|
 | 作者: fox7skin [fox7skin]
 论坛用户 |
登录 |
| 进程Services.EXE占用了内存300多M,有哪位高手知道是什么问题吗? |
| 地主 发表时间: 05-09-06 11:05 |
 | 回复: zch001 [zch001]  论坛用户 |
登录 |
|
系统进行得怎么样?有没有异常??先用杀毒软件杀一次病毒,如果没有发现什么病毒的话.那请用HijackThis_zww汉化版扫描一下你的系统,将扫描日志贴上来,让大家分析一下. |
| B1层 发表时间: 05-09-06 11:21 |
| 回复: fox7skin [fox7skin] 论坛用户 |
登录 |
|
首先谢谢这位仁兄,HijackThis_zww是不是一个软件,在那儿能下载?杀过毒没有找到 [此贴被 fox7skin(fox7skin) 在 09月06日17时30分 编辑过] |
| B2层 发表时间: 05-09-06 17:27 |
| 回复: zch001 [zch001] 论坛用户 |
登录 |
|
http://dqpc.oicp.net/Soft_Show.asp?SoftID=42 |
| B3层 发表时间: 05-09-07 10:29 |
 | 回复: kailangq [kailangq]  版主 |
登录 |
|
services.exe是微软Windows操作系统的一部分。用于管理启动和停止服务。该进程也会处理在计算机启动和关机时运行的服务。这个程序对你系统的正常运行是非常重要的。注意:services也可能是W32.Randex.R(储存在%systemroot%\system32\目录)和Sober.P (储存在%systemroot%\Connection Wizard\Status\目录)木马。该木马允许攻击者访问你的计算机,窃取密码和个人数据。该进程的安全等级是建议立即删除。 |
| B4层 发表时间: 05-09-07 17:50 |
| 回复: stcallme [stcallme]  论坛用户 |
登录 |
|
中木马的可能性大!还是先杀毒吧! |
| B5层 发表时间: 05-09-20 12:21 |
 | 回复: lqfrla [lqfrla] 论坛用户 |
登录 |
内存挺大的嘛!!!300多呢 |
| B6层 发表时间: 05-09-20 14:32 |
| 回复: fox7skin [fox7skin] 论坛用户 |
登录 |
|
谢谢大家,我马上试一试,我那是服务器,内存肯定大,2G,双智强2.8GCUP,够爽吧 |
| B7层 发表时间: 05-09-26 19:17 |
| 回复: fox7skin [fox7skin] 论坛用户 |
登录 |
|
Logfile of HijackThis v1.99.0 Scan saved at 19:30:20, on 2005-09-26 Platform: Unknown Windows (WinNT 5.02.3790 SP1) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\SAV\DefWatch.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe e:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlservr.exe C:\PROGRA~1\SAV\Rtvscan.exe C:\Program Files\Serv-U\ServUDaemon.exe C:\WINNT\system32\lserver.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINNT\System32\svchost.exe e:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlagent.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MsgSys.EXE c:\winnt\system32\inetsrv\w3wp.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\conime.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Documents and Settings\wan.HDL-SERVER\桌面\HijackThis.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\winlogon.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe, O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'c:\documents and settings\wan.hdl-server\windows\system32\mswsock.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{45D048A1-6183-4106-85D7-D6B0A053B2AE}: NameServer = 202.96.128.68,202.96.134.133 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing) O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing) O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing) O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\inetcomm.dll (file missing) O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing) O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing) O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\mshtml.dll (file missing) O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll O23 - Service: Application Experience Lookup Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Application Layer Gateway Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\alg.exe (file missing) O23 - Service: Application Management - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: ASP.NET State Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: Background Intelligent Transfer Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Computer Browser - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Cryptographic Services - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DCOM Server Process Launcher - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe O23 - Service: Distributed File System - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\Dfssvc.exe (file missing) O23 - Service: DHCP Client - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Logical Disk Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: DNS Client - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Error Reporting Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Event Log - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\services.exe (file missing) O23 - Service: Help and Support - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Jemsn Pos Remote Data Service For .NET - - c:\program files\jemsn\posserver\jemsn.pos.posserver.exe O23 - Service: Server - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Workstation - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: TCP/IP NetBIOS Helper - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Net Logon - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Network Connections - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Location Awareness (NLA) - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Symantec AntiVirus Server - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe O23 - Service: File Replication - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\ntfrs.exe (file missing) O23 - Service: NT LM Security Support Provider - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Removable Storage - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Plug and Play - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Access Auto Connection Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Access Connection Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Registry - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\locator.exe (file missing) O23 - Service: Remote Procedure Call (RPC) - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Resultant Set of Policy Provider - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\RSoPProv.exe (file missing) O23 - Service: Special Administration Console Helper - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Security Accounts Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Smart Card - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\SCardSvr.exe (file missing) O23 - Service: Task Scheduler - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Secondary Logon - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Event Notification - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Serv-U FTP 服务器 - Unknown - C:\Program Files\Serv-U\ServUDaemon.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Shell Hardware Detection - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Print Spooler - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Microsoft Software Shadow Copy Provider - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Performance Logs and Alerts - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Telephony - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Terminal Services - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Terminal Server Licensing - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\lserver.exe (file missing) O23 - Service: Distributed Link Tracking Client - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Upload Manager - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Uninterruptible Power Supply - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\ups.exe (file missing) O23 - Service: Virtual Disk Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: Windows Time - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: World Wide Web Publishing Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: WinHTTP Web Proxy Auto-Discovery Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Management Instrumentation - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Portable Media Serial Number Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Automatic Updates - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wireless Configuration - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Provisioning Service - Unknown - C:\Documents and Settings\wan.HDL-SERVER\WINDOWS\System32\svchost.exe (file missing) |
| B8层 发表时间: 05-09-26 19:36 |
| 回复: fox7skin [fox7skin] 论坛用户 |
登录 |
|
那位兄弟能指点一下,以上有没有问题? |
| B9层 发表时间: 05-09-26 19:37 |
 | 回复: BBL [bbl] 论坛用户 |
登录 |
|
对高手来说没问题..对俺就大大有问题了.... |
| B10层 发表时间: 05-10-11 22:56 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 病毒专区
标题: 请教是不是中病毒了?