Generic Host Process for Win 32 Services

[Zenebor]

Ciao ragazzi, sono nuovo e cercando con google informazioni per risolvere questo problema (è un virus???) mi sono imbattatuto in questo forum.
Conoscevo già il vostro sito poichè essendo uno studente del 5° anno di un istituto tecnico informatico ho letto svariate volte le vostre guide riguardanti la programmazione.
Ma venendo al dunque, sono riusciuto appunto a trovare altre discussioni dove utenti del vostro forum hanno discusso del mio problema.. molti l'hanno risolto attivando gli aggiornamenti a windows update (ho provato ad attivarli ma non si è aggiornato nulla o.O) e scaricando un ulteriore update dal sito di supporto della microsoft (già scaricato e installato ma il problema consiste).
Ho trovato inoltre QUESTA discussione dove infatti ho cercato di seguire i vostri consigli passo per passo.
PUNTO 0: Eliminati correttamente tutti i file temporanei e svuotata la cache del browser attraverso il programma da voi consigliato.
PUNTO 1: Ho eseguito la scansione dell'intero sistema con ANTIVIR (ho provveduto solamente ad installarlo solo dopo aver riscontrato il suddetto problema), poi ho eliminato tramite la funzione di delete immediata (senza farli passare dalla quarantene) tutti i file "infetti" trovati, senza dover ricorrere all'utilizzo della modalità provvisoria.
Inoltre, come da voi consigliato, ho provveduto a disabilitare il ripristino di sistema.
PUNTO 2:: Eseguito la scansione con TUTTI i programmi da voi consigliati, ma il problema sussiste.
PUNTO 3:: Ed eccoci arrivati al mio problema, ho effettuato completamente la scansione tramite l'antivirus Kaspersky Online Scanner e ho riscontrato i seguenti problemi:

I file infetti me li visualizza (come potete vedere dallo screen) ma come li elimino?
Mi sono bloccato a questo punto e non so come procedere... vorrei poter continuare a navigare su internet come ho sempre fatto senza dover formattare.. aiutatemi!

Screen del messaggio d'errore che mi compare:


P.S: Allego inoltre il file degli errori rilasciati dopo la scansione del pc con ANTIVIR

[Zenebor]

Ho notato che non mi è possibile allegare file con estensione .txt
Quindi riporto qua il contenuto:

Avira AntiVir Personal Report file date: lunedì 10 novembre 2008 11:01 Scanning for 1021413 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: THE-3IDXTGHDZPK Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 08:52:22 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 08:52:27 ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 08:52:28 ANTIVIR3.VDF : 7.1.0.59 4608 Bytes 10/11/2008 08:52:28 Engineversion : 8.2.0.29 AEVDF.DLL : 8.1.0.6 102772 Bytes 10/11/2008 08:52:52 AESCRIPT.DLL : 8.1.1.13 332156 Bytes 10/11/2008 08:52:51 AESCN.DLL : 8.1.1.5 123251 Bytes 10/11/2008 08:52:49 AERDL.DLL : 8.1.1.3 438645 Bytes 10/11/2008 08:52:48 AEPACK.DLL : 8.1.3.3 393591 Bytes 10/11/2008 08:52:46 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 10/11/2008 08:52:43 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 10/11/2008 08:52:42 AEHELP.DLL : 8.1.1.3 119157 Bytes 10/11/2008 08:52:36 AEGEN.DLL : 8.1.1.0 319859 Bytes 10/11/2008 08:52:35 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/11/2008 08:52:33 AECORE.DLL : 8.1.4.1 172405 Bytes 10/11/2008 08:52:31 AEBB.DLL : 8.1.0.3 53618 Bytes 10/11/2008 08:52:29 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 10/11/2008 08:52:29 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lunedì 10 novembre 2008 11:01 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned Scan process 'INSTAN~1.EXE' - '1' Module(s) have been scanned Scan process 'SMax4.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'dragdiag.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '51' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Andr3a\Documenti\L2Walker 1[1].52.rar [0] Archive type: RAR --> L2Walker 1[1].52\l2asrv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/GirlinRed.BB back-door program --> L2Walker 1[1].52\L2Walker.exe [DETECTION] Is the TR/Agent.502784.B Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\Alcohol 120%\L2Walker 1[1].52\l2asrv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/GirlinRed.BB back-door program [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\Alcohol 120%\L2Walker 1[1].52\L2Walker.exe [DETECTION] Is the TR/Agent.502784.B Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\File ricevuti\Bot Dragon Network (Mod by OrcoDio).rar [0] Archive type: RAR --> L2Walker 1[1].52\l2asrv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/GirlinRed.BB back-door program --> L2Walker 1[1].52\L2Walker.exe [DETECTION] Is the TR/Agent.502784.B Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\l2 kamael dual box\l2 kamael\system\l2.rar [0] Archive type: RAR --> l2.exe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\L2Walker 1[1].52\l2asrv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/GirlinRed.BB back-door program [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\L2Walker 1[1].52\L2Walker.exe [DETECTION] Is the TR/Agent.502784.B Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\LimeWire\Saved\Municipal Waste - Headbanger face rip.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\LimeWire\Saved\Soilwork - The chainheart machine.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\LINEAGE PROVA\L2Walker 1[1].52\l2asrv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/GirlinRed.BB back-door program [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Documenti\LINEAGE PROVA\L2Walker 1[1].52\L2Walker.exe [DETECTION] Is the TR/Agent.502784.B Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Shared\cesaroni.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Shared\natural born chaos bittorrent downloader.zip [0] Archive type: ZIP --> BitDownload Setup.exe [DETECTION] Is the TR/Dldr.348678 Trojan --> BitDownload Setup.exe [1] Archive type: NSIS --> ProgramFilesDir/minime_0.exe [DETECTION] Is the TR/Obfuscated.286208.1 Trojan [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Shared\natural born chaos.mpg [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Shared\pentole e bicchieri.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Shared\pentole e bicchieri.mpg [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Andr3a\Shared\[Full] diabolika volume 3 with Bonus.zip [0] Archive type: ZIP --> setup.exe [1] Archive type: NSIS --> [PluginsDir]/bann.exe [DETECTION] Contains recognition pattern of the DR/TrafficSol.O.1 dropper --> [PluginsDir]/bann.exe [2] Archive type: NSIS --> ProgramFilesDir/[SystemDir]/spads.dll [DETECTION] Is the TR/Dldr.Zlob.AATN Trojan --> [PluginsDir]/adw.exe [2] Archive type: NSIS --> ProgramFilesDir/[UnknownDir] [DETECTION] Is the TR/Spy.Agent.208896 Trojan [NOTE] The file was deleted! C:\Programmi\l2 kamael\system\l2.exe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was deleted! C:\Programmi\l2 kamael\system\l2.rar [0] Archive type: RAR --> l2.exe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\brastk.exe [DETECTION] Contains recognition pattern of the WORM/Autorun.nuz worm [NOTE] The file was deleted! C:\WINDOWS\system32\rqRIxuTK.dll [DETECTION] Is the TR/Vundo.35328 Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\winygq32.dll [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: lunedì 10 novembre 2008 11:41 Used time: 39:42 Minute(s) The scan has been done completely. 5601 Scanning directories 385115 Files were scanned 27 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 22 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 385086 Files not concerned 3033 Archives were scanned 2 Warnings 22 Notes

[Deifobe]

non si capisce nulla....
I rapporti puoi caricarli su Savefile

i file infividuati da kaspersky, se ci sono ancora, puoi semplicemente eliminarli a mano. Se non si eliminano, controlla che non siano attivi nel task manager: se ci sono, terminali e poi elimina i file.


scarica SystemScan
disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.