View Full Version : Errore Svchost
Da alcuni giorni su un Pc con XP Pro SP2 dopo alcuni minuti di navigazione mi appare un messaggio di errore riguardo il svchost.exe...errore 0x001f1cb0 la memoria... e dopo di che il sistema si blocca e devo riavviare. Ho letto da qualche parte che un problema simile era legato al Windows Update del pacchetto Office. Io ho gli aggiornamenti automatici disabilitati e ho disabilitato anche il servizio dal pannello di controllo. Come lo risolvo ?
ciao
quali sono i tuoi software di sisurezza? sono aggiornati, configurati e li usi periodicamente?
con che programma navighi?
Uso KAV 2009 e regolarmente CCleaner, AD Aware, Spybot e A-Squared.
non ci hai detto con cosa navighi ;)
Fai un check-up veloce (15 minuti circa) così recuperiamo informazioni e vediamo se possiamo escudere infezioni visibili.
fai pulizia di files inutili con ATFCleaner (http://www.hwupgrade.it/forum/showpost.php?p=24033021&postcount=2)
poi ci mostri i log relativi a:
scansione rapida con Malwarebytes' Anti-Malware (http://www.hwupgrade.it/forum/showpost.php?p=24033097&postcount=9) -> nel caso trovasse qualcosa, rifalla completa e carica entrambi i log
scansione Gmer (http://www.hwupgrade.it/forum/showpost.php?p=24033143&postcount=11)
log classico con HiJackThis (http://www.hwupgrade.it/forum/showpost.php?p=24033212&postcount=13)
scansione con Prevx (http://www.hwupgrade.it/forum/showpost.php?p=24033225&postcount=14) (richiesta connessione ad internet)
Per mostrarci i log vai qui (http://hwupgrade.pastebin.com) o qui (http://www.openpaste.org/en/),incolli il log testuale e clicchi su Send o Submit, copi l'indirizzo della pagina e lo incolli nel prossimo post.
Navigo con Firefox 3.0.4
Log di Malwarebytes http://hwupgrade.pastebin.com/m297fa3f3
Log di HijackThis http://hwupgrade.pastebin.com/m6a533115
Ho fatto in serie tutte le pulizie indicate nella procedura Guida alla Disinfezione per Infettihttp://www.hwupgrade.it/forum/showthread.php?t=1599737
Navigo con Firefox 3.0.4
Log di Malwarebytes http://hwupgrade.pastebin.com/m297fa3f3
Log di HijackThis http://hwupgrade.pastebin.com/m6a533115
Ho fatto in serie tutte le pulizie indicate nella procedura Guida alla Disinfezione per Infettihttp://www.hwupgrade.it/forum/showthread.php?t=1599737
caricali tutti i log allora ;)
per cureit e kasp ho delle modalità in firma per filtrarli
Anche la scansione con Prevx ha dato esito positivo non trovando nulla. La finestra di errore che mi appare recita " L'istruzione a 0x001f1cb0 ha fatto riferimento alla memoria a 0x001f1cb0. La memoria non poteva essere written. " Se clicco su OK oppure Annulla oppure sulla X il sistema rallenta a palla e diventa instabile.
Log GMER
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-29 09:01:29
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB5B0B81A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB5B0BDC6]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwConnectPort [0xBA98F5BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB5B0D1E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB5B0AF90]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwCreatePort [0xBA98F50E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB5B0F18C]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwCreateThread [0xBA98F3F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB5B0B3D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB5B0B5D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB5B0D4EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB5B0F698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB5B0B6E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB5B0B750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB5B0D3A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB5B0EC50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB5B0D03C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB5B0B0F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB5B0B9E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB5B0F1B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB5B0B93E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB5B0B7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB5B0B4BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB5B0B29A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB5B0EEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB5B0AC12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB5B0E0B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB5B0AD74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB5B0F568]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB5B0AA10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB5B0D6CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB5B0BCC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB5B0ED4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB5B0F1E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB5B0B148]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB5B0F2C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB5B0F3F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB5B0EB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB5B0BA92]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwWriteVirtualMemory [0xBA98F68A]
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F88 80503E64 12 Bytes [ C4, F2, B0, B5, F0, F3, B0, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload B94CE62C 5 Bytes JMP 89BE4780
? System32\Drivers\ag4gpete.SYS Impossibile trovare il file specificato. !
? C:\DOCUME~1\XP\IMPOST~1\Temp\JL618NIb.sys Impossibile trovare il file specificato. !
---- User code sections - GMER 1.0.14 ----
? C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[284] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[284] USER32.dll!VRipOutput + FFFA4C6F 7E392A78 4 Bytes [ 70, 11, 41, 35 ]
? C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[868] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[868] USER32.dll!VRipOutput + FFFA4C6F 7E392A78 4 Bytes [ 70, 11, 41, 35 ]
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6C0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6C0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6C0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6C1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6C161E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D5ACA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BAC98DE6] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAC98B46] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisGetReceivedPacket] [BAC998FA] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAC9890E] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89352DF0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89352DF0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAC98AF4] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAC9890E] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAC98B46] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BAC98DE6] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAC9890E] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAC98AF4] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BAC98DE6] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAC98B46] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 89E4B1E8
Device \FileSystem\Fastfat \FatCdrom 89BDE1E8
Device \FileSystem\Udfs \UdfsCdRom 89189428
Device \FileSystem\Udfs \UdfsDisk 89189428
AttachedDevice \Driver\Tcpip \Device\Ip bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\usbuhci \Device\USBPDO-0 89BE11E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DD81E8
Device \Driver\dmio \Device\DmControl\DmConfig 89DD81E8
Device \Driver\dmio \Device\DmControl\DmPnP 89DD81E8
Device \Driver\dmio \Device\DmControl\DmInfo 89DD81E8
Device \Driver\usbuhci \Device\USBPDO-1 89BE11E8
Device \Driver\usbuhci \Device\USBPDO-2 89BE11E8
Device \Driver\PCI_NTPNP1378 \Device\00000053 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-3 89BE11E8
Device \Driver\usbehci \Device\USBPDO-4 89BA31E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{471CA2DB-0503-48FA-9C63-26D3EB1DEA06} 893281E8
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E4D1E8
Device \Driver\Cdrom \Device\CdRom0 89B531E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89E4C1E8
Device \Driver\atapi \Device\Ide\IdePort0 89E4C1E8
Device \Driver\atapi \Device\Ide\IdePort1 89E4C1E8
Device \Driver\atapi \Device\Ide\IdePort2 89E4C1E8
Device \Driver\atapi \Device\Ide\IdePort3 89E4C1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 89E4C1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 893281E8
Device \Driver\NetBT \Device\NetbiosSmb 893281E8
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\usbuhci \Device\USBFDO-0 89BE11E8
Device \Driver\usbuhci \Device\USBFDO-1 89BE11E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8930D1E8
Device \Driver\usbuhci \Device\USBFDO-2 89BE11E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8930D1E8
Device \Driver\usbuhci \Device\USBFDO-3 89BE11E8
Device \Driver\usbehci \Device\USBFDO-4 89BA31E8
Device \Driver\Ftdisk \Device\FtControl 89E4D1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F5E8CF1-B897-4429-9B59-6B5106633ACE} 893281E8
Device \Driver\ag4gpete \Device\Scsi\ag4gpete1 89B4C1E8
Device \FileSystem\Fastfat \Fat 89BDE1E8
AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Threads - GMER 1.0.14 ----
Thread 4:644 893976F0
Thread 4:648 893976F0
Thread 4:652 8935FEB0
Thread 4:656 8935FEB0
Thread 4:660 8935FEB0
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x11 0x6A 0x46 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x82 0x78 0xDE 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF2 0xD6 0xAD 0xF0 ...
---- EOF - GMER 1.0.14 ----
di avevo dato delle mofalità per non incollare chilometri di log ;)
le altre scansioni che non vedo? erano tutte complete e pulite?
Chiedo umilmente venia per il log chilometrico. Tutte le altre scansioni non hanno rilevato nulla :muro:
Per escludere problemi hardware io farei un controllo della RAM (http://www.hwupgrade.it/forum/showpost.php?p=25062288&postcount=38)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.