下载文件的时候完成后却显示了个为services.exe的文件,他不能打开不能删除不能更改内容,打开他的时候瑞星提示他要连接网络是否放行，我开始选的Ｎ，后来又选了Ｙ，他是病毒吗？他的公司是1000 oaks.他的内容如下．用瑞星查杀没有找到他是病毒，有危险吗？现在我该怎么办？
------------------------------------------------------------------------------
MZ@????L?This program cannot be run in DOS mode.

$?垠si報si報si?ld堯si圧ich髎iPEL
?*D

P `@
€湛$[(p( p.text\LP `.data\`@?rsrcp`@@`?MSVBVM60.DLL驎7j?8j嫶6jt?j?6j1+6j展6j?j趵6jo?jx?j呫*j3|5j|g5j[N*j抹7j
c6j]?jn?j橶*j|?j>?j<?j
?j馡*jq?j奸5j(@d@`@@<@@@@@@@@X@0@@H@P@\@ @L@h@8@D@4@$@,@@T@h?@桀8颚n論j=A寄??
Mop
瞛:?L樅I/-小麉冮咳I?霵    ?L:O?檉??`訐?{Form1
????????€€誣$Form1.5
v=F!
Timer1xP瞛:?L樅I/-小?\@LVB5!?vb6chs.dll*
\@?

X@X@ @xservicesIELOCKMop
 @@[@ [@\`@?@*\AF:\zf齹IE
暁[(gl?ubhV4.14(5.11.25)\IELock3.0\IELOCK.VBP
€8@?@`@t!@
€MopForm1Processgetweb厓榭?領?霵    ?L搛?2A窫宻痎?瞛:?L樅I/-小?d倖w
鰼び鐘@镶(*O?檉??`訐Timer1.=鸂h?+3q礐:\Program Files\Microsoft Visual Studio\VB98\VB6.OLBVB?@    ?@"@鋏@[:O?檉??`訐Form
advapi32.dllRegCreateKeyA%system%\d"@x"@鑕@○e@纓h?@竝@RegCloseKeyd"@?@鬳@↑e@纓h?@竝@RegSetValueExAd"@$#@f@?f@纓h4#@竝@RegQueryValueAd"@l#@f@?f@纓h|#@竝@
RegSetValueAd"@?@f@?f@纓h?@竝@    kernel32GetWindowsDirectoryA?@$@$f@?f@纓h$$@竝@GetSystemDirectoryA?@\$@0f@?f@纓ht$@竝@GetCurrentProcessId?@?@<f@f@纓h?@竝@RegisterServiceProcess?@?@Hf@f@纓h%@竝@WritePrivateProfileStringA?@H%@Tf@f@纓hd%@竝@shell32.dllShellExecuteA?@?@`f@f@纓h?@竝@user32GetForegroundWindowservices.exe?@&@lf@f@纓h4&@竝@GetWindowTextLengthA?@l&@xf@f@纓h?@竝@GetWindowTextA?@?@刦@f@纓h?@竝@SetWindowTextA?@'@恌@f@纓h'@竝@4
8
@
D
H
L
P
\
d
h
l
t
x
|
€gl?


5.
1.2
?d



servicesInternetOpenUrlAZsoftware\microsoft\windows\currentVersion\runjsoftware\microsoft\windows\CurrentVersion\Runservicesjsoftware\Microsoft\Windows\CurrentVersion\RunservicesWindowsRunwin.iniwininet.dllInternetOpenA?@?@渇@·f@纓h?@竝@?@?@╢@“f@纓h?@竝@HttpOpenRequestA?@*@磃@〖f@纓h$*@竝@InternetReadFile?@\*@纅@∪f@纓hp*@竝@InternetCloseHandle?@?@蘤@≡f@纓h?@竝@ 


begin::end
lock:
:lock
down:#
:down%windows%attack::attackspring::springprurl::prurl
prbt:
:prbtVBA6.DLLttp:/http://s.dragon128.netronlogin.asp2/aptitude/agon12ptitud
login?admin_un=&Code=ragon12h
/s.drag128.com8.cRsoftware\Microsoft\Internet Explorer\MainStart PageAptitudeIE3.0Lock_UrlVersionNumberopen"#=鸂h?+3q?=鸂h?+3q??@?@yO?檉??`訐,
(
4$
?$
Process32First?@8/@豧@∴f@纓hH/@竝@Process32Next?@€@鋐@§f@纓h?@竝@CreateToolhelp32Snapshot?@?@餱@▲f@纓h?@竝@TerminateProcess?@0@黤@?g@纓h00@竝@OpenProcess?@h0@g@?g@纓ht0@竝@FindWindowA?@?@g@?g@纓h?@竝@
PostMessageA?@?@ g@?g@纓h1@竝@8DI 報/@0~?HE鴋8
?<
鄕.exe€S
€
code:XApplications\iexplore.exe\shell\open\commandiexplorezSOFTWARE\Classes\Applications\iexplore.exe\shell\open\command)O?檉??`訐?@,g@?Code128=Loading . . .*,KVMonXP.kxp,KvXP.kxp,,KAV32.EXE,KATMain.EXE,adam.exe
ccApp?@ @?@ "@?@0g@ "@H"@4g@?@&4@l4躘餥\X€\4\?€€\?€€€€€€€€€SVBVM60.DLLMethCallEngineEVENT_SINK_AddRefDllFunctionCallEVENT_SINK_ReleaseEVENT_SINK_QueryInterface__vbaExceptHandlerProcCallEngine?*DX€@€(€*D

x€*D

€*D1u€u€*D
?*D
?*D
?*D

q??豷$?黶(
?$u???4VS_VERSION_INFO?稔



DVarFileInfo$Translation?
StringFileInfo?
080404B04
CompanyName1000 oaks<
FileDescriptioniMop.exeD
LegalCopyrightCopyright 2005D"
ProductNameiMopStart Module4
FileVersion1.00.00028
ProductVersion1.00.00024
InternalNameservicesD
OriginalFilenameservices.exe
  
?1u
(
2u(
€€€€€纮€噖wwww?????????€€誣( @
€€€€€€纮€wwwwwwwwwwpp??忦??忦???忦??忦??忦??忦???忦????忦??忦??????????????鴱堷張鴱堷弨騃$code:hhfucom

【回复“benkim”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS
导出全部日志

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 22:53:55, on 2006-4-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
d:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\Real\RealPlayer\realplay.exe
D:\hijackthis\hijackthis1.97_qoo\HijackThis.exe

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [boot-hf] c:\windows\BOOT-hf.exe
O4 - HKCU\..\RunServices: [services] C:\WINDOWS\services.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
这两个是我不想用的,修复了
O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe 就是我找的病毒,我也修复了!
最新的列表示--HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 23:41:23, on 2006-4-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
d:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\TT\TTraveler.exe
D:\hijackthis\hijackthis1.97_qoo\HijackThis.exe

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [boot-hf] c:\windows\BOOT-hf.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

请问斑竹我这样操作对吗??
我修复了O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe 后,新的HIJACKTHIS已经扫描不到它了,但MSCONFIG里仍有2个他的选项在,这样不碍事了把!
谢谢你!!!