卡巴报警,但不能清除!
机器上用的kis2009,从前天起开机后在启动河南宽带登录程序时,卡巴总是报警,说系统正在加载未知驱动,驱动文件是位于c盘windows/system32/drivers文件夹的npf.sys ,可在drivers文件夹中找不到npf.sys 这个文件,用卡吧的隔离也不行,提示不能隔离,上网查了一下,说是传奇木马,现在把日志贴出来,请高手们指点一下,看看有没有什么问题吧,先谢谢了!([color=magenta]经论坛多为热心人帮忙加网络上一些参考,已经解决此事,确定那个npf.sys文件为河南网通宽带为了防止路由而加的文件,已经用卡巴设置为允许,在此,在此谢谢楼下的几位热心人,谢谢了!)[/color]2008-08-27,20:59:16
System Repair Engineer 2.6.10.990
Smallfrogs ([url=http://www.KZTechs.com]http://www.KZTechs.com[/url])
Windows XP Home Edition Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><; C:\WINDOWS\System32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><; C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
<IFEO[Your Image File Name Here without a path]><ntsd -d> [N/A]
==================================
启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk --> C:\PROGRA~1\RACER-~1\racer.exe [Putian Runway]><H>
==================================
服务
[Kaspersky Internet Security / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><Kaspersky Lab>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AntiyFirewall / AntiyFirewall][Running/Auto Start]
<system32\drivers\AntiyFW.sys><N/A>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
<\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
<system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
<system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><N/A>
[OMCI / OMCI][Running/System Start]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SkyProcs / SkyProcs][Stopped/Manual Start]
<\??\D:\PROGRA~1\FIREWALL\SkyProcs.sys><N/A>
[SmartAVS / SmartAVS][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\SmartAVS.sys><All-In-Smart [CWJ]>
[xFileMgr / xFileMgr][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\xFileMgr.sys><MS User>
[XScanPF / XScanPF][Stopped/Manual Start]
<\??\D:\绿色小工具\扫描电脑漏洞工具\X-Scan-v3.3\dat\xpf.sys><N/A>
[Webeye USB PC Camera / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
==================================
浏览器加载项
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab>
[网络通信保护状态]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, Kaspersky Lab>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10.ocx, Adobe Systems, Inc.>
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>
["添加到 Kaspersky 反广告"]
<C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A>
[使用迅雷下载]
<D:\迅雷\迅雷5 V5.7.12.493(99任务&59线程迅雷去广告GT纯净修正版)\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\迅雷\迅雷5 V5.7.12.493(99任务&59线程迅雷去广告GT纯净修正版)\Program\getallurl.htm, N/A>
==================================
正在运行的进程
[PID: 824][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 888][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 912][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 8.0.0.454]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 956][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 968][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1140][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1224][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 1348][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1704][C:\WINDOWS\System32\imapi.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1756][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1920][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]
[C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2104]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll] [Kaspersky Lab, 8.0.0.454]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 212][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 724][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 980][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 168][C:\Program Files\racer-henan-cnc\racer.exe] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\rwxre.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\nspr4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\racer-henan-cnc\xpcom_core.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-henan-cnc\plc4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\racer-henan-cnc\plds4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\racer-henan-cnc\nss3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-henan-cnc\softokn3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-henan-cnc\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\racer-henan-cnc\gkgfx.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-henan-cnc\smime3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-henan-cnc\ssl3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[C:\Program Files\racer-henan-cnc\components\jar50.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\racer_base.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\kbdhook.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-henan-cnc\nssckbi.dll] [Netscape Communications Corporation, 1.53]
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] [Putian Runway, 3,3,130,325]
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] [北京润汇科技有限公司, 3, 0, 0, 45]
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-henan-cnc\nss4.dll] [北京润汇科技有限公司, 1, 0, 0, 4]
[C:\Program Files\racer-henan-cnc\wpcap.dll] [CACE Technologies, 3, 2, 0, 29]
[C:\Program Files\racer-henan-cnc\packet.dll] [CACE Technologies, 3, 2, 0, 29]
[C:\Program Files\racer-henan-cnc\WanPacket.dll] [CACE Technologies, 3, 2, 0, 29]
[C:\Program Files\racer-henan-cnc\plugins\NPSWF32.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2008][C:\Program Files\racer-henan-cnc\RacerKp.exe] [北京润汇科技有限公司, 1, 0, 0, 1]
[PID: 1180][D:\遨游\Maxthon2cngr\Maxthon.exe] [Maxthon International ltd., 2, 0, 7, 1245]
[D:\遨游\Maxthon2cngr\MxExt.dll] [N/A, ]
[D:\遨游\Maxthon2cngr\mxpp.dll] [Maxthon, 1, 0, 0, 65]
[D:\遨游\Maxthon2cngr\MxSk.dll] [Maxthon, 1, 0, 0, 369]
[D:\遨游\Maxthon2cngr\MxProxy2.dll] [Maxthon, 1, 0, 0, 3588]
[D:\遨游\Maxthon2cngr\IMxWebBoost.dll] [Maxthon, 1, 0, 0, 2060]
[D:\遨游\Maxthon2cngr\mxdb.dll] [Max, 3, 5, 3, 125]
[D:\遨游\Maxthon2cngr\mxsafe.dll] [Maxthon, 1, 0, 0, 666]
[D:\遨游\Maxthon2cngr\MxFav.dll] [Maxthon, 1, 0, 0, 220]
[D:\遨游\Maxthon2cngr\maxzlib.dll] [, 1.2.3]
[D:\遨游\Maxthon2cngr\mxtool.dll] [, 1, 0, 0, 1]
[D:\遨游\Maxthon2cngr\mxfeedU.dll] [, 1, 0, 45, 92]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1132.00 (xpsp.080413-0852)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll] [Kaspersky Lab, 8.0.0.454]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\klscav.dll] [Kaspersky Lab, 8.0.0.454]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll] [Kaspersky Lab, 8.0.0.454]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll] [Kaspersky Lab, 8.0.0.454]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prkernel.ppl] [Kaspersky Lab, 8.0.0.454]
[c:\program files\kaspersky lab\kaspersky internet security 2009\params.ppl] [Kaspersky Lab, 8.0.0.454]
[c:\program files\kaspersky lab\kaspersky internet security 2009\pxstub.ppl] [Kaspersky Lab, 8.0.0.454]
[c:\program files\kaspersky lab\kaspersky internet security 2009\tempfile.ppl] [Kaspersky Lab, 8.0.0.454]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]
[C:\WINDOWS\system32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6223]
[PID: 628][D:\绿色小工具\日志分析\SREngLdr.EXE] [Smallfrogs Studio, 2.6.10.990]
[PID: 672][D:\绿色小工具\日志分析\SRE929fc9b9.EXE] [Smallfrogs Studio, 2.6.10.990]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
PROXYCAP MSAFD Tcpip [TCP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [RAW/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 168, C:\PROGRAM FILES\RACER-HENAN-CNC\RACER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2008, C:\PROGRAM FILES\RACER-HENAN-CNC\RACERKP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 628, D:\绿色小工具\日志分析\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
[[i] 本帖最后由 玉龙雪山 于 2008-8-29 22:42 编辑 [/i]] 用360试试 用xdelbox删除以下文件
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,勾选抑制再生
导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。
运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
C:\WINDOWS\system32\drivers\npf.sys
sreng-》启动项目-》服务-》驱动程序,删除
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><N/A>
LZ装了多少个防火墙? 重新建立一个新的宽带连接!
很可能NPF.SYS只是漏洞而已!NPF.sys本身是正常的驱动组件 没有装其他的防火墙啊,只装了一个kis2009!用xdelbox删除C:\WINDOWS\system32\drivers\npf.sys时,提示找不到该文件![Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys这个驱动程序已经删除了!另外,边缘老大,怎么重新建立一个新的宽带连接啊?
[[i] 本帖最后由 玉龙雪山 于 2008-8-27 23:11 编辑 [/i]] 郁闷,![Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys这个驱动删除后,重启,又自动出现了!
这个图是登录客户端程序后,卡巴提示的,可按照卡巴推荐的隔离,不行,点击N次隔离后,卡巴再提示 无法隔离!
[[i] 本帖最后由 玉龙雪山 于 2008-8-27 23:17 编辑 [/i]] [:06:] 用我的方法,看看行不?
用冰刃,先把文件给提取出来,你用资源管理器进去看不到这个文件,可能是已经被HOOK了,所以隐藏看不到.用冰刃提取出来以后,放到一些提供附件扫描病毒的论坛扫一下,一般能定义出文件是否真有问题,比方说绅博就有[:12:] 千万别说我打广告.
[:01:] 如果真是马的话,那么恭喜你,这只马没有那么容易清除了 问题是找不到npf.sys这个文件,只找到了一个npfs.sys文件,不知道这两个有没有区别? 这个文件应该已经被隐藏了的,你用普通的查看方法,肯定是查看不到的了,用冰刃的文件管理器进去吧 用冰刃的文件管理器也是只找到npfs.sys文件,没有npf.sys这个啊!但在c/Program Files/racer-henan-cnc倒是有一个npf.sys 文件,可这个文件夹是河南宽带的登录程序啊!
[[i] 本帖最后由 玉龙雪山 于 2008-8-28 20:23 编辑 [/i]] system32\drivers\npf.sys这个MS正常的 npf.sys是WinPcap的驱动 如果是正常的,怎么kis总是出现这样在开机后登录宽带程序时出现这样的警告呢?该怎么设置不让它出现啊? [:15:] 怪事年年有 今年特别多 再请问一下,这个又是什么意思啊?频繁的出现! [quote]原帖由 [i]玉龙雪山[/i] 于 2008-8-28 22:08 发表 [url=http://bbs.kafan.cn/redirect.php?goto=findpost&pid=4665211&ptid=316238][img]http://bbs.kafan.cn/images/common/back.gif[/img][/url]
如果是正常的,怎么kis总是出现这样在开机后登录宽带程序时出现这样的警告呢?该怎么设置不让它出现啊? [/quote]
正常行为允许即可
关于KIS2009的设置请到卡巴区提问 知道了,谢谢楼上的各位热心帮忙,卡饭有你们更精彩!
页:
[1]