system.dll,Nskhelper2.sys,oapejg.sys,991b0345.dat,NsPass0.sys等1
system.dll,Nskhelper2.sys,oapejg.sys,991b0345.dat,NsPass0.sys等1
endurer 原创
2008-12-03 第1版
一位朋友的电脑中的杀毒软件无法启动;QQ医生保护不停地提示有程序要修改系统配置;打开“我的电脑”,总是在搜索,磁盘图标显示不出来。请偶帮忙检修。
使用 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):
pe_xscan 08-08-01 by Purple Endurer 2008-12-3 21:25:22 Windows XP Service Pack 2(5.1.2600) MSIE:6.0.2900.2180 管理员用户组 正常模式 [System Process] * 0 C:/WINDOWS/system32/mcdxhwbu.dll| 2008-12-3 7:16:3 C:/WINDOWS/TEMP/gameset.dat | 2008-12-3 7:18:32 C:/WINDOWS/system32/sysmxd3.dll | 2008-12-3 3:19:3 C:/WINDOWS/System32/zongximk.exe * 2196 | 2008-12-3 7:14:6 C:/WINDOWS/Temp/267500 * 3944 | 2008-12-3 7:15:40 C:/WINDOWS/Temp/444062 * 2720 | 2008-12-3 7:18:36 C:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/D:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/E:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/F:/autorun.inf/-----[autorun]shell/open/command=rundll32 system.dll,exploreshell/explore/command=rundll32 system.dll,explore-----/O20 - AppInit_DLLs = qanhllao.dll,zongxim.dll,meyotme.dll,lenyuns.dll,woodken.dll,zesttns.dll,kandoftt.dll,qonenx.dll,xuntxn.dll,cenbezn.dll,telmanz.dll,jolends.dll,xsisco.dll,tobaoup.dll,hsexer.dll,jonzyan.dll,wonlins.dll,delnice.dll,kodens.dll,qzyerd.dll O21 - SSODL - oecynwna.dll(0) - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/mcdxhwbu.dll| 2008-12-3 7:16:3 O21 - SSODL - mcdxhwbu.dll(0) - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/mcdxhwbu.dll| 2008-12-3 7:16:3 O23 - 服务: NsDlRK250 (NsDlRK250) - C:/WINDOWS/system32/Nskhelper2.sys | 2008-12-3 3:12:48(手动) O23 - 服务: NsPsDk00 (NsPsDk00) - C:/WINDOWS/system32/NsPass0.sys | 2008-12-3 3:13:57(手动) O23 - 服务: NsPsDk01 (NsPsDk01) - C:/WINDOWS/system32/NsPass1.sys | 2008-12-3 3:14:59(手动) O23 - 服务: NsPsDk02 (NsPsDk02) - C:/WINDOWS/system32/NsPass2.sys | 2008-12-3 3:16:1(手动) O23 - 服务: NsPsDk03 (NsPsDk03) - C:/WINDOWS/system32/NsPass3.sys | 2008-12-3 3:17:4(手动) O23 - 服务: NsPsDk04 (NsPsDk04) - C:/WINDOWS/system32/NsPass4.sys | 2008-12-3 3:18:6(手动) O23 - 服务: oapejg (oapejg) - C:/WINDOWS/System32/drivers/oapejg.sys | 2008-11-28 1:2:47(引导) O23 - 服务: SafeMon0 (360 safe mon) - C:/WINDOWS/system32/991b0345.dat | 2008-12-3 3:59:4(系统) O23 - 服务: stisvc (Windows Image Acquisition (WIA)) - C:/WINDOWS/system32/svchost.exe -k imgsvc | 2004-8-3 16:52:38 -> C:/WINDOWS/system32/wiaservc.dll | 2004-8-3 16:52:28(自动) O23 - 服务: W32Time (Windows Time) - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2004-8-3 16:52:38 -> C:/WINDOWS/system32/w32time.dll| 2004-8-3 16:52:26(自动)O24 - ShlExecHook: [HookExecute Class] - {4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A} = C:/PROGRA~1/Yahoo!/ASSIST~1/yclickon.dllO24 - ShlExecHook: [PatchCom] - {E568441B-9EF3-49F8-9A67-4141AC41ADD4} = C:/PROGRA~1/Yahoo!/ASSIST~1/assist/ypatch.dllO24 - ShlExecHook: [4] - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/mcdxhwbu.dll | 2008-12-3 7:16:3O24 - ShlExecHook: [] - {3FDEB171-8F86-0004-0001-69B8DB553683} = C:/WINDOWS/system32/sysmxd3.dll | 2008-12-3 3:19:3O26 - IFEO: 360safe.exe -> svchost.exeO26 - IFEO: 360safebox.exe -> svchost.exeO26 - IFEO: 360tray.exe -> svchost.exeO26 - IFEO: ACKWIN32.exe -> svchost.exeO26 - IFEO: ANTI-TROJAN.exe -> svchost.exeO26 - IFEO: anti.exe -> svchost.exeO26 - IFEO: antivir.exe -> svchost.exeO26 - IFEO: atrack.exe -> svchost.exeO26 - IFEO: AUTODOWN.exe -> svchost.exeO26 - IFEO: AVCONSOL.exe -> svchost.exeO26 - IFEO: AVE32.exe -> svchost.exeO26 - IFEO: AVGCTRL.exe -> svchost.exeO26 - IFEO: avk.exe -> svchost.exeO26 - IFEO: AVKSERV.exe -> svchost.exeO26 - IFEO: avp.exe -> svchost.exeO26 - IFEO: AVPUPD.exe -> svchost.exeO26 - IFEO: AVSCHED32.exe -> svchost.exeO26 - IFEO: avsynmgr.exe -> svchost.exeO26 - IFEO: AVWIN95.exe -> svchost.exeO26 - IFEO: avxonsol.exe -> svchost.exeO26 - IFEO: BLACKD.exe -> svchost.exeO26 - IFEO: BLACKICE.exe -> svchost.exeO26 - IFEO: CCenter.exe -> svchost.exeO26 - IFEO: CFIADMIN.exe -> svchost.exeO26 - IFEO: CFIAUDIT.exe -> svchost.exeO26 - IFEO: CFIND.exe -> svchost.exeO26 - IFEO: cfinet.exe -> svchost.exeO26 - IFEO: cfinet32.exe -> svchost.exeO26 - IFEO: CLAW95.exe -> svchost.exeO26 - IFEO: CLAW95CT.exe -> svchost.exeO26 - IFEO: CLEANER.exe -> svchost.exeO26 - IFEO: CLEANER3.exe -> svchost.exeO26 - IFEO: DAVPFW.exe -> svchost.exeO26 - IFEO: dbg.exe -> svchost.exeO26 - IFEO: debu.exe -> svchost.exeO26 - IFEO: DV95.exe -> svchost.exeO26 - IFEO: DV95_O.exe -> svchost.exeO26 - IFEO: DVP95.exe -> svchost.exeO26 - IFEO: ECENGINE.exe -> svchost.exeO26 - IFEO: EFINET32.exe -> svchost.exeO26 - IFEO: ESAFE.exe -> svchost.exeO26 - IFEO: ESPWATCH.exe -> svchost.exeO26 - IFEO: explorewclass.exe -> svchost.exeO26 - IFEO: F-AGNT95.exe -> svchost.exeO26 - IFEO: F-PROT.exe -> svchost.exeO26 - IFEO: f-prot95.exe -> svchost.exeO26 - IFEO: f-stopw.exe -> svchost.exeO26 - IFEO: FINDVIRU.exe -> svchost.exeO26 - IFEO: fir.exe -> svchost.exeO26 - IFEO: fp-win.exe -> svchost.exeO26 - IFEO: FRW.exe -> svchost.exeO26 - IFEO: IAMAPP.exe -> svchost.exeO26 - IFEO: IAMSERV.exe -> svchost.exeO26 - IFEO: IBMASN.exe -> svchost.exeO26 - IFEO: IBMAVSP.exe -> svchost.exeO26 - IFEO: ice.exe -> svchost.exeO26 - IFEO: IceSword.exe -> svchost.exeO26 - IFEO: ICLOAD95.exe -> svchost.exeO26 - IFEO: ICLOADNT.exe -> svchost.exeO26 - IFEO: ICMOON.exe -> svchost.exeO26 - IFEO: ICSSUPPNT.exe -> svchost.exeO26 - IFEO: iom.exe -> svchost.exeO26 - IFEO: iomon98.exe -> svchost.exeO26 - IFEO: JED.exe -> svchost.exeO26 - IFEO: Kabackreport.exe -> svchost.exeO26 - IFEO: Kasmain.exe -> svchost.exeO26 - IFEO: kav32.exe -> svchost.exeO26 - IFEO: kavstart.exe -> svchost.exeO26 - IFEO: kissvc.exe -> svchost.exeO26 - IFEO: KPFW32.exe -> svchost.exeO26 - IFEO: kpfwsvc.exe -> svchost.exeO26 - IFEO: KPPMain.exe -> svchost.exeO26 - IFEO: KRF.exe -> svchost.exeO26 - IFEO: KVMonXP.exe -> svchost.exeO26 - IFEO: KVPreScan.exe -> svchost.exeO26 - IFEO: kwatch.exe -> svchost.exeO26 - IFEO: lamapp.exe -> svchost.exeO26 - IFEO: lockdown2000.exe -> svchost.exeO26 - IFEO: LOOKOUT.exe -> svchost.exeO26 - IFEO: luall.exe -> svchost.exeO26 - IFEO: LUCOMSERVER.exe -> svchost.exeO26 - IFEO: mcafee.exe -> svchost.exeO26 - IFEO: microsoft.exe -> svchost.exeO26 - IFEO: mon.exe -> svchost.exeO26 - IFEO: moniker.exe -> svchost.exeO26 - IFEO: MOOLIVE.exe -> svchost.exeO26 - IFEO: MPFTRAY.exe -> svchost.exeO26 - IFEO: ms.exe -> svchost.exeO26 - IFEO: N32ACAN.exe -> svchost.exeO26 - IFEO: navapsvc.exe -> svchost.exeO26 - IFEO: navapw32.exe -> svchost.exeO26 - IFEO: NAVLU32.exe -> svchost.exeO26 - IFEO: NAVNT.exe -> svchost.exeO26 - IFEO: navrunr.exe -> svchost.exeO26 - IFEO: NAVSCHED.exe -> svchost.exeO26 - IFEO: NAVW.exe -> svchost.exeO26 - IFEO: NAVW32.exe -> svchost.exeO26 - IFEO: navwnt.exe -> svchost.exeO26 - IFEO: nisserv.exe -> svchost.exeO26 - IFEO: nisum.exe -> svchost.exeO26 - IFEO: NMAIN.exe -> svchost.exeO26 - IFEO: NORMIST.exe -> svchost.exeO26 - IFEO: norton.exe -> svchost.exeO26 - IFEO: NUPGRADE.exe -> svchost.exeO26 - IFEO: NVC95.exe -> svchost.exeO26 - IFEO: office.exe -> svchost.exeO26 - IFEO: OUTPOST.exe -> svchost.exeO26 - IFEO: PADMIN.exe -> svchost.exeO26 - IFEO: PAVCL.exe -> svchost.exeO26 - IFEO: pcc.exe -> svchost.exeO26 - IFEO: PCCClient.exe -> svchost.exeO26 - IFEO: pccguide.exe -> svchost.exeO26 - IFEO: pcciomon.exe -> svchost.exeO26 - IFEO: pccmain.exe -> svchost.exeO26 - IFEO: pccwin98.exe -> svchost.exeO26 - IFEO: PCFWALLICON.exe -> svchost.exeO26 - IFEO: PERSFW.exe -> svchost.exeO26 - IFEO: PpPpWallRun.exe -> svchost.exeO26 - IFEO: program.exe -> svchost.exeO26 - IFEO: prot.exe -> svchost.exeO26 - IFEO: pview95.exe -> svchost.exeO26 - IFEO: ras.exe -> svchost.exeO26 - IFEO: Rav.exe -> svchost.exeO26 - IFEO: RAV7.exe -> svchost.exeO26 - IFEO: rav7win.exe -> svchost.exeO26 - IFEO: RavMon.exe -> svchost.exeO26 - IFEO: RavMonD.exe -> svchost.exeO26 - IFEO: RavStub.exe -> svchost.exeO26 - IFEO: RavTask.exe -> svchost.exeO26 - IFEO: regedit.exe -> svchost.exeO26 - IFEO: rescue32.exe -> svchost.exeO26 - IFEO: Rfw.exe -> svchost.exeO26 - IFEO: rn.exe -> svchost.exeO26 - IFEO: safeboxTray.exe -> svchost.exeO26 - IFEO: safeweb.exe -> svchost.exeO26 - IFEO: scam32.exe -> svchost.exeO26 - IFEO: scan.exe -> svchost.exeO26 - IFEO: SCAN32.exe -> svchost.exeO26 - IFEO: SCANPM.exe -> svchost.exeO26 - IFEO: scon.exe -> svchost.exeO26 - IFEO: SCRSCAN.exe -> svchost.exeO26 - IFEO: secu.exe -> svchost.exeO26 - IFEO: SERV95.exe -> svchost.exeO26 - IFEO: sirc32.exe -> svchost.exeO26 - IFEO: SMC.exe -> svchost.exeO26 - IFEO: smtpsvc.exe -> svchost.exeO26 - IFEO: SPHINX.exe -> svchost.exeO26 - IFEO: spy.exe -> svchost.exeO26 - IFEO: sreng.exe -> svchost.exeO26 - IFEO: SWEEP95.exe -> svchost.exeO26 - IFEO: symproxysvc.exe -> svchost.exeO26 - IFEO: TBSCAN.exe -> svchost.exeO26 - IFEO: TCA.exe -> svchost.exeO26 - IFEO: TDS2-98.exe -> svchost.exeO26 - IFEO: TDS2-NT.exe -> svchost.exeO26 - IFEO: Thunder5.exe -> svchost.exeO26 - IFEO: Tmntsrv.exe -> svchost.exeO26 - IFEO: TMOAgent.exe -> svchost.exeO26 - IFEO: tmproxy.exe -> svchost.exeO26 - IFEO: tmupdito.exe -> svchost.exeO26 - IFEO: TSC.exe -> svchost.exeO26 - IFEO: UlibCfg.exe -> svchost.exeO26 - IFEO: vavrunr.exe -> svchost.exeO26 - IFEO: VET95.exe -> svchost.exeO26 - IFEO: VETTRAY.exe -> svchost.exeO26 - IFEO: vir.exe -> svchost.exeO26 - IFEO: VPC32.exe -> svchost.exeO26 - IFEO: VSECOMR.exe -> svchost.exeO26 - IFEO: vshwin32.exe -> svchost.exeO26 - IFEO: VSSCAN40 -> svchost.exeO26 - IFEO: vsstat.exe -> svchost.exeO26 - IFEO: WEBSCAN.exe -> svchost.exeO26 - IFEO: WEBSCANX.exe -> svchost.exeO26 - IFEO: webtrap.exe -> svchost.exeO26 - IFEO: WFINDV32.exe -> svchost.exeO26 - IFEO: windows优化大师.exe -> svchost.exeO26 - IFEO: wink.exe -> svchost.exeO26 - IFEO: XDelbox.exe -> svchost.exeO26 - IFEO: zonealarm.exe -> svchost.exe
(未完待续)
system.dll,Nskhelper2.sys,oapejg.sys,991b0345.dat,NsPass0.sys等1相关推荐
- python中sys用法_python中os和sys模块的区别与常用方法总结
python 的 python中os和sys模块的区别与常用方法总结 前言 本文主要介绍了关于python中os和sys模块区别与常用方法的相关内容,分享出来供大家参考学习,下面话不多说了,来一起看看 ...
- python的sys模块有什么用_python sys模块详解
Python sys 模块详解 1. 简介 "sys"即"system","系统"之意.该模块提供了一些接口,用于访问 Python 解释器 ...
- python中sys模块有什么用_Python sys模块用法详解
sys 模块代表了 Python 解释器,主要用于获取和 Python 解释器相关的信息. 在 Python 的交互式解释器中先导入 sys 模块,然后输入 [e for e in dir(sys) ...
- python sys干嘛的_Python之sys模块
Sys模块函数之多,我只能选取自己认为比较实用的一些函数列在此处.借马云找员工的说法,"找最合适的而不是最天才的",这句话,我个人觉得在很多方面都能适应,学习也不在话下.Sys模块 ...
- python中sys模块有问题_python中sys模块之输入输出错误流
import sys sys.stdout.write("msg") # 控制台白色字体打印 普通输出流 sys.stderr.write("msg") # ...
- python sys模块详解_python之sys模块详解
sys模块功能多,我们这里介绍一些比较实用的功能,相信你会喜欢的,和我一起走进python的模块吧! sys模块的常见函数列表 sys.argv: 实现从程序外部向程序传递参数. sys.exit([ ...
- windows的pagefile.sys是什么文件?pagefile.sys文件太大如何移动到D盘中?
在C盘系统下,有一个命名为pagefile.sys的文件占用C盘太大的空间,不少用户怕删除pagefile.sys文件之后会对系统造成影响,而不少用户想要将pagefile.sys文件移动到D盘中.那 ...
- VS2010 正在下载公共符号system.dll 解决办法
原来由于调试关于OpenGl的程序时总是出错,到网上查了一下,需要把:vs->工具->选项->调试-> 启用 .net framework 源代码单步执行 勾上 但是现在每次运 ...
- python sys os_python常用的一些东西——sys、os等(转)
1.常用内置函数:(不用import就可以直接使用) help(obj) 在线帮助, obj可是任何类型 callable(obj) 查看一个obj是不是可以像函数一样调用 repr(obj) 得到o ...
最新文章
- C语言中整型在计算机中的存储
- 如何在windows xp下使用ntfs权限控制
- 今天收到了学校给出的退学警告
- 案例一:网站模拟登录
- c语言fwrite写字符串数组,【字符串数组面试题】面试问题:C语言 文… - 看准网...
- CCF NOI1071 Pell数列
- 【BZOJ】3396: [Usaco2009 Jan]Total flow 水流 (最大流)
- Ubuntu 10.04.2上编译ecos工具
- BZOJ1666: [Usaco2006 Oct]Another Cow Number Game 奶牛的数字游戏
- windows 架设SVN服务器
- .net core判断当前访问源是PC端还是移动端
- Java和C++的对照
- 笔记本电脑Haswell黑苹果opencore睡眠实战
- php实现wav转mp3,求,用PHP实现MP3转WAV后生成波形图的方法
- 读书狂想之《平凡的世界》不平凡的人生
- python聊天室_python聊天室
- Go webrtc项目pion创始人专访 | Gopher Daily (2021.04.07) ʕ◔ϖ◔ʔ
- 如何从0到1搭建电商促销系统
- android备份recovery,Recovery(Android手机备份功能)
- 文件系统之软连接、硬链接的区别/文件删除与空间的联系/df和du的区别
热门文章
- Prim Algorithm(普利姆算法)
- 【教3妹学java】类加载的过程是什么样的?
- 易云股份推出CDN加速服务,极速稳定高性价比
- Oracle11g安装,配置监听和数据库实例
- Au 音频效果参考:诊断
- python商品数据分析可视化系统(带爬虫)京东销售数据分析 计算机毕业设计 源码下载
- 不了解基金拆分的基民们,一定要看,一定要,有钱也难买的深度分析: zz
- 吃鸡服务器炸了会显示什么,12月21日吃鸡更新后服务器炸了 | 手游网游页游攻略大全...
- 华为鸿蒙智慧屏多少钱,能兑现多少?华为智慧屏十年不过时,用鸿蒙理念做智能家居...
- 【喜欢的诗词】好了歌