查看: 3059|回复: 10
收起左侧

杀了一天都没杀掉!!

[复制链接]
gaoyanlei
发表于 2007-6-19 16:22:59 | 显示全部楼层 |阅读模式
已检测: 风险软件 Invader 运行进程: C:\Program Files\Common Files\System\ado\msado15.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempB.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempC.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempE.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempF.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempG.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempH.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempI.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempJ.exe
已检测: 风险软件 Trojan.generic 运行进程: C:\Program Files\Common Files\System\ado\TempD.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\Ravasktao.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\nwizwlwzs.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\nwizwmgjs.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\ztinetzt.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\nwizzhuxians.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\nwizqjsj.exe
杀了一天都没杀掉,一点击程序[比如QQ游戏,千千静听什么的]就卡巴就出现警告,风险软件试图怎么着
你点跳过吧,启动项里那些病毒就出现了,点终止吧程序就出不来,现在只能上个QQ,QQ空间都打不开,请问改怎么解决啊!!!!!!!!
mds
发表于 2007-6-19 16:29:10 | 显示全部楼层
用SRE扫个报告贴上来!
aklus
头像被屏蔽
发表于 2007-6-19 17:09:29 | 显示全部楼层
开始-运行-regsvr32 "c:\program files\common files\system\ado\msado15.dll"
zerosu6652
发表于 2007-6-19 17:17:22 | 显示全部楼层
建议:
1.关闭光盘自运行功能
2.全盘杀毒(或格式化除系统盘之外的所有盘)
3.重装系统
gaoyanlei
 楼主| 发表于 2007-6-19 18:48:38 | 显示全部楼层
重装过系统了,还是不行,现在软件都安装不成了,一安装软件卡巴提示:风险软件C:\Program Files\Common Files\System\ado\msado15.exe
gaoyanlei
 楼主| 发表于 2007-6-19 19:04:54 | 显示全部楼层
原帖由 aklus 于 2007-6-19 17:09 发表
开始-运行-regsvr32 "c:\program files\common files\system\ado\msado15.dll"



这个用了,还是解决不了!
gaoyanlei
 楼主| 发表于 2007-6-19 19:20:38 | 显示全部楼层
扫描日志


  1. 2007-06-19,19:22:55

  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs ([url]http://www.KZTechs.com[/url])

  4. Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件


  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  17. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  18.     <load><>  [N/A]
  19. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  20.     <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
  21.     <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
  22.     <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
  23.     <nwiz><nwiz.exe /install>  [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
  24.     <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  25. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  26.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  27.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  28. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  29.     <AppInit_DLLs><>  [N/A]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  31.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  32. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  33.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  35.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

  36. ==================================
  37. 启动文件夹
  38. N/A

  39. ==================================
  40. 服务
  41. [Application Management / AppMgmt][Stopped/Manual Start]
  42.   <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
  43. [卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  44.   <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  45. [Human Interface Device Access / HidServ][Stopped/Disabled]
  46.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  47. [NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  48.   <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
  49. [Internet Connection Service / Printer Spool][Stopped/Auto Start]
  50.   <C:\Program Files\Common Files\System\ado\msader15.exe><N/A>

  51. ==================================
  52. 驱动程序
  53. [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  54.   <system32\drivers\ac97intc.sys><Intel Corporation>
  55. [kl1 / kl1][Running/Boot Start]
  56.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  57. [klif / klif][Running/System Start]
  58.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  59. [nv / nv][Running/Manual Start]
  60.   <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  61. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  62.   <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  63. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  64.   <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  65. [Secdrv / Secdrv][Stopped/Manual Start]
  66.   <System32\DRIVERS\secdrv.sys><N/A>

  67. ==================================
  68. 浏览器加载项
  69. [ThunderAtOnce Class]
  70.   {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
  71. [Thunder Browser Helper]
  72.   {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  73. [启动迅雷5]
  74.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
  75. [Web反病毒统计]
  76.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  77. [联想]
  78.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url]http://www.lenovo.com[/url], N/A>
  79. [Messenger]
  80.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
  81. [ThunderAtOnce Class]
  82.   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
  83. [Thunder Agent Class]
  84.   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
  85. [Thunder Browser Helper]
  86.   {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  87. [Shockwave Flash Object]
  88.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
  89. [Vod Class]
  90.   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
  91. [使用迅雷下载]
  92.   <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
  93. [使用迅雷下载全部链接]
  94.   <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

  95. ==================================
  96. 正在运行的进程
  97. [PID: 456][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  98. [PID: 516][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  99. [PID: 540][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  100.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
  101.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  102. [PID: 584][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  103.     [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
  104. [PID: 596][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  105. [PID: 744][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  106. [PID: 808][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  107. [PID: 888][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  108. [PID: 948][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  109. [PID: 1048][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  110. [PID: 1212][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  111. [PID: 1344][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  112.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
  113.     [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  114.     [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  115.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  116.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  117.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  118.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
  119.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  120.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  121.     [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.1.8]
  122.     [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
  123.     [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
  124.     [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
  125. [PID: 1528][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  126. [PID: 1888][D:\sre扫描日志\sreng2.4.12.806\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  127. [PID: 184][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.2832]
  128. [PID: 1248][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

  129. ==================================
  130. 文件关联
  131. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  132. .EXE  OK. ["%1" %*]
  133. .COM  OK. ["%1" %*]
  134. .PIF  OK. ["%1" %*]
  135. .REG  OK. [regedit.exe "%1"]
  136. .BAT  OK. ["%1" %*]
  137. .SCR  OK. ["%1" /S]
  138. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  139. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  140. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  141. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  142. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  143. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  144. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  145. ==================================
  146. Winsock 提供者
  147. N/A

  148. ==================================
  149. Autorun.inf
  150. N/A

  151. ==================================
  152. HOSTS 文件
  153. 127.0.0.1       localhost

  154. ==================================
  155. API HOOK
  156. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF63B5AF0)
  157. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF63B5CD0)
  158. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF63B5E30)
  159. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF63B5BE0)
  160. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF63B5DE0)

  161. ==================================
  162. 隐藏进程
  163. N/A

  164. ==================================


复制代码
zhaonimm
发表于 2007-6-19 19:47:40 | 显示全部楼层
用冰刃删除这个文件!你最好是删除这个文件夹C:\Program Files\Common Files\System\ado\

C:\Program Files\Common Files\System\ado\msado15.exe
C:\Program Files\Common Files\System\ado\TempB.exe
C:\Program Files\Common Files\System\ado\TempC.exe
C:\Program Files\Common Files\System\ado\TempE.exe
C:\Program Files\Common Files\System\ado\TempF.exe
C:\Program Files\Common Files\System\ado\TempG.exe
C:\Program Files\Common Files\System\ado\TempH.exe
C:\Program Files\Common Files\System\ado\TempI.exe
C:\Program Files\Common Files\System\ado\TempJ.exe
C:\Program Files\Common Files\System\ado\TempD.exe
C:\WINDOWS\system32\Ravasktao.exe
C:\WINDOWS\system32\nwizwlwzs.exe
C:\WINDOWS\system32\nwizwmgjs.exe
C:\WINDOWS\system32\ztinetzt.exe
C:\WINDOWS\system32\nwizzhuxians.exe
C:\WINDOWS\system32\nwizqjsj.exe
删除后使用SREng修复下面各项
启动项目 -- 服务 -- Win32服务应用程序之如下项删除:
[Internet Connection Service / Printer Spool]    <C:\Program Files\Common Files\System\ado\msader15.exe>

你吧这个服务清除就差不多了!!!
C:\Program Files\Common Files\System\ado\msado15.exe
这个文件我希望你打包发上来 我试试看都生成什么了  我在你的报告中就看到这个比较可疑!!
dgww
发表于 2007-6-20 08:49:08 | 显示全部楼层
3楼比较High
heym
发表于 2007-6-20 13:06:24 | 显示全部楼层
用 用 杀恶意的软件吧
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 20:41 , Processed in 0.127283 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表