Services.exe

**pupo21** · 14-11-2005, 13:15

Ciao ho eliminato dal mio pc una serie di spyware che modificavano la pagina iniziale di internet explorer, seguendo le specifiche di TrendMicro di cui ho l'antivirus. Dopo aver riavviato il pc mi compare un popup in cui mi dice che non trova c:\windows\services.exe ho lanciato anche hijackthis allego copia
Logfile of HijackThis v1.97.7
Scan saved at 8:52:34 AM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\WINDOWS\TEMP\BVE553.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\danilo.iorio\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\it\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file...CallButton.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D355E971-0F61-11D2-8955-00805FFCE6FB} (siawds-full-install) - https://www.lineattiva.it/SIAwds/ins...ll-install.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netel.local
O17 - HKLM\Software\..\Telephony: DomainName = netel.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4148DED5-6A7A-412C-98AD-2B03B07A75AD}: NameServer = 10.10.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = netel.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{4148DED5-6A7A-412C-98AD-2B03B07A75AD}: NameServer = 10.10.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = netel.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{4148DED5-6A7A-412C-98AD-2B03B07A75AD}: NameServer = 10.10.1.1

perchè non riesco a capire di cosa si tratta, avete qualche suggerimento'
Grazoe

**Habanero** · 14-11-2005, 14:14

Comincia con lo scaricare la versione aggiornata di Hijackthis... quella che usi è vecchissima.

Per il corretto uso del programma leggi il punto [4] di questo post messo in rilievo e seguilo alla lettera:
http://forum.html.it/forum/showthrea...hreadid=811189

Il services.exe (file di sistema) normalmente è in \windows\system32\ non nella cartella windows. Il tuo file è evidentemente nocivo.

Discussione: Services.exe

Strumenti discussione

Ricerca discussione

Visualizza

Services.exe

Permessi di invio