Generic Host Process for Win32 Services Error

Question

ladyM

1. Delete a ferramenta EliStarA e o arquivo C:\infosat.txt

2.
    *Fa&ccedil;a o download da ferramenta do link e salve-a no Desktop
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    *Duplo clique em SDFix.exe e a ferramenta ser&aacute; instalada geralmente em C:\SDFix
    *Anote ou imprima o procedimento
    *[COLOR=Blue]Desative temporariamente seu antiv&iacute;rus e anti-spyware[/COLOR]
    *Reinicie o PC em Modo de Seguran&ccedil;a (Pressione intermitentemente F8 durante a inicializa&ccedil;&atilde;o, no menu que aparecer escolha Modo Seguro).
    *Na pasta C:\SDFix localize e execute o arquivo RunThis.bat
    *Tecle Y para iniciar o processo
    *Ao t&eacute;rmino, surgir&aacute; um aviso dizendo para apertar qualquer tecla para continuar. 
    *O PC ser&aacute; reiniciado automaticamente
    *Ao reiniciar, a ferramenta novamente ser&aacute; executada
    *Ao surgir The FixTool has finished, pressione qualquer tecla
    *Cole o resultado criado em C:\SDFix\Report.txt junto com novo log do hijack.

3.
Para corrigir o problema da mensagem (A CPU NTVDM encontrou uma instru&ccedil;&atilde;o...) fa&ccedil;a o seguinte:
    *Baixe e salve o arquivo no desktop
    http://www.visualtour.com/downloads/xp_fix.exe
    *Execute o arquivo
    *Reinicie o PC

Answer

SDFix: Version 1.170 
Run by Alpha on seg 14/04/2008 at 11:36
Microsoft Windows XP [vers&AElig;o 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files : 
Trojan Files Found:
C:\WINDOWS\system32pcc.dll  - Deleted

Removing Temp Files
ADS Check :

Final Check :
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 11:48:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv]
Type=dword:00000010
Start=dword:00000002
ErrorControl=dword:00000000
ImagePath=str(2):C:\Arquivos de programas\GbPlugin\GbpSv.exe
DisplayName=Gbp Service
Group=GbPlugin Group
ObjectName=LocalSystem
Description=Service for G-Buster Browser Defense
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv\Security]
Security=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GbpSv]
Type=dword:00000010
Start=dword:00000002
ErrorControl=dword:00000000
ImagePath=str(2):C:\Arquivos de programas\GbPlugin\GbpSv.exe
DisplayName=Gbp Service
Group=GbPlugin Group
ObjectName=LocalSystem
Description=Service for G-Buster Browser Defense
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GbpSv\Security]
Security=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..
scanning hidden registry entries ...
scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Remaining Services :
 
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Arquivos de programas\Google\Google Talk\googletalk.exe=C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
C:\Arquivos de programas\eMule\emule.exe=C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule
C:\Arquivos de programas\Pando Networks\Pando\pando.exe=C:\Arquivos de programas\Pando Networks\Pando\pando.exe:*:Enabled:pando
C:\Arquivos de programas\Puxa R pido\PuxaRapido.exe=C:\Arquivos de programas\Puxa R pido\PuxaRapido.exe:*:Enabled:Puxa R pido
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe=C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\Arquivos de programas\MSN Messenger\livecall.exe=C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Arquivos de programas\LeechFTP\Leechftp.exe=C:\Arquivos de programas\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe=C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe=C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe=C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe=C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip
C:\AppServ\apache\bin\ApacheMonitor.exe=C:\AppServ\apache\bin\ApacheMonitor.exe:*:Enabled:Apache Monitor
C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe=C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe=C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\Arquivos de programas\MSN Messenger\livecall.exe=C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 21 Nov 2007         4,348 ..SH. --- C:\Documents and Settings\All Users\DRM\DRMv1.bak
Sun  6 Apr 2008             0 A..H. --- C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7f7c2bb6b30fe52e21748c4ce\BIT6.tmp
Finished!

Log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:53:51, on 14/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Documents and Settings\Alpha\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa R&aacute;pido\IEBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Auxiliar de Conex&atilde;o do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Atualizador - Puxa R&aacute;pido] C:\Arquivos de programas\Puxa R&aacute;pido\Atualiza.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [Pando] C:\Arquivos de programas\Pando Networks\Pando\Pando.exe /Minimized
O4 - Startup: Speedy.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189818322877
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA40B9EE-2E02-4BCD-8EF5-9E8BF352100E}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe

Answer

[quote=Wings, post: 3663925]ladyM

3.
Para corrigir o problema da mensagem (A CPU NTVDM encontrou uma instru&ccedil;&atilde;o...) fa&ccedil;a o seguinte:
*Baixe e salve o arquivo no desktop
http://www.visualtour.com/downloads/xp_fix.exe
*Execute o arquivo
*Reinicie o PC[/quote]
 
Existe algum outro software q fa&ccedil;a o mesmo, por&eacute;m posso execut&aacute;-lo no windows vista?

Answer

Tamb&eacute;m estava com esse problema.
Ent&atilde;o baixei esta atualiza&ccedil;&atilde;o: http://www.microsoft.com/downloads/d...9-afad4e049c48 (que est&aacute; citada acima) e deixei meu firewall funcionando.

Answer

Ent&atilde;o, to com o msm problema ai... fica dando esse erro td vez q inicio o computador, o driver de som simplesmente some e a internet desconecta depois de um certo tempo...
pelo q to lendo, fazer atualiza&ccedil;&atilde;o do windows resolve... mas ser&aacute; q d&aacute; algum problema por n&atilde;o ser original o XP ?

Answer

*Fa&ccedil;a o download e instale as atualiza&ccedil;&otilde;es abaixo se o seu Windows XP for BR.
    KB894391
 http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=pt-br&SrcCategoryId=&SrcFamilyId=a87b44b9-7a6a-49b6-bd89-afad4e049c48&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fa%2f9%2fb%2fa9ba3f32-c19f-4953-81fe-eeb6b7aed7ab%2fWindowsXP-KB894391-x86-PTB.exe
    KB921883
 http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=pt-br&SrcCategoryId=&SrcFamilyId=2996b9b6-03ff-4636-861a-46b3eac7a305&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f5%2f6%2fd563cd74-b782-4890-b3c0-0e8b4f994326%2fWindowsXP-KB921883-x86-PTB.exe
    KB918899
 http://www.microsoft.com/downloads/details.aspx?displaylang=pt-br&FamilyID=cdb85bca-0c17-44aa-b74e-f01b5392bb31
    KB925486
 http://www.microsoft.com/downloads/details.aspx?displaylang=pt-br&FamilyID=b5f19858-4e86-4fd4-a264-e4823ff6d0a9

Veja se corrigi o problema.

Answer

Valeu... vou testar aki e v&ecirc; se resolve ;D

Ferramentas

Mover Tópico