Generic Host Process for Win32 Services error

[Cuzo]

Imam problem, pojavila se poruka ovog tipa " generic proces win 32 need to be close". Ovo se prikazalo kad sam stratovao racunar. O cemu se radi?

[Ravell]

Dobro bi bilo da si napisao kako tacno glasi poruka koju dobijas.

Pretpostavljam da se ta greska NE JAVLJA svaki put kada ukljucis ili restartujes racunar, ali u svakom slucaju, ne bi bilo lose da postujes HijackThis log. Uputstvo za HJT i ostale informacije imas ovdje.

Poneki malware-i znaju da izazovu takvu gresku.

Eh, sada, mislim da tacna poruka glasi ovako: Generic Host Process for Win32 Services has encountered a problem.. (bla bla). Nakon cega gresku mozes da proslijedis Microsoft-u. Ukoliko kliknes na don't send buton, racunar nastavjla da radi kao da se nista nije desilo i nema nikakvih smetnji. Ali ipak, zasto error poruka, kakav proces, odakle... zasto? E pa, tako

Vrlo je moguce da i na tvom racunaru ovakvu gresku izaziva windows update sa svojim servisima (vjerovatno automatic update). Ja sam sklon da vjerujem da je pun bugova, pa zbog toga ponekad padne i da tu dosadnu poruku. Ukoliko se ovakva poruka javi prilikom pokretanja racunara, u slucaju ignorisanja poruke i nastavka rada sa racunarom, vrlo je moguce da automatic update nece raditi. Ovo je moguci razlog javljanja poruke, ali i razlog sto nastavak rada nakon dobijanja poruke ne izaziva neke vidljive smetnje na sistemu.

Mozda ce nekada Microsoft objaviti Windows update kroz "Windows update", koji ce update-ovati "Windows update" i popraviti automatic update. Ovo zvuci smijesno, ha

Ako ce ti biti lakse, veliki broj korisnika je barem nekoliko puta dobilo takvu poruku. Ali ipak ti nama daj taj HJT log, cisto da budemo sigurni.

[Cuzo]

Upravo tako pise poruka, i ne javalja se svaki put kad upalim racunar

[Cuzo]

Logfile of HijackThis v1.99.1
Scan saved at 12:55:52, on 26.3.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\suupxrur\cogFC0RN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Siemens ISDN Utilities\calltray.exe
C:\PROGRA~1\suupxrur\NR0CFgoc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Opera7\opera.exe
C:\Documents and Settings\Cuzo\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.cg.yu:8080
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN. EXE
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RegCleanExpert.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAPI Monitor.lnk = C:\Program Files\Siemens ISDN Utilities\calltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Îêíî ñîñòîÿíèÿ Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK .EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{46339A9E-5EB3-47CA-9512-281FA81B8511}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{46339A9E-5EB3-47CA-9512-281FA81B8511}: NameServer = 195.66.160.1 195.66.160.2
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

[Ravell]

Prije pocetka uklanjanja procitaj redove na kraju posta.

Uklonices sljedece redove:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Kada odradis ovo, nemoj pokretati nikakve browsere i ostale programe. Restartuj racunar i odmah preskeniraj HJT-om, pa opet postuj svoj log ovdje. Takodje, ukoliko imas bilo kakve programe ili procese disable-ovane u startup-u, enable-uj ih, pa onda preskeniraj HJT-om.


Vidim da imas neke Yahoo procese, pa ako ti ne trebaju, mozes i njih da uklonis. Takodje, vidim da ti je flashget u startupu. Ukoliko nije neophodno da se FlashGet nalazi tamo, mozes i njega da uklonis (putem opcija programa), a da ga pokreces prilikom downloadovanja necega. Prvo ukloni redove koje sam naveo gore, a ukoliko zelis da uklanjas FlashGet i Yahoo, TO CEMO DA ODRADIMO U SLJEDECEM KRUGU.

Takodje mi reci da li imas neki anti-spyware program, tipa ad-aware ili tako nesto slicno?

[Cuzo]

Imam Ad Aware SE Pesonal. imam ISDN i sad poslije rstartovanja racunara oba kanala imaju pink boju a trebalo bi ad su crvebi do trenutka kad se konektujem na net, medjutim kao sto vidis ja sam na netu i dalje su kanalii pink boje a treba da bude jedan zeleni

[Thomas_O_Malley]

Imam Ad Aware SE Pesonal. imam ISDN i sad poslije rstartovanja racunara oba kanala imaju pink boju a trebalo bi ad su crvebi do trenutka kad se konektujem na net, medjutim kao sto vidis ja sam na netu i dalje su kanalii pink boje a treba da bude jedan zeleni

Nemas s tim frke, meni se isto desava, jer je uredjaj koji smo kupili jedno veliko tandarilo. Pokusaj da izvadis pa ponovo stavis USB kabal i bice crveni. Posto sam instalirao XP SP2 to se sredilo, ali prvo provjeri USB kabal jer je meni pravio problem. Objasnjenje iz Podrske ce ti biti "nelicencirani windows, restartuj kompjuter, losa veza izmedju racunara i Santisa...".

[Ravell]

Sto se tice ISDN-a, tu ti ne mogu pomoci mnogo. Nemam iskustva s tim, a ja koristim kablovski Internet. Srecom, ima ljudi koji znaju i ISDN tips&tricks.

- Updateuj Ad-Aware, preskeniraj racunar, makni sve sto nadje.
- restartuj racunar
- preskeniraj HijackThis-om i postuj log u okviru ovog topic.

[Cuzo]

Logfile of HijackThis v1.99.1
Scan saved at 19:17:12, on 26.3.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\suupxrur\cogFC0RN.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\suupxrur\NR0CFgoc.exe
C:\Program Files\Siemens ISDN Utilities\calltray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK .EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK .EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera7\opera.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Cuzo\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.cg.yu:8080
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN. EXE
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RegCleanExpert.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAPI Monitor.lnk = C:\Program Files\Siemens ISDN Utilities\calltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Îêíî ñîñòîÿíèÿ Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK .EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{46339A9E-5EB3-47CA-9512-281FA81B8511}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{46339A9E-5EB3-47CA-9512-281FA81B8511}: NameServer = 195.66.160.1 195.66.160.2
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[Ravell]

To je sada ok, koliko mi se cini.