论坛: 病毒专区 标题: 请教是不是中病毒了? 复制本贴地址    
作者: fox7skin [fox7skin]    论坛用户   登录
进程Services.EXE占用了内存300多M,有哪位高手知道是什么问题吗?

地主 发表时间: 05-09-06 11:05

回复: zch001 [zch001]   论坛用户   登录
系统进行得怎么样?有没有异常??先用杀毒软件杀一次病毒,如果没有发现什么病毒的话.那请用HijackThis_zww汉化版扫描一下你的系统,将扫描日志贴上来,让大家分析一下.

B1层 发表时间: 05-09-06 11:21

回复: fox7skin [fox7skin]   论坛用户   登录
首先谢谢这位仁兄,HijackThis_zww是不是一个软件,在那儿能下载?杀过毒没有找到


[此贴被 fox7skin(fox7skin) 在 09月06日17时30分 编辑过]

B2层 发表时间: 05-09-06 17:27

回复: zch001 [zch001]   论坛用户   登录
http://dqpc.oicp.net/Soft_Show.asp?SoftID=42

B3层 发表时间: 05-09-07 10:29

回复: kailangq [kailangq]   版主   登录
services.exe是微软Windows操作系统的一部分。用于管理启动和停止服务。该进程也会处理在计算机启动和关机时运行的服务。这个程序对你系统的正常运行是非常重要的。注意:services也可能是W32.Randex.R(储存在%systemroot%\system32\目录)和Sober.P (储存在%systemroot%\Connection Wizard\Status\目录)木马。该木马允许攻击者访问你的计算机,窃取密码和个人数据。该进程的安全等级是建议立即删除。

B4层 发表时间: 05-09-07 17:50

回复: stcallme [stcallme]   论坛用户   登录
中木马的可能性大!还是先杀毒吧!

B5层 发表时间: 05-09-20 12:21

回复: lqfrla [lqfrla]   论坛用户   登录
内存挺大的嘛!!!300多呢

B6层 发表时间: 05-09-20 14:32

回复: fox7skin [fox7skin]   论坛用户   登录
谢谢大家,我马上试一试,我那是服务器,内存肯定大,2G,双智强2.8GCUP,够爽吧

B7层 发表时间: 05-09-26 19:17

回复: fox7skin [fox7skin]   论坛用户   登录
Logfile of HijackThis v1.99.0
Scan saved at 19:30:20, on 2005-09-26
Platform: Unknown Windows (WinNT 5.02.3790 SP1)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
e:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINNT\system32\lserver.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
e:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
c:\winnt\system32\inetsrv\w3wp.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\conime.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\wan.HDL-SERVER\桌面\HijackThis.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\wan.hdl-server\windows\system32\mswsock.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{45D048A1-6183-4106-85D7-D6B0A053B2AE}: NameServer = 202.96.128.68,202.96.134.133
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing)
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing)
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing)
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\inetcomm.dll (file missing)
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing)
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing)
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing)
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll
O23 - Service: Application Experience Lookup Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Application Layer Gateway Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ASP.NET State Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Background Intelligent Transfer Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Cryptographic Services - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: Distributed File System - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Jemsn Pos Remote Data Service For .NET -  - c:\program files\jemsn\posserver\jemsn.pos.posserver.exe
O23 - Service: Server - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Net Logon - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec AntiVirus Server - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: File Replication - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Plug and Play - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resultant Set of Policy Provider - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Special Administration Console Helper - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Serv-U FTP 服务器 - Unknown - C:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Print Spooler - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Performance Logs and Alerts - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Server Licensing - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lserver.exe (file missing)
O23 - Service: Distributed Link Tracking Client - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: World Wide Web Publishing Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing)



B8层 发表时间: 05-09-26 19:36

回复: fox7skin [fox7skin]   论坛用户   登录
那位兄弟能指点一下,以上有没有问题?

B9层 发表时间: 05-09-26 19:37

回复: BBL [bbl]   论坛用户   登录
对高手来说没问题..对俺就大大有问题了....

B10层 发表时间: 05-10-11 22:56

论坛: 病毒专区

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号