Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Errore generic host process for win32

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

Errore generic host process for win32

Messaggioda Rob_Oracle » mar ago 31, 2010 12:41 pm

Salve ragazzi...
Da un po' di tempo mi tormenta un problema strano, che credevo fosse causato dall'aggiornamento alla versione 8 di IExplorer, ma che continua a persistere anche in seguito a numerosi hotfix..
In pratica, dopo svariate ore che il pc è acceso (non so associare purtroppo il problema ad una mia particolare azione o a un processo aperto)viene segnalato un problema a Generic Host Process for Win 32, con la richiesta di conferma per la segnalazione a microsoft. Inviata o meno la segnalazione il sistema operativo rallenta notevolmente (diciamo pure che si blocca...) e sono costretto a riavviare il pc forzatamente, poichè la prima applicazione che non risponde è proprio explorer con annesso taskmanager (barra di avvio fuori uso, impossibilità di fare qualsiasi cosa, ...).
Visualizzando il contenuto della segnalazione, vengono riportati il processo e il file incriminati, rispettivamente
szaapname: svchost.exe
szmodname: urlmon.dll

Ho eseguito una scansione con MBAM: qualche infezione da lui stesso risolta, ma il problema dopo una giornata di lavoro si è ripresentato..
Dopo una ulteriore scansione con Ad Aware, sono state trovate ulteriori infezioni in seguito risolte, ma il problema continua a ripresentarsi..
Cosa mi consigliate? Non so più che pesci prendere...
Avatar utente
Rob_Oracle
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: mar ago 31, 2010 12:36 pm

Re: Errore generic host process for win32

Messaggioda Al3x » mar ago 31, 2010 5:59 pm

posta il LOG di HijackThis
è primavera finalmente! [:)]
Avatar utente
Al3x
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 7411
Iscritto il: sab gen 10, 2009 12:51 pm
Località: http://127.0.0.1/

Re: Errore generic host process for win32

Messaggioda Rob_Oracle » mer set 01, 2010 12:21 am

Eccolo qua (non riesco ad allegarlo....)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1.22.11 , on 01/09/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    C:\Programmi\EPSON\ESM2\eEBSVC.exe
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Programmi\Realtek\InstallShield\RTHDCPL.exe
    C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
    C:\Programmi\Windows Live\Messenger\msnmsgr.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Programmi\Windows Live\Contacts\wlcomm.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Realtek hd pannel] C:\Programmi\Realtek\InstallShield\RTHDCPL.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4719035453
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{09635DF7-EE6D-4C50-B026-3F2C240F45D3}: NameServer = 8.8.8.8,8.8.4.4
    O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Servizio di Google Update (gupdate1cae88621e876a8) (gupdate1cae88621e876a8) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\Programmi\Lectra\VigiPrint\bin\vpdaemon.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9816 bytes
Ultima modifica di Al3x il mer set 01, 2010 6:03 am, modificato 1 volta in totale.
Motivazione: inserito tag LOG
Avatar utente
Rob_Oracle
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: mar ago 31, 2010 12:36 pm


Re: Errore generic host process for win32

Messaggioda Rob_Oracle » lun set 06, 2010 3:43 pm

niente? [cry]
Avatar utente
Rob_Oracle
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: mar ago 31, 2010 12:36 pm

Re: Errore generic host process for win32

Messaggioda badile » lun set 06, 2010 4:19 pm

tempo fa causa il famigerato Conficker, ho avuto problemi simili in una decina di pc.
Guardando il Taskmanager e killando il processo di Svchost piu grande (circa 24 MB)migliorava la situazione, ovvio non risolvevo.
Comunque se fosse prova a vedere se è proprio colpa di Conficker. Ci sono vari cleaner in giro o con MRT.
ciao e buona "pulitura"!
Zazpiak Bat
Avatar utente
badile
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: gio mag 07, 2009 1:11 pm

Re: Errore generic host process for win32

Messaggioda FDAC » lun set 06, 2010 8:26 pm

Apri HJT, "Do a system scan only" e metti la spunta su queste voci:



R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4719035453
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\Programmi\Lectra\VigiPrint\bin\vpdaemon.exe (file missing)


e clicca su "Fix Checked"

Scarica ed installa Malwarebytes' AntiMalware Free.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
Finita la scansione, fai clic su OK => Mostra i Risultati.
Assicurati che tutto sia selezionato e clicca su "Rimuovi selezionati".
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Poi invia qui il rapporto di Malwarebytes.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Errore generic host process for win32

Messaggioda Rob_Oracle » sab set 11, 2010 10:16 am

Ecco qui il log di Mbam.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4593

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/09/2010 11.16.26
mbam-log-2010-09-11 (11-16-26).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 442244
Tempo trascorso: 2 ore, 43 minuti, 12 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Ma, eseguendo la scansione online con Microsoft Live One Care (come suggerito da Badile per il Conficker), sono state segnalate 2 infezioni da Alureon.H e Luckytender che credo ci siano ancora...
Avatar utente
Rob_Oracle
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: mar ago 31, 2010 12:36 pm

Re: Errore generic host process for win32

Messaggioda everi » sab set 11, 2010 12:33 pm

ma se il problema e' fastidioso la cosa piu' semplice e' una formattazione.....perche potrebbe essere qualsiasi cosa...in un paio d' ore ritorna nuovo [:)]
Avatar utente
everi
Senior Member
Senior Member
 
Messaggi: 372
Iscritto il: dom mag 27, 2007 1:41 am

Re: Errore generic host process for win32

Messaggioda FDAC » sab set 11, 2010 1:16 pm

Scarica <b>Combofix</b> da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Quando lo salvi hai la possibilità di rinominare il file: rinomina l’exe in pippo.exe

● posiziona pippo.exe sul Desktop
● disconnettiti da Internet
● sconnetti, fisicamente, il modem dal computer
● accedi al sistema in modalità provvisoria con un account con privilegi di <b>Amministratore</b>
● lancia <b>ComboFix </b>e segui le istruzioni che verranno rilasciate per eseguire la scansione
● senza eseguire altre operazioni, lascia che il tool completi la scansione e la fase di creazione del log
● al termine della operazione, il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)

Note - durante la scansione:
● verranno creati alcuni file sul desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'<b>antivirus</b> in uso: <b>prosegui ignorando il messaggio</b>
● il firewall, se attivo, potrebbe rilasciare un avviso che verranno rimossi alcuni driver (consenti pure)

Verrà creato un log in Disco Locale C: dal nome <b>combofix.txt </b>che dovrai inviare qui.

Conclusa la scansione:
● riavvia il sistema in modalità normale
● ricollega, fisicamente, il modem al computer
● connettiti a Internet e invia il file di testo

N.B. Se non riuscissi in alcun modo ad utilizzare Combofix, segui questi semplici passi:

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\pippo.exe" /killall
Premi OK, si dovrebbe avviare la scansione.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Errore generic host process for win32

Messaggioda Rob_Oracle » gio set 16, 2010 6:34 pm

Allego il log di combofix.

ComboFix 10-09-15.01 - Peppe 16/09/2010 13.54.20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.585 [GMT 2:00]
Eseguito da: c:\documents and settings\Peppe\Desktop\pippo.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {7C9258A4-FBF8-7FFD-402F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-DBF8-7FFD-402F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-DBF8-7FFD-A02E-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-EBF8-7FFD-402F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-EBF8-7FFD-A02E-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-FBF8-7FFD-A02E-250000000000}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Peppe\Impostazioni locali\Temporary Internet Files\mvb06759.tmp
c:\windows\SW_Win3242X48.DLL
c:\windows\system\Asycfilt.dll
c:\windows\system\Cmct3it.dll
c:\windows\system\Crtdll.dll
c:\windows\system\Dciman32.dll
c:\windows\system\Mpr.dll
c:\windows\system\Msvbvm50.dll
c:\windows\system\msvbvm60.dll
c:\windows\system\Msvcrt20.dll
c:\windows\system\Msvcrt40.dll
c:\windows\system\Ntdll.dll
c:\windows\system\Oleaut32.dll
c:\windows\system\olepro32.dll
c:\windows\system\Rpcrt4.dll
c:\windows\system\VB40032.DLL
c:\windows\system32\UACxpclovdu.db
F:\Autorun.inf

La copia infetta di c:\windows\system32\drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-08-16 al 2010-09-16 )))))))))))))))))))))))))))))))))))
.

2010-09-15 08:10 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-09-15 07:35 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-15 07:35 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-15 07:35 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-15 07:35 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-15 07:35 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-15 07:35 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-15 07:35 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-15 07:35 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-14 06:27 . 2010-09-14 06:27 -------- d-----w- c:\documents and settings\NetworkService\Documenti
2010-09-14 06:26 . 2010-09-14 06:27 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-09-13 10:36 . 2010-09-13 10:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kodak
2010-09-10 08:45 . 2010-09-10 08:45 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2010-09-09 15:59 . 2010-09-10 08:41 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-09-07 13:19 . 2010-09-07 13:19 -------- d-----w- c:\programmi\File comuni\ParallelGraphics
2010-09-06 16:15 . 2010-09-06 16:16 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\MSN6
2010-09-06 16:15 . 2010-09-06 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSN6
2010-09-02 08:23 . 2010-09-02 08:23 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-09-01 15:46 . 2005-01-31 13:05 17920 ----a-w- c:\windows\system32\wnaspi32.dll
2010-08-31 08:33 . 2010-08-31 08:33 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-08-31 07:23 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-30 18:32 . 2010-08-30 18:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-30 14:03 . 2010-08-30 14:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-30 13:57 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-30 12:56 . 2010-08-30 12:56 -------- d-----w- c:\documents and settings\Peppe\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-08-30 12:55 . 2010-08-30 12:55 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-25 11:15 . 2010-05-07 22:40 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-08-25 11:15 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-08-25 11:15 . 2010-08-25 11:16 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\FreeFLVConverter
2010-08-25 11:15 . 2010-08-25 11:15 -------- d-----w- c:\programmi\Free FLV Converter
2010-08-25 11:04 . 2010-08-25 11:12 -------- d-----w- c:\programmi\Need4 Video Converter 7
2010-08-24 20:53 . 2005-03-18 13:01 626688 ----a-w- c:\windows\system32\NCTImageFile.dll
2010-08-24 20:53 . 2005-02-28 13:47 344064 ----a-w- c:\windows\system32\NCTImageView.dll
2010-08-24 20:53 . 2005-02-28 13:47 335872 ----a-w- c:\windows\system32\NCTImageUtility.dll
2010-08-24 20:53 . 2005-02-28 13:47 401408 ----a-w- c:\windows\system32\NCTImageTransform.dll
2010-08-24 20:53 . 2008-04-25 08:36 98304 ----a-w- c:\windows\system32\DVM.dll
2010-08-24 20:53 . 2008-01-18 09:34 286720 ----a-w- c:\windows\system32\vic32.dll
2010-08-24 20:53 . 2007-12-03 11:02 53248 ----a-w- c:\windows\system32\RegisterExe.exe
2010-08-24 20:53 . 2010-08-24 20:53 -------- d-----w- c:\programmi\Softinterface, Inc
2010-08-24 20:45 . 2010-08-24 21:09 -------- d-----w- c:\programmi\ReaConverter 5.5 Pro
2010-08-24 19:35 . 2010-08-29 15:52 -------- d---a-w- C:\My MDTune
2010-08-24 19:35 . 2010-08-24 19:35 -------- d-----w- c:\programmi\digitalstage
2010-08-24 18:49 . 2010-08-24 18:49 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-08-24 18:22 . 2010-08-24 18:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-24 18:11 . 2010-08-24 18:11 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\DAEMON Tools Lite
2010-08-24 18:11 . 2010-08-24 18:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-08-22 10:19 . 2010-08-22 10:48 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Ableton
2010-08-22 10:19 . 2010-08-23 10:18 -------- d-----w- c:\programmi\Ableton
2010-08-19 17:41 . 2010-08-19 17:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-19 07:51 . 2010-08-19 07:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-19 07:46 . 2010-08-19 07:46 -------- d-sh--w- c:\documents and settings\Peppe\IECompatCache
2010-08-19 07:45 . 2010-08-19 07:45 -------- d-sh--w- c:\documents and settings\Peppe\PrivacIE
2010-08-19 07:42 . 2010-08-19 07:42 -------- d-sh--w- c:\documents and settings\Peppe\IETldCache
2010-08-18 22:16 . 2010-08-18 22:18 -------- dc-h--w- c:\windows\ie8
2010-08-18 22:06 . 2010-08-18 22:06 -------- d-----w- C:\6d9b01b9c47d73221d0937cc7c19
2010-08-17 13:35 . 2010-08-17 13:40 -------- d-----w- c:\documents and settings\Peppe\Impostazioni locali\Dati applicazioni\Yahoo
2010-08-17 13:30 . 2010-08-17 13:35 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Yahoo!
2010-08-17 13:28 . 2010-09-11 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo!
2010-08-17 13:25 . 2010-09-11 22:48 -------- d-----w- c:\programmi\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 13:06 . 2008-09-26 13:06 114562592 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-09-16 12:24 . 2008-09-26 13:06 1537316 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-09-11 06:27 . 2010-09-11 06:28 2637312 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
2010-09-11 06:27 . 2010-09-11 06:28 2736640 ----a-w- c:\windows\Internet Logs\xDB4D.tmp
2010-09-08 15:57 . 2010-07-30 05:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 10:03 . 2009-01-05 21:51 -------- d-----w- c:\programmi\WarRock
2010-09-06 22:59 . 2010-06-28 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-09-06 11:19 . 2008-12-03 07:52 21261553 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2010-09-04 22:35 . 2008-06-20 09:51 120 ----a-w- C:\drmHeader.bin
2010-09-01 20:34 . 2010-05-15 07:25 -------- d-----w- c:\programmi\SecondLifeViewer2
2010-09-01 15:46 . 2010-08-24 18:41 -------- d-----w- c:\programmi\ISOpen
2010-08-30 12:52 . 2009-08-27 06:34 -------- d-----w- c:\programmi\Lavasoft
2010-08-30 12:52 . 2009-08-27 06:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-08-27 21:18 . 2010-08-27 21:19 210432 ----a-w- c:\windows\Internet Logs\xDB4C.tmp
2010-08-27 12:46 . 2008-07-05 13:37 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Veam
2010-08-27 12:46 . 2009-09-04 04:27 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Musoi
2010-08-26 18:49 . 2010-08-26 19:32 2532352 ----a-w- c:\windows\Internet Logs\xDB4B.tmp
2010-08-26 18:49 . 2010-08-26 19:32 2931712 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
2010-08-24 18:12 . 2008-04-05 12:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-24 16:42 . 2008-03-05 12:00 102400 -c--a-w- c:\documents and settings\Peppe\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-17 14:18 . 2010-08-17 15:38 2424832 ----a-w- c:\windows\Internet Logs\xDB49.tmp
2010-08-17 14:18 . 2010-08-17 15:38 2936320 ----a-w- c:\windows\Internet Logs\xDB48.tmp
2010-08-16 22:28 . 2010-04-11 06:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-26 05:09 . 2010-07-26 05:09 -------- d-----w- c:\programmi\Grafill
2010-07-23 09:25 . 2010-07-23 09:26 2380288 ----a-w- c:\windows\Internet Logs\xDB47.tmp
2010-07-19 18:43 . 2010-07-19 18:42 -------- d-----w- c:\programmi\KaraFun
2010-07-19 18:42 . 2010-07-19 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Recisio
2010-07-05 17:21 . 2001-08-31 11:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2010-07-05 17:21 . 2001-08-31 11:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2008-05-03 20:36 . 2008-05-03 20:36 1354 -c--a-w- c:\programmi\qfuwgi.txt
1998-12-04 09:59 . 2009-09-02 18:43 5811 -c--a-w- c:\programmi\UNWISE.INI
1998-12-02 10:15 . 2009-09-02 18:43 139264 ----a-w- c:\programmi\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"Realtek hd pannel"="c:\programmi\Realtek\InstallShield\RTHDCPL.exe" [2006-01-11 15961088]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57243:TCP"= 57243:TCP:Pando Media Booster
"57243:UDP"= 57243:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/08/2010 15.57.08 64288]
R2 ExseNTdr;ExseNTdr;c:\windows\system32\drivers\exsentdr.sys [11/09/2000 7.30.00 30240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14.15.19 1355928]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [05/10/2005 11.44.06 468768]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2008 14.37.04 691696]
S1 as6eio;as6eio;c:\windows\system32\drivers\as6eio.sys --> c:\windows\system32\drivers\as6eio.sys [?]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys --> c:\windows\system32\drivers\bizVSerialNT.sys [?]
S2 gupdate1cae88621e876a8;Servizio di Google Update (gupdate1cae88621e876a8);c:\programmi\Google\Update\GoogleUpdate.exe [30/04/2010 18.56.51 133104]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\Peppe\IMPOST~1\Temp\{1735A~1\atiicdxx.sys --> c:\docume~1\Peppe\IMPOST~1\Temp\{1735A~1\atiicdxx.sys [?]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [08/01/2009 22.03.42 103552]
S3 EP800Camera;E-Video DC-100 USB Camera;c:\windows\system32\drivers\ep800vc.sys [05/05/2008 22.31.22 106428]
S3 esihdrv;esihdrv;\??\c:\docume~1\Peppe\IMPOST~1\Temp\esihdrv.sys --> c:\docume~1\Peppe\IMPOST~1\Temp\esihdrv.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [25/03/2009 18.45.39 1527900]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [03/11/2009 15.42.15 16896]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14.15.19 15008]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [25/03/2008 1.45.16 30329]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [20/08/2004 5.39.46 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VPDaemon;Lectra VigiPrint Service;c:\programmi\Lectra\VigiPrint\bin\vpdaemon.exe --> c:\programmi\Lectra\VigiPrint\bin\vpdaemon.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:12]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-30 16:56]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-30 16:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Clean Traces
IE: &Download by Orbit
IE: &Download with &DAP
IE: &Grab video by Orbit
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: Download &all with DAP
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Convert Image_is1 - c:\programmi\Softinterface
AddRemove-DC100 - c:\programmi\DC100\DC100\Uninst.isu
AddRemove-Drive Rescue - c:\program files\Alexander Grau\Drive Rescue\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 15:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BCCCB86-FD6C-D450-30F1-3DB793A48527}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahabbifnkpgobdbao"=hex:6b,61,6c,6c,65,6a,6d,68,6f,62,6e,6c,6c,68,68,6a,6b,70,
62,6d,63,66,00,00
"hanadchbmnkahplc"=hex:6b,61,6c,6c,65,6a,6d,68,6f,62,6e,6c,6c,68,68,6a,6b,70,
62,6d,63,66,00,00

[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EDA66BA8-E925-1E19-4243-A994F0F82CBD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajihflkeoiehbpkgf"=hex:6a,61,69,70,6a,6d,6b,67,67,66,64,70,6e,6f,6e,61,6c,69,
62,6e,00,00
"halgooaihnhcopad"=hex:6a,61,69,70,6a,6d,6b,67,67,66,64,70,6e,6f,6e,61,6c,69,
62,6e,00,ff
"ianhhkfkkgbkacodlp"=hex:63,61,65,70,6b,6a,00,7c

[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFB86E60-14B3-70E8-9623-79C8DAEAE95D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eadaacamig"=hex:66,61,62,70,62,65,6f,6a,6d,6f,66,6d,00,31
"daaahpfh"=hex:64,62,70,66,64,68,6b,6f,69,69,6a,63,6e,69,63,62,67,6a,64,61,66,
6d,67,6f,62,6e,63,64,6c,65,62,6f,62,61,70,63,61,6f,64,65,00,00
"ialgbgbmncgmighdba"=hex:6a,61,68,6c,61,6b,68,66,6f,61,6a,68,69,6c,6f,6a,6e,64,
6d,61,00,00
"hajfhejmlhflpeek"=hex:6a,61,68,6c,61,6b,68,66,6f,61,6a,68,69,6c,6f,6a,6e,64,
6d,61,00,00

[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1BA7825-A783-9540-3A51-65658A30E8CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadpefdjajefbidigm"=hex:6b,61,70,70,6e,6c,6b,6b,6a,6c,6d,68,63,63,68,6e,6a,6b,
64,67,67,67,00,00
"hanacfjdgmgaholf"=hex:6a,61,70,70,6e,6c,6b,6b,65,6c,65,70,70,70,6c,64,64,69,
61,6c,00,6a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1016)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\jsproxy.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\EPSON\ESM2\eEBSVC.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\msiexec.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-09-16 15:18:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-16 13:18
ComboFix2.txt 2009-09-02 23:12
ComboFix3.txt 2009-09-02 09:30
ComboFix4.txt 2008-05-04 14:43

Pre-Run: 2.259.832.832 byte disponibili
Post-Run: 7.386.738.688 byte disponibili

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 606FDE0CCAAC7F1457D68732787E49BD

Preciso però che, a causa di un problema seguente alla scansione (mancavano delle librerie vb e Delphi), ho dovuto ripristinare dalla quarantena i file:
msvbvm60.dll
msvbvm50.dll
msvcrt20.dll
msvcrt40.dll
VB40032.dll
Il ripristino comunque è stato inutile poichè ho dovuto comunque risolvere il problema diversamente, ma non riesco più a cancellare i file dalla cartella system a causa della protezione.
Avatar utente
Rob_Oracle
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: mar ago 31, 2010 12:36 pm

Re: Errore generic host process for win32

Messaggioda caruso68 » lun set 20, 2010 9:24 am

Questo problema mi si presenta almeno 10 volte a l giorno, faccio l'installatore di sistemi...
per risolvere è sufficiente fare TUTTI gli aggionamenti di windows... fidatevi!
Avatar utente
caruso68
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: ven set 17, 2010 4:01 pm


Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising