffadf`cdbcd380 fffffadf`c3628c98 00000000`00000000 00000000`00000000 : nt!ZwUnloadKey+0x22a4
fffff800`00107a40 fffff800`010517d9 : 00000000`00000000 01c9690a`6f119042 fffff800`0118b480 fffffadf`ce873280 : nt!ZwUnloadKey+0x12b7
fffff800`00107bd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0xaa9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!KeSynchronizeExecution+aa9

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
Mitglied: 78632
02.06.2009 um 23:43 Uhr
Du interprietierst das, indem du aufmerksam liest.

Glaubst du wirklich, dass sich hier jemand deine > 400 Zeilen antut?

http://support.microsoft.com/kb/148660/en-us
Bitte warten ..
Mitglied: 4409
03.06.2009 um 00:50 Uhr
Mein Problem ist blöderweise, dass ich nicht mal wirklich weiss, nach was ich suche. Das kann doch nicht alles eine Auflistung von Fehlern sein. Demnach wäre da ja so ziemlich nichts in Ordnung.
Bitte warten ..
Mitglied: mrtux
03.06.2009 um 23:14 Uhr
Hi !

Zitat von 4409:
Mein Problem ist blöderweise, dass ich nicht mal wirklich weiss,
nach was ich suche. Das kann doch nicht alles eine Auflistung von
Fehlern sein. Demnach wäre da ja so ziemlich nichts in Ordnung.

Ich würde in den Dump mal nicht soviel reininterpretieren, der sagt meist nicht viel aus.

Kannst Du lesen was am Bluescreen steht und ob dort eine Datei (z.B. xyz.sys) angegeben ist? Ansonsten mal den Neustart bei Bluescreen deaktivieren.

Hilft das auch nicht, dann würde ich erstmal einen Offlinescan ( z.B. mit Knoppicillin) nach Malware durchführen.

Hilft das wiederum nicht bzw. ist die Kiste sauber, würde ich erstmal nicht mehr bei der Software, sondern weiter bei der Hardware suchen. Defekte Netzteile neigen gerne dazu Abstürze zu verursachen. Aber gehe Schritt für Schritt vor, niemals mehrere Veränderungen auf einmal durchführen, sonst kommst Du durcheinander und findest den Fehler nie.

mrtux
Bitte warten ..
Mitglied: 4409
05.06.2009 um 16:58 Uhr
Vielen Dank. Ich vermute inzwischen auch einen Hardware Fehler. Grafikkarte, RAM und Festplatte habe ich schon mal gegen eines der exakt gleichen Systeme getauscht. Daher kann ich auch einen Virus ausschliessen. Als nächtest kommt dann wohl jetzt das Netzteil dran.
Bitte warten ..
Neuester Wissensbeitrag
Humor (lol)

Linkliste für Adventskalender

(3)

Information von nikoatit zum Thema Humor (lol) ...

Ähnliche Inhalte
Heiß diskutierte Inhalte
Windows Server
DHCP Server switchen (25)

Frage von M.Marz zum Thema Windows Server ...

SAN, NAS, DAS
gelöst HP-Proliant Microserver Betriebssystem (14)

Frage von Yannosch zum Thema SAN, NAS, DAS ...

Grafikkarten & Monitore
Win 10 Grafikkarte Crash von Software? (13)

Frage von Marabunta zum Thema Grafikkarten & Monitore ...

Windows 7
Verteillösung für IT-Raum benötigt (12)

Frage von TheM-Man zum Thema Windows 7 ...