system.dll,Nskhelper2.sys,oapejg.sys,991b0345.dat,NsPass0.sys等1

endurer 原创

2008-12-03 第1版

一位朋友的电脑中的杀毒软件无法启动;QQ医生保护不停地提示有程序要修改系统配置;打开“我的电脑”,总是在搜索,磁盘图标显示不出来。请偶帮忙检修。

使用 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):

pe_xscan 08-08-01 by Purple Endurer 2008-12-3 21:25:22 Windows XP Service Pack 2(5.1.2600) MSIE:6.0.2900.2180 管理员用户组 正常模式 

[System Process] * 0    C:/WINDOWS/system32/mcdxhwbu.dll| 2008-12-3 7:16:3    C:/WINDOWS/TEMP/gameset.dat | 2008-12-3 7:18:32    C:/WINDOWS/system32/sysmxd3.dll | 2008-12-3 3:19:3  C:/WINDOWS/System32/zongximk.exe * 2196 | 2008-12-3 7:14:6  C:/WINDOWS/Temp/267500 * 3944 | 2008-12-3 7:15:40  C:/WINDOWS/Temp/444062 * 2720 | 2008-12-3 7:18:36

C:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/D:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/E:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/F:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/O20 - AppInit_DLLs = qanhllao.dll,zongxim.dll,meyotme.dll,lenyuns.dll,woodken.dll,zesttns.dll,kandoftt.dll,qonenx.dll,xuntxn.dll,cenbezn.dll,telmanz.dll,jolends.dll,xsisco.dll,tobaoup.dll,hsexer.dll,jonzyan.dll,wonlins.dll,delnice.dll,kodens.dll,qzyerd.dll O21 - SSODL - oecynwna.dll(0) - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/mcdxhwbu.dll| 2008-12-3 7:16:3 O21 - SSODL - mcdxhwbu.dll(0) - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/mcdxhwbu.dll| 2008-12-3 7:16:3 O23 - 服务: NsDlRK250 (NsDlRK250) - C:/WINDOWS/system32/Nskhelper2.sys | 2008-12-3 3:12:48(手动) O23 - 服务: NsPsDk00 (NsPsDk00) - C:/WINDOWS/system32/NsPass0.sys | 2008-12-3 3:13:57(手动) O23 - 服务: NsPsDk01 (NsPsDk01) - C:/WINDOWS/system32/NsPass1.sys | 2008-12-3 3:14:59(手动) O23 - 服务: NsPsDk02 (NsPsDk02) - C:/WINDOWS/system32/NsPass2.sys | 2008-12-3 3:16:1(手动) O23 - 服务: NsPsDk03 (NsPsDk03) - C:/WINDOWS/system32/NsPass3.sys | 2008-12-3 3:17:4(手动) O23 - 服务: NsPsDk04 (NsPsDk04) - C:/WINDOWS/system32/NsPass4.sys | 2008-12-3 3:18:6(手动) O23 - 服务: oapejg (oapejg) - C:/WINDOWS/System32/drivers/oapejg.sys | 2008-11-28 1:2:47(引导) O23 - 服务: SafeMon0 (360 safe mon) - C:/WINDOWS/system32/991b0345.dat | 2008-12-3 3:59:4(系统) O23 - 服务: stisvc (Windows Image Acquisition (WIA)) - C:/WINDOWS/system32/svchost.exe -k imgsvc | 2004-8-3 16:52:38 -> C:/WINDOWS/system32/wiaservc.dll | 2004-8-3 16:52:28(自动) O23 - 服务: W32Time (Windows Time) - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2004-8-3 16:52:38 -> C:/WINDOWS/system32/w32time.dll| 2004-8-3 16:52:26(自动)O24 - ShlExecHook: [HookExecute Class] - {4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A} = C:/PROGRA~1/Yahoo!/ASSIST~1/yclickon.dllO24 - ShlExecHook: [PatchCom] - {E568441B-9EF3-49F8-9A67-4141AC41ADD4} = C:/PROGRA~1/Yahoo!/ASSIST~1/assist/ypatch.dllO24 - ShlExecHook: [4] - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/mcdxhwbu.dll | 2008-12-3 7:16:3O24 - ShlExecHook: [] - {3FDEB171-8F86-0004-0001-69B8DB553683} = C:/WINDOWS/system32/sysmxd3.dll | 2008-12-3 3:19:3O26 - IFEO: 360safe.exe -> svchost.exeO26 - IFEO: 360safebox.exe -> svchost.exeO26 - IFEO: 360tray.exe -> svchost.exeO26 - IFEO: ACKWIN32.exe -> svchost.exeO26 - IFEO: ANTI-TROJAN.exe -> svchost.exeO26 - IFEO: anti.exe -> svchost.exeO26 - IFEO: antivir.exe -> svchost.exeO26 - IFEO: atrack.exe -> svchost.exeO26 - IFEO: AUTODOWN.exe -> svchost.exeO26 - IFEO: AVCONSOL.exe -> svchost.exeO26 - IFEO: AVE32.exe -> svchost.exeO26 - IFEO: AVGCTRL.exe -> svchost.exeO26 - IFEO: avk.exe -> svchost.exeO26 - IFEO: AVKSERV.exe -> svchost.exeO26 - IFEO: avp.exe -> svchost.exeO26 - IFEO: AVPUPD.exe -> svchost.exeO26 - IFEO: AVSCHED32.exe -> svchost.exeO26 - IFEO: avsynmgr.exe -> svchost.exeO26 - IFEO: AVWIN95.exe -> svchost.exeO26 - IFEO: avxonsol.exe -> svchost.exeO26 - IFEO: BLACKD.exe -> svchost.exeO26 - IFEO: BLACKICE.exe -> svchost.exeO26 - IFEO: CCenter.exe -> svchost.exeO26 - IFEO: CFIADMIN.exe -> svchost.exeO26 - IFEO: CFIAUDIT.exe -> svchost.exeO26 - IFEO: CFIND.exe -> svchost.exeO26 - IFEO: cfinet.exe -> svchost.exeO26 - IFEO: cfinet32.exe -> svchost.exeO26 - IFEO: CLAW95.exe -> svchost.exeO26 - IFEO: CLAW95CT.exe -> svchost.exeO26 - IFEO: CLEANER.exe -> svchost.exeO26 - IFEO: CLEANER3.exe -> svchost.exeO26 - IFEO: DAVPFW.exe -> svchost.exeO26 - IFEO: dbg.exe -> svchost.exeO26 - IFEO: debu.exe -> svchost.exeO26 - IFEO: DV95.exe -> svchost.exeO26 - IFEO: DV95_O.exe -> svchost.exeO26 - IFEO: DVP95.exe -> svchost.exeO26 - IFEO: ECENGINE.exe -> svchost.exeO26 - IFEO: EFINET32.exe -> svchost.exeO26 - IFEO: ESAFE.exe -> svchost.exeO26 - IFEO: ESPWATCH.exe -> svchost.exeO26 - IFEO: explorewclass.exe -> svchost.exeO26 - IFEO: F-AGNT95.exe -> svchost.exeO26 - IFEO: F-PROT.exe -> svchost.exeO26 - IFEO: f-prot95.exe -> svchost.exeO26 - IFEO: f-stopw.exe -> svchost.exeO26 - IFEO: FINDVIRU.exe -> svchost.exeO26 - IFEO: fir.exe -> svchost.exeO26 - IFEO: fp-win.exe -> svchost.exeO26 - IFEO: FRW.exe -> svchost.exeO26 - IFEO: IAMAPP.exe -> svchost.exeO26 - IFEO: IAMSERV.exe -> svchost.exeO26 - IFEO: IBMASN.exe -> svchost.exeO26 - IFEO: IBMAVSP.exe -> svchost.exeO26 - IFEO: ice.exe -> svchost.exeO26 - IFEO: IceSword.exe -> svchost.exeO26 - IFEO: ICLOAD95.exe -> svchost.exeO26 - IFEO: ICLOADNT.exe -> svchost.exeO26 - IFEO: ICMOON.exe -> svchost.exeO26 - IFEO: ICSSUPPNT.exe -> svchost.exeO26 - IFEO: iom.exe -> svchost.exeO26 - IFEO: iomon98.exe -> svchost.exeO26 - IFEO: JED.exe -> svchost.exeO26 - IFEO: Kabackreport.exe -> svchost.exeO26 - IFEO: Kasmain.exe -> svchost.exeO26 - IFEO: kav32.exe -> svchost.exeO26 - IFEO: kavstart.exe -> svchost.exeO26 - IFEO: kissvc.exe -> svchost.exeO26 - IFEO: KPFW32.exe -> svchost.exeO26 - IFEO: kpfwsvc.exe -> svchost.exeO26 - IFEO: KPPMain.exe -> svchost.exeO26 - IFEO: KRF.exe -> svchost.exeO26 - IFEO: KVMonXP.exe -> svchost.exeO26 - IFEO: KVPreScan.exe -> svchost.exeO26 - IFEO: kwatch.exe -> svchost.exeO26 - IFEO: lamapp.exe -> svchost.exeO26 - IFEO: lockdown2000.exe -> svchost.exeO26 - IFEO: LOOKOUT.exe -> svchost.exeO26 - IFEO: luall.exe -> svchost.exeO26 - IFEO: LUCOMSERVER.exe -> svchost.exeO26 - IFEO: mcafee.exe -> svchost.exeO26 - IFEO: microsoft.exe -> svchost.exeO26 - IFEO: mon.exe -> svchost.exeO26 - IFEO: moniker.exe -> svchost.exeO26 - IFEO: MOOLIVE.exe -> svchost.exeO26 - IFEO: MPFTRAY.exe -> svchost.exeO26 - IFEO: ms.exe -> svchost.exeO26 - IFEO: N32ACAN.exe -> svchost.exeO26 - IFEO: navapsvc.exe -> svchost.exeO26 - IFEO: navapw32.exe -> svchost.exeO26 - IFEO: NAVLU32.exe -> svchost.exeO26 - IFEO: NAVNT.exe -> svchost.exeO26 - IFEO: navrunr.exe -> svchost.exeO26 - IFEO: NAVSCHED.exe -> svchost.exeO26 - IFEO: NAVW.exe -> svchost.exeO26 - IFEO: NAVW32.exe -> svchost.exeO26 - IFEO: navwnt.exe -> svchost.exeO26 - IFEO: nisserv.exe -> svchost.exeO26 - IFEO: nisum.exe -> svchost.exeO26 - IFEO: NMAIN.exe -> svchost.exeO26 - IFEO: NORMIST.exe -> svchost.exeO26 - IFEO: norton.exe -> svchost.exeO26 - IFEO: NUPGRADE.exe -> svchost.exeO26 - IFEO: NVC95.exe -> svchost.exeO26 - IFEO: office.exe -> svchost.exeO26 - IFEO: OUTPOST.exe -> svchost.exeO26 - IFEO: PADMIN.exe -> svchost.exeO26 - IFEO: PAVCL.exe -> svchost.exeO26 - IFEO: pcc.exe -> svchost.exeO26 - IFEO: PCCClient.exe -> svchost.exeO26 - IFEO: pccguide.exe -> svchost.exeO26 - IFEO: pcciomon.exe -> svchost.exeO26 - IFEO: pccmain.exe -> svchost.exeO26 - IFEO: pccwin98.exe -> svchost.exeO26 - IFEO: PCFWALLICON.exe -> svchost.exeO26 - IFEO: PERSFW.exe -> svchost.exeO26 - IFEO: PpPpWallRun.exe -> svchost.exeO26 - IFEO: program.exe -> svchost.exeO26 - IFEO: prot.exe -> svchost.exeO26 - IFEO: pview95.exe -> svchost.exeO26 - IFEO: ras.exe -> svchost.exeO26 - IFEO: Rav.exe -> svchost.exeO26 - IFEO: RAV7.exe -> svchost.exeO26 - IFEO: rav7win.exe -> svchost.exeO26 - IFEO: RavMon.exe -> svchost.exeO26 - IFEO: RavMonD.exe -> svchost.exeO26 - IFEO: RavStub.exe -> svchost.exeO26 - IFEO: RavTask.exe -> svchost.exeO26 - IFEO: regedit.exe -> svchost.exeO26 - IFEO: rescue32.exe -> svchost.exeO26 - IFEO: Rfw.exe -> svchost.exeO26 - IFEO: rn.exe -> svchost.exeO26 - IFEO: safeboxTray.exe -> svchost.exeO26 - IFEO: safeweb.exe -> svchost.exeO26 - IFEO: scam32.exe -> svchost.exeO26 - IFEO: scan.exe -> svchost.exeO26 - IFEO: SCAN32.exe -> svchost.exeO26 - IFEO: SCANPM.exe -> svchost.exeO26 - IFEO: scon.exe -> svchost.exeO26 - IFEO: SCRSCAN.exe -> svchost.exeO26 - IFEO: secu.exe -> svchost.exeO26 - IFEO: SERV95.exe -> svchost.exeO26 - IFEO: sirc32.exe -> svchost.exeO26 - IFEO: SMC.exe -> svchost.exeO26 - IFEO: smtpsvc.exe -> svchost.exeO26 - IFEO: SPHINX.exe -> svchost.exeO26 - IFEO: spy.exe -> svchost.exeO26 - IFEO: sreng.exe -> svchost.exeO26 - IFEO: SWEEP95.exe -> svchost.exeO26 - IFEO: symproxysvc.exe -> svchost.exeO26 - IFEO: TBSCAN.exe -> svchost.exeO26 - IFEO: TCA.exe -> svchost.exeO26 - IFEO: TDS2-98.exe -> svchost.exeO26 - IFEO: TDS2-NT.exe -> svchost.exeO26 - IFEO: Thunder5.exe -> svchost.exeO26 - IFEO: Tmntsrv.exe -> svchost.exeO26 - IFEO: TMOAgent.exe -> svchost.exeO26 - IFEO: tmproxy.exe -> svchost.exeO26 - IFEO: tmupdito.exe -> svchost.exeO26 - IFEO: TSC.exe -> svchost.exeO26 - IFEO: UlibCfg.exe -> svchost.exeO26 - IFEO: vavrunr.exe -> svchost.exeO26 - IFEO: VET95.exe -> svchost.exeO26 - IFEO: VETTRAY.exe -> svchost.exeO26 - IFEO: vir.exe -> svchost.exeO26 - IFEO: VPC32.exe -> svchost.exeO26 - IFEO: VSECOMR.exe -> svchost.exeO26 - IFEO: vshwin32.exe -> svchost.exeO26 - IFEO: VSSCAN40 -> svchost.exeO26 - IFEO: vsstat.exe -> svchost.exeO26 - IFEO: WEBSCAN.exe -> svchost.exeO26 - IFEO: WEBSCANX.exe -> svchost.exeO26 - IFEO: webtrap.exe -> svchost.exeO26 - IFEO: WFINDV32.exe -> svchost.exeO26 - IFEO: windows优化大师.exe -> svchost.exeO26 - IFEO: wink.exe -> svchost.exeO26 - IFEO: XDelbox.exe -> svchost.exeO26 - IFEO: zonealarm.exe -> svchost.exe

(未完待续)

system.dll,Nskhelper2.sys,oapejg.sys,991b0345.dat,NsPass0.sys等1相关推荐

  1. python中sys用法_python中os和sys模块的区别与常用方法总结

    python 的 python中os和sys模块的区别与常用方法总结 前言 本文主要介绍了关于python中os和sys模块区别与常用方法的相关内容,分享出来供大家参考学习,下面话不多说了,来一起看看 ...

  2. python的sys模块有什么用_python sys模块详解

    Python sys 模块详解 1. 简介 "sys"即"system","系统"之意.该模块提供了一些接口,用于访问 Python 解释器 ...

  3. python中sys模块有什么用_Python sys模块用法详解

    sys 模块代表了 Python 解释器,主要用于获取和 Python 解释器相关的信息. 在 Python 的交互式解释器中先导入 sys 模块,然后输入 [e for e in dir(sys) ...

  4. python sys干嘛的_Python之sys模块

    Sys模块函数之多,我只能选取自己认为比较实用的一些函数列在此处.借马云找员工的说法,"找最合适的而不是最天才的",这句话,我个人觉得在很多方面都能适应,学习也不在话下.Sys模块 ...

  5. python中sys模块有问题_python中sys模块之输入输出错误流

    import sys sys.stdout.write("msg")   # 控制台白色字体打印 普通输出流 sys.stderr.write("msg") # ...

  6. python sys模块详解_python之sys模块详解

    sys模块功能多,我们这里介绍一些比较实用的功能,相信你会喜欢的,和我一起走进python的模块吧! sys模块的常见函数列表 sys.argv: 实现从程序外部向程序传递参数. sys.exit([ ...

  7. windows的pagefile.sys是什么文件?pagefile.sys文件太大如何移动到D盘中?

    在C盘系统下,有一个命名为pagefile.sys的文件占用C盘太大的空间,不少用户怕删除pagefile.sys文件之后会对系统造成影响,而不少用户想要将pagefile.sys文件移动到D盘中.那 ...

  8. VS2010 正在下载公共符号system.dll 解决办法

    原来由于调试关于OpenGl的程序时总是出错,到网上查了一下,需要把:vs->工具->选项->调试-> 启用 .net framework 源代码单步执行 勾上 但是现在每次运 ...

  9. python sys os_python常用的一些东西——sys、os等(转)

    1.常用内置函数:(不用import就可以直接使用) help(obj) 在线帮助, obj可是任何类型 callable(obj) 查看一个obj是不是可以像函数一样调用 repr(obj) 得到o ...

最新文章

  1. C语言中整型在计算机中的存储
  2. 如何在windows xp下使用ntfs权限控制
  3. 今天收到了学校给出的退学警告
  4. 案例一:网站模拟登录
  5. c语言fwrite写字符串数组,【字符串数组面试题】面试问题:C语言 文… - 看准网...
  6. CCF NOI1071 Pell数列
  7. 【BZOJ】3396: [Usaco2009 Jan]Total flow 水流 (最大流)
  8. Ubuntu 10.04.2上编译ecos工具
  9. BZOJ1666: [Usaco2006 Oct]Another Cow Number Game 奶牛的数字游戏
  10. windows 架设SVN服务器
  11. .net core判断当前访问源是PC端还是移动端
  12. Java和C++的对照
  13. 笔记本电脑Haswell黑苹果opencore睡眠实战
  14. php实现wav转mp3,求,用PHP实现MP3转WAV后生成波形图的方法
  15. 读书狂想之《平凡的世界》不平凡的人生
  16. python聊天室_python聊天室
  17. Go webrtc项目pion创始人专访 | Gopher Daily (2021.04.07) ʕ◔ϖ◔ʔ
  18. 如何从0到1搭建电商促销系统
  19. android备份recovery,Recovery(Android手机备份功能)
  20. 文件系统之软连接、硬链接的区别/文件删除与空间的联系/df和du的区别

热门文章

  1. Prim Algorithm(普利姆算法)
  2. 【教3妹学java】类加载的过程是什么样的?
  3. 易云股份推出CDN加速服务,极速稳定高性价比
  4. Oracle11g安装,配置监听和数据库实例
  5. Au 音频效果参考:诊断
  6. python商品数据分析可视化系统(带爬虫)京东销售数据分析 计算机毕业设计 源码下载
  7. 不了解基金拆分的基民们,一定要看,一定要,有钱也难买的深度分析: zz
  8. 吃鸡服务器炸了会显示什么,12月21日吃鸡更新后服务器炸了 | 手游网游页游攻略大全...
  9. 华为鸿蒙智慧屏多少钱,能兑现多少?华为智慧屏十年不过时,用鸿蒙理念做智能家居...
  10. 【喜欢的诗词】好了歌