SERVICES.EXE - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » SERVICES.EXE

SERVICES.EXE

Opzioni

Topic Precedente · Topic Sucessivo

mister_kihu

Inviato: Friday, November 04, 2005 11:07:10 PM

Rank: Member

Iscritto dal : 5/24/2005
Posts: 19

alfonzo e da ieri che zone alarm vuol fare accedere SERVICES.EXE ma io lo blocco e un virus? poi ho notato che nel task menager ce ne 3 di services.exe, 2 scritte in maiuscolo, e 1 minuscolo. come posso toglierli non vanno via in nessun modo.<img src=icon_smile_blush.gif border=0 align=middle><img src=icon_smile_blush.gif border=0 align=middle>

Torna in alto

Sponsor

Inviato: Friday, November 04, 2005 11:07:10 PM

Torna in alto

alfonso

Inviato: Saturday, November 05, 2005 11:26:01 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

SERVICES.EXE é un file di sistema, ma potrebbe essere anche un virus

scarica questo programma e leggi le istruzioni per inserire il log cosi controlliamo se il file incriminato e legittimo oppure no, di solito si vede dalla cartella da dove viene eseguito
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175

Collaboratore Aiutamici

Torna in alto

mister_kihu

Inviato: Saturday, November 05, 2005 1:57:01 PM

Rank: Member

Iscritto dal : 5/24/2005
Posts: 19

x alfonzo , ho fatto il log come hai detto.
Logfile of HijackThis v1.99.1
Scan saved at 13.51.20, on 05/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\SERVICES.EXE
C:\Documents and Settings\marKus\Desktop\prog.vari\CheckBO.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\marKus\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonelabs.com/products/zalicense.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - (no file)
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\firewall.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CheckBO] C:\Documents and Settings\marKus\Desktop\prog.vari\CheckBO.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\marKus\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Critical Update Check] :Windir%\battlenet.exe
O4 - HKLM\..\Run: [printer spooler] C:\WINDOWS\System32\commonaccess.exe
O4 - HKLM\..\Run: [network device driver] C:\WINDOWS\System32\msfirewall.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Eandsporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Riverbelle MPC - {F5B5A190-EADF-49d9-A90D-52B236C05E63} - C:\Programmi\riverbelleMPC\MPC.exe (file missing)
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.playitalia.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/Chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116282947665
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/download/DownloaderActiveX.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1003327.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/dialer/it/activex_259_it.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

gentilmentte controllalo quando ai tempo grazie.<img src=icon_smile_big.gif border=0 align=middle><img src=icon_smile_big.gif border=0 align=middle><img src=icon_smile_cool.gif border=0 align=middle>

Torna in alto

alfonso

Inviato: Saturday, November 05, 2005 3:01:25 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=homeandCodSw=257andSH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=homeandCodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
-
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - (no file)
O2 - BHO: (no name) - {EE5C363D-7627-4F21-98AE-4CBCC1DBD650} - C:\WINDOWS\system32\firewall.dll (file missing)
-
O4 - HKLM\..\Run: [CheckBO] C:\Documents and Settings\marKus\Desktop\prog.vari\CheckBO.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\marKus\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Critical Update Check] :Windir:\battlenet.exe
O4 - HKLM\..\Run: [printer spooler] C:\WINDOWS\System32\commonaccess.exe
O4 - HKLM\..\Run: [network device driver] C:\WINDOWS\System32\msfirewall.exe
-
O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
-
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir:\bdoscandel.exe (file missing)
-
O9 - Extra button: Riverbelle MPC - {F5B5A190-EADF-49d9-A90D-52B236C05E63} - C:\Programmi\riverbelleMPC\MPC.exe (file missing)
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.playitalia.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.xbeta69.com
-
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
-
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
-
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/download/DownloaderActiveX.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1003327.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/dialer/it/activex_259_it.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina i file in rosso,
==================================
C:\WINDOWS\SERVICES.EXE (non eliminare quello che si trova in C:\Windows\System32)
firewall.dll
CheckBO.exe
IE4321.exe
battlenet.exe
commonaccess.exe
msfirewall.exe
==================================

ELIMINA LE CARTELLE IN ROSSO
==================================
C:\Documents and Settings\marKus\Dati applicazioni\sgrunt
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

installa questo programma per bloccare i popup pericolosi
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

Dovresti aggiornare il sistema dal Windows Update.

Collaboratore Aiutamici

Torna in alto

mister_kihu

Inviato: Saturday, November 05, 2005 3:39:53 PM

Rank: Member

Iscritto dal : 5/24/2005
Posts: 19

grazie alfonso faro queste operazioni.ma checkbo lo devo togliere? e un buon firewall?

Torna in alto

mister_kihu

Inviato: Saturday, November 05, 2005 3:41:18 PM

Rank: Member

Iscritto dal : 5/24/2005
Posts: 19

grazie alfonso faro queste operazioni.ma checkbo lo devo togliere? e un buon firewall?

Torna in alto

mister_kihu

Inviato: Saturday, November 05, 2005 4:19:02 PM

Rank: Member

Iscritto dal : 5/24/2005
Posts: 19

alfonso sei un mago o fatto tutto a norma e il risutlato si e visto grazie mille.te devo una cena a base di pesce lol<img src=icon_smile_big.gif border=0 align=middle><img src=icon_smile_wink.gif border=0 align=middle>

Torna in alto

alfonso

Inviato: Saturday, November 05, 2005 10:46:45 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Checkbo é un programma inutile, controlla le porte che vengono aperte, ma non é un firewall, é solo un monitor. Lascia il compito al vero firewall di proteggere le porte di sistema.

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » SERVICES.EXE

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded