vista - bluescreen - minidump auslesen

hi

ein bekannter hat mich gebeten seinen PC zu "reparieren". nachdem er hochgefahren ist kommt nach 1-10 minuten ein bluescreen mit der fehlermeldung.

"BAD POOL HEADER" 0x00000019

alles was google dazu sagt ist, dass es so ziemlich jede komponente den fehler verursachen kann.
(laut einigen berichten liegt es an einem hardwarefehler).

aber das Problem besteht erst seit Kaspersky auf dem Rechner installiert wurde. (einen ähnlichen fall gibts bereits im kaspersky forum, wo mittels der dump file der fehler ausgelesen wurde).

ich hab die minidump datei ausgelesen, aber werde daraus nicht schlau.

kann mir jemand erklären was den absturz verursacht?
ich verstehs einfach nicht.

zum System kann ich jetzt leider nicht viel sagen.
hab vergessen nachzusehen.
auf jedenfall ist Vista home drauf ohne SP1.
falls es dringend erforderlich ist, kann ich ja nochmal nachfragen.
aber vorerst gehts mir rein um die dump datei.



danke

----------------------------------



Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini060808-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x82000000 PsLoadedModuleList = 0x82111e10
Debug session time: Sun Jun 8 15:54:40.735 2008 (GMT+2)
System Uptime: 0 days 0:05:13.588
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
........................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 1b, 0, 820a91ab}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : win32k.sys ( win32k+d8e97 )

Followup: MachineOwner
---------

Vielleicht hilft dir das hier weiter..
http://msdn.microsoft.com/en-gb/library/ms793223.aspx

Du müsstest mal genau posten was für Komponeten verbaut sind. Wichtig sind CPU, Mainboard RAM (hier den genauen Typ) sowie das Netzteil und das OS.

Ich vermute es liegt am RAM. Musst du mal mit memtest86 testen http://www.pcwelt.de/downloads/too [...] est86_iso/ (auf CD brennen und von dieser booten)