Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

services.exe e shutdown

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

services.exe e shutdown

Postdi gia » 03/01/09 13:57

salute a tutti,
da ieri il mio notebook (WinXP SP2) presenta il seguente problema:
all'avvio presenta un messaggio d'errore che m'informa che che ci sono stati problemi con l'applicazione services.exe, che verra' chiusa. Se lo chiudo parte un timer da 60sec che blocca il PC. Posso fermare questo processo con il comando shutdown -a. Dopo posso usare il PC ma e' instabile e spesso si blocca.
Ho fatto scansioni con SpyBoot, SuperAntiware, Sophos Antivirus senza trovare niente di rilevante.
Il sistema parte senza problemi in modalita' provvisoria.
Ho cercato un po' in giro, ho visto che services.exe ha dato qualche problemino ma nessuno dei suggerimenti trovati ha aiutato.
Mi date una mano?
Giampiero

Di seguito il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.17.00, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Programmi\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Programmi\Sophos\AutoUpdate\ALsvc.exe
C:\Programmi\Sophos\Remote Management System\RouterNT.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\GP\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\INCA\Bin\OIMAGStatusDatabase.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Sophos\AutoUpdate\ALMon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programmi\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchReprogramming] C:\Programmi\INCA\Bin\LaunchReprogramming.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programmi\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk.disabled
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file:///C:/Programmi/AutoCAD%202002%20Ita/InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file:///C:/Programmi/AutoCAD%202002%20Ita/AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Programmi/AutoCAD%202002%20Ita/InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file:///C:/Programmi/AutoCAD%202002%20Ita/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = assing.local
O17 - HKLM\Software\..\Telephony: DomainName = assing.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = assing.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = assing.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = assing.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BJREOYWKDQTI - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\BJREOYWKDQTI.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmi\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programmi\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Crea report sullo stato di Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Programmi\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Programmi\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Programmi\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Programmi\Sophos\Remote Management System\RouterNT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 12750 bytes
gia
Utente Junior
 
Post: 10
Iscritto il: 27/08/02 10:51

Sponsor
 

Re: services.exe e shutdown

Postdi Luke57 » 03/01/09 14:47

Ciao, scarica ed installa Ccleaner se non l'hai
http://www.filehippo.com/download_ccleaner/
Avvia l'installazione, mi raccomando non installare la toolbar
(ultima casella della schermata "opzioni di installazione") e continua l'installazione.
Finita l'installazione, apri ccleaner, clicca su "Opzioni" e poi su "Avanzate", leva la spunta se è presente dall'opzione "cancella file in windows temp solo se più vecchi di 48 ore".
Poi apri hijackthis, premi "do a system scan only", cerca e spunta la voce seguente:
O23 - Service: BJREOYWKDQTI - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\BJREOYWKDQTI.exe (file missing)

premi fix checked.

Poi da start>esegui nello spazio bianco copi e incolli
sc stop BJREOYWKDQTI>premi OK
poi copi e incolli:
sc delete BJREOYWKDQTI>premi OK


adesso puoi avviare la pulizia, apri ccleaner e clicca su Avvia ccleaner.

Riavvia il computer e osserva se il problema si ripresenta.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: services.exe e shutdown

Postdi gia » 03/01/09 15:47

Grazie.
Ho fatto la procedura suggerita ma il problema rimane.
ciao
Giampiero

Di seguito la parte del log relativo alla sezione O23:
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmi\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programmi\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Crea report sullo stato di Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Programmi\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Programmi\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Programmi\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Programmi\Sophos\Remote Management System\RouterNT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe

--
gia
Utente Junior
 
Post: 10
Iscritto il: 27/08/02 10:51

Re: services.exe e shutdown

Postdi Luke57 » 03/01/09 15:53

Ciao, scarica sdfix da qui:
http://www.bleepingcomputer.com/resources/link252.html
Una volta scaricato,doppio click su SDFix.exe per lanciare l'installazione
Cliccate su Install (verrà creata una cartella alla radice dell'HD dal nome SDFix)




Riavvia il sistema in modalità provvisoria (se non sai come fare, vedi sotto)
http://www.upyou.it/smartfaq+faq.faqid+3.htm

# Una volta in modalità provvisoria; apri la cartella Sdfix, fate un doppio click sul file RunThis.bat
# selezionate Y
# premete il tasto ENTER della vostra tastiera per lanciare la pulizia.
Pazientate qualche attimo e il tool vi chiederà di premere un tasto per riavviare.
Al riavvio SDFix porterà a termine la procedura e visualizzerà un messaggio nel quale indica la fine della pulizia e l'opzione per visualizzare il log. Postalo sul forum
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: services.exe e shutdown

Postdi gia » 03/01/09 16:59

Fatto, di seguito troverai il report.
Durante la procedura ha dato un paio d'errori:
Cannot find \\\fast hardlock driver
SdFix HLVDD.DLL. Un driver di periferica virtuale non e' riuscito a inizializzare la DLL
che io ho ignorato.
inutile dire che il problema permane.
Grazie ancora per l'aiuto
Giampiero


SDFix: Version 1.240
Run by Administrator on 03/01/2009 at 16.36

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 16:44:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,9f,8d,79,97,28,70,ad,28,03,de,51,31,d7,b0,38,8f,e8,..
"ljej40"=hex:87,d7,03,c5,bc,82,47,45,9a,ec,2f,fb,7b,45,28,46,49,28,01,59,70,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
"Last Counter"=dword:0000173a
"Last Help"=dword:0000173b

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Disabled:CyberLink PowerDVD"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"="C:\\Programmi\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"
"C:\\Programmi\\RDS\\PLDlnk.exe"="C:\\Programmi\\RDS\\PLDlnk.exe:*:Enabled:Ridoc Document System Auto Document Link Software."
"C:\\Programmi\\Advanced SMTP Server\\SMTPServer.exe"="C:\\Programmi\\Advanced SMTP Server\\SMTPServer.exe:*:Enabled:SMTPServer"
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Programmi\\Carl Zeiss SMT Ltd\\RRemote Server\\RemoteRelay.exe"="C:\\Programmi\\Carl Zeiss SMT Ltd\\RRemote Server\\RemoteRelay.exe:*:Enabled:RemoteRelay: Allows the EM Server to communicate with Remote computers."
"C:\\Programmi\\Internet Explorer\\iexplore.exe"="C:\\Programmi\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Programmi\\National Instruments\\MAX\\NIMax.exe"="C:\\Programmi\\National Instruments\\MAX\\NIMax.exe:*:Enabled:NIMax"
"C:\\Programmi\\ImageJ\\jre\\bin\\javaw.exe"="C:\\Programmi\\ImageJ\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

Remaining Files :



Files with Hidden Attributes :

Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Programmi\AVIConverter\mencoder.exe"
Mon 23 Jul 2007 26,768,251 A..H. --- "C:\Programmi\EMCO Malware Destroyer\signatures.zip"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\Tools.dll"
Thu 9 Aug 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 9 Aug 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 9 Aug 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 9 Aug 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 14 Dec 2001 339,968 A..HR --- "C:\Programmi\National Instruments\MAX\uninstall.exe"
Fri 14 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\GP\Dati applicazioni\U3\temp\Launchpad Removal.exe"

Finished!
gia
Utente Junior
 
Post: 10
Iscritto il: 27/08/02 10:51

Re: services.exe e shutdown

Postdi Luke57 » 03/01/09 17:19

Ciao, disattiva l'antivirus
scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vai in start>esegui>nel box bianco copia e incolla, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: services.exe e shutdown

Postdi gia » 03/01/09 18:34

Ho fatto partire ComboFix in modalita' provvisoria perche' faccio fatica ad usare il PC se parto normalmente.
Di seguito il report.
ciao

ComboFix 09-01-01.02 - Administrator 2009-01-03 18.16.32.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2038.1756 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mdm.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-12-03 al 2009-01-03 )))))))))))))))))))))))))))))))))))
.

2009-01-03 16:24 . 2009-01-03 16:24 <DIR> d-------- c:\windows\ERUNT
2009-01-03 16:20 . 2009-01-03 16:46 <DIR> d-------- C:\SDFix
2009-01-03 12:31 . 2009-01-03 12:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-03 12:09 . 2009-01-03 12:09 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Lavasoft
2009-01-02 20:36 . 2009-01-02 20:36 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2008-12-12 13:45 . 2008-12-12 13:45 43,520 --a------ c:\windows\system32\msmapi32.oca

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 09:31 90,112 ----a-w c:\windows\DUMP77df.tmp
2009-01-03 08:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-02 22:20 --------- d-----w c:\programmi\SUPERAntiSpyware
2009-01-02 15:16 --------- d-----w c:\documents and settings\GP\Dati applicazioni\SUPERAntiSpyware.com
2009-01-02 11:07 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-01-02 08:11 --------- d-----w c:\documents and settings\GP\Dati applicazioni\Simple Sudoku
2008-12-30 11:15 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-23 07:27 --------- d-----w c:\programmi\AutoCAD 2002 Ita
2008-12-12 16:28 --------- d-----w c:\documents and settings\GP\Dati applicazioni\Skype
2008-12-12 16:27 --------- d-----w c:\documents and settings\GP\Dati applicazioni\skypePM
2008-12-01 16:39 --------- d-----w c:\programmi\Launch Manager
2008-12-01 15:08 --------- d-----w c:\programmi\MiniMon
2008-12-01 15:07 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-12-01 15:07 249,856 ------w c:\windows\Setup1.exe
2008-11-11 14:31 --------- d-----w c:\programmi\ImageJ
2008-11-04 13:09 --------- d-----w c:\programmi\ImageSP Viewer
2008-01-09 15:47 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"LaunchReprogramming"="c:\programmi\INCA\Bin\LaunchReprogramming.exe" [2002-01-25 28672]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoUpdate Monitor.lnk - c:\programmi\Sophos\AutoUpdate\ALMon.exe [2007-12-10 245760]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2008-06-03 25214]
Avvio veloce di Adobe Acrobat.lnk.disabled [2008-04-16 2319]
Google Updater.lnk.disabled [2007-12-22 896]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-02 23:20 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:38 1289000 c:\programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-02 23:20 1830128 c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-16 16:11 185896 c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"smtpsrv"=c:\programmi\Advanced SMTP Server\SMTPServer.exe
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe"
"TrueImageMonitor.exe"=c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"preload"=c:\windows\RUNXMLPL.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"Alcmtr"=ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 oimsmd;Oxford Instruments Microanalysis Limited System Manager;\??\c:\windows\system32\Drivers\oimsmd.sys [2001-07-17 7392]
R1 RCFOX;SonicWALL IPsec Driver;\??\c:\windows\system32\Drivers\RCFOX.sys [2007-12-14 101528]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2008-01-14 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2008-01-14 35584]
R2 DK3DRV;DK3 Windows NT Driver;\??\c:\windows\system32\Drivers\DK3DRV.SYS [2008-01-14 13872]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2002-07-09 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2002-07-09 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\Nidaq32k.sys [2002-07-09 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2002-07-09 50688]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2002-07-09 31232]
R2 nistck;nistck;c:\windows\system32\drivers\nistck.dll [2002-07-09 111616]
R2 SAVAdminService;Crea report sullo stato di Sophos Anti-Virus;"c:\programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-10-27 69632]
R2 SAVService;Sophos Anti-Virus;"c:\programmi\Sophos\Sophos Anti-Virus\SavService.exe" [2008-10-07 98304]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys [2007-12-14 24876]
S3 DK3USB;DK3usb Enabler;c:\windows\system32\Drivers\DK3USB.sys [2008-01-14 36352]
S3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 SsInstal;Brain Boxes Limited Service;c:\windows\system32\Drivers\SsInstal.sys [2008-11-18 54272]
S3 SsPort;Brain Boxes Serial Port Service;c:\windows\system32\Drivers\SsPort.sys [2008-11-18 79744]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader;c:\windows\system32\Drivers\xusbdfwu.sys [2008-12-01 17152]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-10-07 14976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - i:\bootcd\wintools\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-01-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\programmi\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://global.acer.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\InstFred.ocx - O16 -: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1}
file:///C:/Programmi/AutoCAD%202002%20Ita/InstFred.ocx

c:\windows\Downloaded Program Files\InstBanr.ocx - O16 -: {AE563729-B4F5-11D4-A415-00108302FDFD}
file:///C:/Programmi/AutoCAD%202002%20Ita/InstBanr.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 18:21:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sophos Message Router]
"ImagePath"="\"c:\programmi\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1548)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1604)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\MATLAB7\bin\win32\MATLAB.exe
c:\programmi\Sophos\Remote Management System\ManagementAgentNT.exe
c:\programmi\Sophos\AutoUpdate\ALsvc.exe
c:\programmi\Sophos\Remote Management System\RouterNT.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Adobe\Acrobat 7.0\Distillr\acrodist.exe
c:\programmi\INCA\bin\OIMAGStatusDatabase.exe
c:\windows\system32\igfxext.exe
c:\programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\docume~1\ADMINI~1\IMPOST~1\temp\RtkBtMnt.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-03 18:26:05 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-03 17:26:02

Pre-Run: 99.655.618.560 byte disponibili
Post-Run: 97,361,248,256 byte disponibili

225 --- E O F --- 2007-12-19 21:27:54
gia
Utente Junior
 
Post: 10
Iscritto il: 27/08/02 10:51

Re: services.exe e shutdown

Postdi Luke57 » 04/01/09 10:56

Ciao, adesso come va?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: services.exe e shutdown

Postdi gia » 04/01/09 12:00

No, ancora ho lo stesso problema.
Speravo che il report di ComboFix ti dicesse qualcosa.
Ciao e grazie
gia
Utente Junior
 
Post: 10
Iscritto il: 27/08/02 10:51

Re: services.exe e shutdown

Postdi MIKI68 » 04/01/09 12:43

Da hijackthis fixia questa voce in modalità provvisoria e riavvia,vedi lo fa ancora??
O23 - Service: BJREOYWKDQTI - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\BJREOYWKDQTI.exe (file missing)
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: services.exe e shutdown

Postdi gia » 04/01/09 12:59

MIKI68 ha scritto:Da hijackthis fixia questa voce in modalità provvisoria e riavvia,vedi lo fa ancora??
O23 - Service: BJREOYWKDQTI - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\BJREOYWKDQTI.exe (file missing)


Ciao, gia' fatto, su suggerimento di Luke57, ma non sembra risolvere.
gia
Utente Junior
 
Post: 10
Iscritto il: 27/08/02 10:51


Torna a Sicurezza e Privacy


Topic correlati a "services.exe e shutdown":

Shutdown improvviso
Autore: ppigna
Forum: Software Windows
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 51 ospiti