中木马群清除后留下svchost.exe -k imgsvc进程,是不是正常?
用SREng扫描不出PID进程,可以中断进程对系统没影响!
又查不出加载有问题的DLL,请高人指点:
[svchost.exe]
PID = 0x6f8
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc
    svchost.exe
    0x1000000
    C:\WINDOWS\system32\svchost.exe
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Generic Host Process for Win32 Services
    2004-08-17 18:00:00

    ntdll.dll
    0x7c920000
    C:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2004-08-17 18:00:00

    kernel32.dll
    0x7c800000
    C:\WINDOWS\system32\kernel32.dll
    5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)
    Microsoft Corporation
    Windows NT BASE API Client DLL
    2006-07-05 18:55:59

    ADVAPI32.dll
    0x77da0000
    C:\WINDOWS\system32\advapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Advanced Windows 32 Base API
    2004-08-17 18:00:00

    RPCRT4.dll
    0x77e50000
    C:\WINDOWS\system32\rpcrt4.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Procedure Call Runtime
    2004-08-17 18:00:00

    ShimEng.dll
    0x5cc30000
    C:\WINDOWS\system32\shimeng.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Shim Engine DLL
    2004-08-17 18:00:00

    AcGenral.DLL
    0x58fb0000
    C:\WINDOWS\AppPatch\AcGenral.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Compatibility DLL
    2004-08-17 18:00:00

    USER32.dll
    0x77d10000
    C:\WINDOWS\system32\user32.dll
    5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)
    Microsoft Corporation
    Windows XP USER API Client DLL
    2007-03-08 23:37:22

    GDI32.dll
    0x77ef0000
    C:\WINDOWS\system32\gdi32.dll
    5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)
    Microsoft Corporation
    GDI Client DLL
    2007-03-08 23:37:22

    WINMM.dll
    0x76b10000
    C:\WINDOWS\system32\winmm.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    MCI API DLL
    2004-08-17 18:00:00

    ole32.dll
    0x76990000
    C:\WINDOWS\system32\ole32.dll
    5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)
    Microsoft Corporation
    Microsoft OLE for Windows
    2005-07-26 12:39:50

    msvcrt.dll
    0x77be0000
    C:\WINDOWS\system32\msvcrt.dll
    7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT CRT DLL
    2004-08-17 18:00:00

    OLEAUT32.dll
    0x770f0000
    C:\WINDOWS\system32\oleaut32.dll
    5.1.2600.2180
    Microsoft Corporation
   
    2004-08-17 18:00:00

    MSACM32.dll
    0x77bb0000
    C:\WINDOWS\system32\msacm32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft ACM Audio Filter
    2004-08-17 18:00:00

    VERSION.dll
    0x77bd0000
    C:\WINDOWS\system32\version.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Version Checking and File Installation Libraries
    2004-08-17 18:00:00

    SHELL32.dll
    0x7d590000
    C:\WINDOWS\system32\shell32.dll
    6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)
    Microsoft Corporation
    Windows Shell Common Dll
    2006-12-20 05:49:35

    SHLWAPI.dll
    0x77f40000
    C:\WINDOWS\system32\shlwapi.dll
    6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)
    Microsoft Corporation
    Shell Light-weight Utility Library
    2007-01-04 22:00:10

    USERENV.dll
    0x759d0000
    C:\WINDOWS\system32\userenv.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Userenv
    2004-08-17 18:00:00

    UxTheme.dll
    0x5adc0000
    C:\WINDOWS\system32\uxtheme.dll
    6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft UxTheme Library
    2004-08-17 18:00:00

    IMM32.DLL
    0x76300000
    C:\WINDOWS\system32\imm32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows XP IMM32 API Client DLL
    2004-08-17 18:00:00

    LPK.DLL
    0x62c20000
    C:\WINDOWS\system32\lpk.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Language Pack
    2004-08-17 18:00:00

    USP10.dll
    0x73fa0000
    C:\WINDOWS\system32\usp10.dll
    1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Uniscribe Unicode script processor
    2004-08-17 18:00:00

    comctl32.dll
    0x77180000
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    6.0 (xpsp.060825-0040)
    Microsoft Corporation
    User Experience Controls Library
    2006-08-25 23:49:41

    comctl32.dll
    0x5d170000
    C:\WINDOWS\system32\comctl32.dll
    5.82 (xpsp.060825-0040)
    Microsoft Corporation
    Common Controls Library
    2006-08-25 23:49:44

    wiaservc.dll
    0x749c0000
    c:\WINDOWS\system32\wiaservc.dll
    5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)
    Microsoft Corporation
    Still Image Devices Service
    2006-12-20 02:17:09

    CFGMGR32.dll
    0x74a40000
    c:\WINDOWS\system32\cfgmgr32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Configuration Manager Forwarder DLL
    2004-08-17 18:00:00

    setupapi.dll
    0x76060000
    C:\WINDOWS\system32\setupapi.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Setup API
    2004-08-17 18:00:00

    mscms.dll
    0x73aa0000
    c:\WINDOWS\system32\mscms.dll
    5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)
    Microsoft Corporation
    Microsoft Color Matching System DLL
    2005-06-29 09:49:55

    WINSPOOL.DRV
    0x72f70000
    c:\WINDOWS\system32\winspool.drv
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Spooler Driver
    2004-08-17 18:00:00

    WINSTA.dll
    0x762d0000
    c:\WINDOWS\system32\winsta.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Winstation Library
    2004-08-17 18:00:00

    NETAPI32.dll
    0x5fdd0000
    C:\WINDOWS\system32\netapi32.dll
    5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)
    Microsoft Corporation
    Net Win32 API DLL
    2006-08-17 20:29:48

    xpsp2res.dll
    0x20000000
    C:\WINDOWS\system32\xpsp2res.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Service Pack 2 Messages
    2004-08-17 18:00:00

    CLBCATQ.DLL
    0x76fa0000
    C:\WINDOWS\system32\clbcatq.dll
    2001.12.4414.308
    Microsoft Corporation
   
    2005-07-26 12:39:45

    COMRes.dll
    0x77020000
    C:\WINDOWS\system32\comres.dll
    2001.12.4414.258
    Microsoft Corporation
   
    2004-08-17 18:00:00

    WINTRUST.dll
    0x76c00000
    C:\WINDOWS\system32\wintrust.dll
    5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Trust Verification APIs
    2004-08-17 18:00:00

    CRYPT32.dll
    0x765e0000
    C:\WINDOWS\system32\crypt32.dll
    5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Crypto API32
    2004-08-17 18:00:00

    MSASN1.dll
    0x76db0000
    C:\WINDOWS\system32\msasn1.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    ASN.1 Runtime APIs
    2004-08-17 18:00:00

    IMAGEHLP.dll
    0x76c60000
    C:\WINDOWS\system32\imagehlp.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT Image Helper
    2004-08-17 18:00:00

    wiavusd.dll
    0x5a4f0000
    C:\WINDOWS\system32\wiavusd.dll
    5.1.2600.0 (XPClient.010817-1148)
    Microsoft Corporation
    WIA Video Stream device USD
    2004-08-17 18:00:00

    gdiplus.dll
    0x4ae90000
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
    5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft GDI+
    2004-08-17 18:00:00

    SHFOLDER.dll
    0x76750000
    C:\WINDOWS\system32\shfolder.dll
    6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Shell Folder Service
    2004-08-17 18:00:00

    actxprxy.dll
    0x71cc0000
    C:\WINDOWS\system32\actxprxy.dll
    6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    ActiveX Interface Marshaling Library
    2004-08-17 18:00:00

没问题

引用:

【newcenturymoon的贴子】没问题 ………………

1.其中imgsvc、NetworkService、rpcss、termsvcs四个组，它们都只有一个服务运行，这些服务启动后的Svchost.exe进程用户名为“SYSTEM".为何用SREng扫描不出PID进程呀?且PID值又高.其中有应有问题存在.
2.svchost.exe -k imgsvc加载那么多DLL,又可以在任务管理器正常结束进程,系统没有出错提示.