احتاج مساعدة في حل مشكلة Generic Host Process for win32 services

[mtz2010]

السلام عليكم
Problem with XP SP3
Generic Host Process for win32
لدي مشكلة في نظام التشغيل حيث تظهر رسالة الخطأ كما في الصورة ادناه

وتتسبب هذه المشكلة في توقف الصوت وبعض المشاكل الاخرى في نظام التشغيل وطبعا هذه الرساله معروفة للخبراء ولها اسباب كثيرة وقد حاولت معالجتها بطرق عديدة ولازالت تظهر الرسالة احياناً ونظام التشغيل لدي هو Win Xp SP3
اكس بي سيرفس باك3 .
الرساله لازالت تظهر رغم عمل فورمات لل C وتنصيب نظام التشغيل من جديد وعمل فحص كامل للجهاز ببرنامج Avast Internet Security
وقمت باغلاق البورتات التي قد تسبب هذه المشكلة وهي بورت 135 والبورت 445
وبعض الحلول الاخرى وفشلت جميع محاولاتي في ايقاف هذه الرسالة المزعجة .
لذلك ارجو مساعدتكم وارائكم اخوااني لحل هذه المشكلة .

وشكراً لكم ..
​

 

[MAAX]

اهلاا بك
طبق هذا اخي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

[mtz2010]

شكرا لك اخي MAAX
انا سبق وجربت هذه التحديثات ولكنها لاتنفع مع Sp3 لانها تحديثات خاصة للـSP2 ولاتقبل التنصب على SP3 وبالتالي لاتحل المشكة ، ,وجاري تجربة الحلول الاخرى الموجودة في موضوع الاخ boob77

 

[mtz2010]

قمت بتجربة جميع الحلول ولازالت المشكلة موجودة وتظهر نفس الرسالة

​

 

[MAAX]

حمل الاداة من هذا الموضوع

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

واعمل تقرير هايجاك + سجلات الاخطاء والنظام
وضعها بدون اقتباس او اكواد

 

[mtz2010]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:10 ص, on 10/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-

17B458C2A3A8} - C:\Program Files\Internet Download

Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for

Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA}

- C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-

462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6

\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-

435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-

BC86-EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil

Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: azku.exe (User 'Default user')
O8 - Extra context menu item: Download with IDM -

C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32

\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2

-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32

\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache

daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software -

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software -

C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software -

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software -

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 3803 bytes


----------------------------------------------------------------------------------------



====== سجل أخطاء النظام ======

Computer Name: MHRTDS
Event Code: 31012
Message: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Record Number: 928
Source Name: ipnathlp
Time Written: 20110203085724.000000+180
Event Type: error
User:

Computer Name: MHRTDS
Event Code: 31012
Message: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Record Number: 927
Source Name: ipnathlp
Time Written: 20110203085724.000000+180
Event Type: error
User:

Computer Name: MHRTDS
Event Code: 31012
Message: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Record Number: 918
Source Name: ipnathlp
Time Written: 20110203085435.000000+180
Event Type: error
User:

Computer Name: MHRTDS
Event Code: 31012
Message: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Record Number: 917
Source Name: ipnathlp
Time Written: 20110203085430.000000+180
Event Type: error
User:

Computer Name: MHRTDS
Event Code: 31012
Message: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Record Number: 916
Source Name: ipnathlp
Time Written: 20110203085430.000000+180
Event Type: error
User:



===== سجل أخطاء البرامج =====

Computer Name: PROMAN
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 15
Source Name: WinMgmt
Time Written: 20080725000839.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PROMAN
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 14
Source Name: WinMgmt
Time Written: 20080725000839.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PROMAN
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20080725000838.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PROMAN
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20080725000838.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PROMAN
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20080725000836.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM



===== تقرير انهيار البرامج =====




===== تقرير الشاشة الزرقاء =====



​

 

[MAAX]

اعمل التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

[mtz2010]

تم ..
تقرير الفحص الاول

************' Anti-Malware 1.50.1.1100

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Database version: 5671

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

10/02/2011 12:46:31 م
mbam-log-2011-02-10 (12-46-31).txt

Scan type: Quick scan
Objects scanned: 128253
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\default user\start menu\Programs\Startup\azku.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

تقرير الفحص الثاني
​

************' Anti-Malware 1.50.1.1100

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Database version: 5671

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/02/2011 01:36:28 م
mbam-log-2011-02-10 (13-36-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 171147
Time elapsed: 15 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

وهذا تقرير جديد للهايجاك
​

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:09:08 م, on 10/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 3985 bytes
​

​

 

[MAAX]

اعمل تحديث لاصدار الاكسبلورر

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

[mtz2010]

انا استخدم متصفح الفايرفوكس لذلك لم اهتم بتحديث الاكسبلورر وقمت بتنصيب اكسبلورر 8 بعد ردك الاخير ولكن عادت وظهرت المشكلة مره اخرى قبل قليل بظهور رسالة الخطأ :f: ..
​

 

[MAAX]

فعل التحديثات التلقائية

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي