oggi ho subito l'ennesimo crash di sistema e a quanto pare, dall analisi del minidump pare sia causato da avp.exe; questo è il systeminfo:http://gsi.kaspersky.fr/lire.php?hl=it&file=222d50d6496574e2dd0c1d123f4f7b4d&Microsoft=0

E questo è il risultato del minidump:


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Sat Jul 19 21:52:06.218 2008 (GMT+2)
System Uptime: 0 days 2:30:42.794
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
................................................................................
................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {6c, 2, 0, 804e39a7}

*** WARNING: Unable to verify timestamp for Ntfs.sys
Probably caused by : ntoskrnl.exe ( nt!CcWriteBehind+114 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000006c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e39a7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 0000006c

CURRENT_IRQL: 2

FAULTING_IP:
nt!KeUpdateRunTime+fa
804e39a7 8b7904 mov edi,dword ptr [ecx+4]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: avp.exe

LAST_CONTROL_TRANSFER: from 82fc2118 to 804e39a7

STACK_TEXT:
b7df36a4 82fc2118 82fc2100 b7df36e8 80519ad9 nt!KeUpdateRunTime+0xfa
WARNING: Frame IP not in any known module. Following frames may be wrong.
b7df36b0 80519ad9 00000068 00000000 00000000 0x82fc2118
b7df36e8 8056d74c 00000000 00000001 b7df3708 nt!CcWriteBehind+0x114
b7df36f8 f8334671 82fc2119 e10f8d90 b7df3728 nt!NtQueryInformationToken+0xc39
b7df3708 f83721d9 ff807500 e10f8cc8 e10f8d90 Ntfs!NtfsReleaseAllResources+0x38
b7df3728 f83759d0 ff807500 e10f8d90 00000000 Ntfs!NtfsExtendDataStream+0x14b
b7df37ac f8375d28 ff807500 82e79100 00000001 Ntfs!NtfsCreateCompletionRoutine+0x3e
b7df384c f836303b ff807500 821d8648 b7df0080 Ntfs!NtfsRetrieveOtherFileName+0x1af
b7df3928 804e37f7 82e79020 821d8648 81ed2ac8 Ntfs!NtfsAllocateBitmapRun+0x3f
b7df3928 00000004 82e79020 821d8648 81ed2ac8 nt!KeUpdateSystemTime+0xba
804e37f3 9090c35e 8b909090 ec8b55ff 530cec83 0x4
804e37f7 8b909090 ec8b55ff 530cec83 08758b56 0x9090c35e
804e37fb ec8b55ff 530cec83 08758b56 0c4e8d57 0x8b909090
804e37ff 530cec83 08758b56 0c4e8d57 e8f4558d 0xec8b55ff
804e3803 08758b56 0c4e8d57 e8f4558d ffff6e2d 0x530cec83
804e3807 0c4e8d57 e8f4558d ffff6e2d 8b107d8b 0x8758b56
804e380b e8f4558d ffff6e2d 8b107d8b 01b30c45 0xc4e8d57
804e380f ffff6e2d 8b107d8b 01b30c45 38087889 0xe8f4558d
804e3813 8b107d8b 01b30c45 38087889 840f105e 0xffff6e2d
804e3817 01b30c45 38087889 840f105e 00006f68 0x8b107d8b
804e381b 38087889 840f105e 00006f68 32105e88 0x1b30c45
804e381f 840f105e 00006f68 32105e88 f44d8ddb 0x38087889
804e3823 00000000 32105e88 f44d8ddb e80c5888 0x840f105e


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!CcWriteBehind+114
80519ad9 ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!CcWriteBehind+114

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab

FAILURE_BUCKET_ID: 0xA_nt!CcWriteBehind+114

BUCKET_ID: 0xA_nt!CcWriteBehind+114

Followup: MachineOwner