Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   PC stürtzt dauernd beim spielen ab (https://www.trojaner-board.de/135592-pc-stuertzt-dauernd-beim-spielen-ab.html)

Niko10 26.05.2013 20:53

PC stürtzt dauernd beim spielen ab
 
Hi,
mein PC stürtzt nach 3 wochen ohne Abstürze wieder ab. Muss wohl wieder ein Softwarefehler sein. Ich lade schonmal die dump Datei: Anhang 55226

Mit freundlichen Grüßen
Niko

Undertaker 27.05.2013 07:16

moin Niko,

Code:

*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************

DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time (usually 10 minutes).
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: fffffa8003a14700, Physical Device Object of the stack
Arg3: fffff80000b9c518, nt!TRIAGE_9F_POWER on Win7, otherwise the Functional Device Object of the stack
Arg4: fffffa8003d9ad80, The blocked IRP

Debugging Details:
------------------


DRVPOWERSTATE_SUBCODE:  3

IMAGE_NAME:  ntkrnlmp

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: ntkrnlmp

FAULTING_MODULE: fffff880085ca000 VBoxNetAdp

DEVICE_OBJECT: fffffa8005620050

DRIVER_OBJECT: fffffa800561da70

IRP_ADDRESS:  fffffa8003d9ad80

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x9F

PROCESS_NAME:  System

CURRENT_IRQL:  2

TAG_NOT_DEFINED_c000000f:  FFFFF80000BA2FB0

STACK_TEXT: 
fffff800`00b9c4c8 fffff800`031308c2 : 00000000`0000009f 00000000`00000003 fffffa80`03a14700 fffff800`00b9c518 : nt!KeBugCheckEx
fffff800`00b9c4d0 fffff800`030cb84c : fffff800`00b9c600 fffff800`00b9c600 00000000`00000000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x33af0
fffff800`00b9c570 fffff800`030cb6e6 : fffffa80`09c43408 fffffa80`09c43408 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
fffff800`00b9c5e0 fffff800`030cb5ce : 00000048`6d0410dc fffff800`00b9cc58 00000000`001e6d14 fffff800`0323e508 : nt!KiProcessExpiredTimerList+0xc6
fffff800`00b9cc30 fffff800`030cb3b7 : 00000018`0c4473c2 00000018`001e6d14 00000018`0c4473c7 00000000`00000013 : nt!KiTimerExpiration+0x1be
fffff800`00b9ccd0 fffff800`030b890a : fffff800`0323be80 fffff800`03249cc0 00000000`00000000 fffffa80`0551f200 : nt!KiRetireDpcList+0x277
fffff800`00b9cd80 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cd40 00000000`00000000 : nt!KiIdleLoop+0x5a


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0x9F_3_POWER_DOWN_IMAGE_ntkrnlmp

BUCKET_ID:  X64_0x9F_3_POWER_DOWN_IMAGE_ntkrnlmp

Followup: MachineOwner
---------

0: kd> lmvm ntkrnlmp
start            end                module name
0: kd> !drvobj fffffa800561da70 f
fffff80003270fb0: Unable to get value of ObpRootDirectoryObject
fffff80003270fb0: Unable to get value of ObpRootDirectoryObject
Driver object (fffffa800561da70) is for:
 \Driver\VBoxNetAdp
Driver Extension List: (id , addr)

Device Object list:
fffffa8005b8ba30: Could not read device object


DriverEntry:  fffff880085cf0e0    VBoxNetAdp
DriverStartIo: 00000000   
DriverUnload:  fffff88001f1e4a0    ndis!ndisMUnload
AddDevice:    00000000   

Dispatch routines:
[00] IRP_MJ_CREATE                      fffff88001e74920    ndis!ndisCreateIrpHandler
[01] IRP_MJ_CREATE_NAMED_PIPE          fffff88001f0a490    ndis!ndisDummyIrpHandler
[02] IRP_MJ_CLOSE                      fffff88001e74160    ndis!ndisCloseIrpHandler
[03] IRP_MJ_READ                        fffff88001f0a490    ndis!ndisDummyIrpHandler
[04] IRP_MJ_WRITE                      fffff88001f0a490    ndis!ndisDummyIrpHandler
[05] IRP_MJ_QUERY_INFORMATION          fffff88001f0a490    ndis!ndisDummyIrpHandler
[06] IRP_MJ_SET_INFORMATION            fffff88001f0a490    ndis!ndisDummyIrpHandler
[07] IRP_MJ_QUERY_EA                    fffff88001f0a490    ndis!ndisDummyIrpHandler
[08] IRP_MJ_SET_EA                      fffff88001f0a490    ndis!ndisDummyIrpHandler
[09] IRP_MJ_FLUSH_BUFFERS              fffff88001f0a490    ndis!ndisDummyIrpHandler
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION    fffff88001f0a490    ndis!ndisDummyIrpHandler
[0b] IRP_MJ_SET_VOLUME_INFORMATION      fffff88001f0a490    ndis!ndisDummyIrpHandler
[0c] IRP_MJ_DIRECTORY_CONTROL          fffff88001f0a490    ndis!ndisDummyIrpHandler
[0d] IRP_MJ_FILE_SYSTEM_CONTROL        fffff88001f0a490    ndis!ndisDummyIrpHandler
[0e] IRP_MJ_DEVICE_CONTROL              fffff88001f0a020    ndis!ndisDeviceControlIrpHandler
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL    fffff88001f0a490    ndis!ndisDummyIrpHandler
[10] IRP_MJ_SHUTDOWN                    fffff88001f0a490    ndis!ndisDummyIrpHandler
[11] IRP_MJ_LOCK_CONTROL                fffff88001f0a490    ndis!ndisDummyIrpHandler
[12] IRP_MJ_CLEANUP                    fffff88001f0a490    ndis!ndisDummyIrpHandler
[13] IRP_MJ_CREATE_MAILSLOT            fffff88001f0a490    ndis!ndisDummyIrpHandler
[14] IRP_MJ_QUERY_SECURITY              fffff88001f0a490    ndis!ndisDummyIrpHandler
[15] IRP_MJ_SET_SECURITY                fffff88001f0a490    ndis!ndisDummyIrpHandler
[16] IRP_MJ_POWER                      fffff88001ebec60    ndis!ndisPowerDispatch
[17] IRP_MJ_SYSTEM_CONTROL              fffff88001edeee0    ndis!ndisWMIDispatch
[18] IRP_MJ_DEVICE_CHANGE              fffff88001f0a490    ndis!ndisDummyIrpHandler
[19] IRP_MJ_QUERY_QUOTA                fffff88001f0a490    ndis!ndisDummyIrpHandler
[1a] IRP_MJ_SET_QUOTA                  fffff88001f0a490    ndis!ndisDummyIrpHandler
[1b] IRP_MJ_PNP                        fffff88001f28560    ndis!ndisPnPDispatch

0: kd> lmvm VBoxNetAdp
start            end                module name
fffff880`085ca000 fffff880`085f1000  VBoxNetAdp T (no symbols)         
    Loaded symbol image file: VBoxNetAdp.sys
    Image path: \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
    Image name: VBoxNetAdp.sys
    Timestamp:        Wed Dec 19 14:47:17 2012 (50D1C565)
    CheckSum:        00021B0C
    ImageSize:        00027000
    Translations:    0000.04b0 0000.04e4 0409.04b0 0409.04e4

VBoxNetAdp.sys

Das mit der VirtualBox hatten wir doch schon.

Hier noch eine Info:

Zitat:

Warning: Some malware might rename itself to vboxnetadp.sys. Always make sure that your file is from a verified publisher.
Vielleicht solltest Du Dein System doch mal auf Malware prüfen lassen oder eine Neuinstallation in betracht ziehen.

Niko10 27.05.2013 13:22

Wie kriege ich das denn komplett vom PC runter?

Undertaker 27.05.2013 14:40

Zitat:

Zitat von Undertaker (Beitrag 1070936)
... eine Neuinstallation in betracht ziehen.

...dann iss'es runter.

Oder Du schaust mal bei Oracle, wie das sicher und vollständig entfernt wird.

Niko10 27.05.2013 21:29

Danke für die Antworten. Wie machst du das mit dem dump auslesen?

mort 27.05.2013 22:01

Windows Debugger

Niko10 30.05.2013 17:21

Der PC stürtzt jetzt wieder ab. Ich habe mal mit windows debugger das gecheckt.
das kommt dann:

Code:

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\User\Desktop\050313-20358-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`00225802?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`0966c6d2?
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff800`00b9c500?
Symbol search path is: "SRV*C:\Symbols*hxxp://msdl.microsoft.com/download/symbols"
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0304b000 PsLoadedModuleList = 0xfffff800`0328e670
Debug session time: Fri May  3 23:42:50.086 2013 (GMT+2)
System Uptime: 0 days 8:38:26.662
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9F, {3, fffffa8003a14700, fffff80000b9c518, fffffa8003d9ad80}

Unable to load image \SystemRoot\system32\drivers\ndis.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ndis.sys
*** ERROR: Module load completed but symbols could not be loaded for ndis.sys
Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Unable to load image \SystemRoot\system32\drivers\NETIO.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETIO.SYS
*** ERROR: Module load completed but symbols could not be loaded for NETIO.SYS
Unable to load image \SystemRoot\system32\DRIVERS\usbehci.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for usbehci.sys
*** ERROR: Module load completed but symbols could not be loaded for usbehci.sys
Unable to load image \SystemRoot\system32\DRIVERS\rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
*** ERROR: Module load completed but symbols could not be loaded for rdbss.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                  ***
***                                                                  ***
***    Your debugger is not using the correct symbols                ***
***                                                                  ***
***    In order for this command to work properly, your symbol path  ***
***    must point to .pdb files that have full type information.      ***
***                                                                  ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                  ***
***    Type referenced: nt!_IRP                                      ***
***                                                                  ***
*************************************************************************
*************************************************************************
***                                                                  ***
***                                                                  ***
***    Your debugger is not using the correct symbols                ***
***                                                                  ***
***    In order for this command to work properly, your symbol path  ***
***    must point to .pdb files that have full type information.      ***
***                                                                  ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                  ***
***    Type referenced: nt!_IRP                                      ***
***                                                                  ***
*************************************************************************
*************************************************************************
***                                                                  ***
***                                                                  ***
***    Your debugger is not using the correct symbols                ***
***                                                                  ***
***    In order for this command to work properly, your symbol path  ***
***    must point to .pdb files that have full type information.      ***
***                                                                  ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                  ***
***    Type referenced: nt!_KPRCB                                    ***
***                                                                  ***
*************************************************************************
*************************************************************************
***                                                                  ***
***                                                                  ***
***    Your debugger is not using the correct symbols                ***
***                                                                  ***
***    In order for this command to work properly, your symbol path  ***
***    must point to .pdb files that have full type information.      ***
***                                                                  ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                  ***
***    Type referenced: nt!_IRP                                      ***
***                                                                  ***
*************************************************************************
*************************************************************************
***                                                                  ***
***                                                                  ***
***    Your debugger is not using the correct symbols                ***
***                                                                  ***
***    In order for this command to work properly, your symbol path  ***
***    must point to .pdb files that have full type information.      ***
***                                                                  ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                  ***
***    Type referenced: nt!_KPRCB                                    ***
***                                                                  ***
*************************************************************************
*************************************************************************
***                                                                  ***
***                                                                  ***
***    Your debugger is not using the correct symbols                ***
***                                                                  ***
***    In order for this command to work properly, your symbol path  ***
***    must point to .pdb files that have full type information.      ***
***                                                                  ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                  ***
***    Type referenced: nt!_KPRCB                                    ***
***                                                                  ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+75c00 )

Followup: MachineOwner
---------


Undertaker 30.05.2013 18:58

Zitat:

Zitat von Niko10 (Beitrag 1074177)
Der PC stürtzt jetzt wieder ab. Ich habe mal mit windows debugger das gecheckt.

Und, welche Erkenntnis ziehst Du aus dem Log?
Du hast nichtmal die Konfiguration des Debuggers im Griff.

Was meint Oracle, oder hast Du garnicht nachgefragt?
Warum sträubst Du Dich gegen eine Neuinstallation ?
Wie lange willst Du noch rumdoktern?

Niko10 30.05.2013 20:05

http://www.trojaner-board.de/attachm...1&d=1369940511
Hier nochmal die dumpfile.

Was meint Oracle, oder hast Du garnicht nachgefragt?
Doch alles vom PC gelöscht.

Warum sträubst Du Dich gegen eine Neuinstallation ?
Weil alle meine Daten verloren gehen würden, z.B. Spiele etc.

Wie lange willst Du noch rumdoktern?
Ich denke bis das Problem gefunden und gelöst ist.

Undertaker 30.05.2013 21:46

Zitat:

Zitat von Niko10 (Beitrag 1074417)
Doch alles vom PC gelöscht.

Wahrscheinlich ärgert sich der PC blau, dass das Proggi weg ist.
Im Dump ruft es jedenfalls nach ihm.
Zitat:

Zitat von Niko10 (Beitrag 1074417)
Weil alle meine Daten verloren gehen würden, z.B. Spiele etc.

Daten kann und sollte man sichern.
Spiele sind keine Daten, sondern Anwendungen die wieder installiert werden können.
Zitat:

Zitat von Niko10 (Beitrag 1074417)
Ich denke bis das Problem gefunden und gelöst ist.

OK, aber ohne mich.
Ich klinke mich hier aus.

Niko10 09.06.2013 17:28

Problem ist jetzt gelöst. Ich habe Kaspersky deinstalliert und nochmal neu installiert und siehe da - Keine Abstürze mehr. Trotzdem danke an alle die mir geholfen oder versucht haben zu helfen!

MfG
Niko


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131