怎么杀呀  怎么杀都有

2007-04-05,17:39:11

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

N/A




--------------------------------------------------------------------------------



启动文件夹

[星空极速]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --) C:\PROGRA~1\ChinaNet\VNETCL~1.EXE [])(N)
[Adobe Gamma Loader]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --) C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.])(N)



--------------------------------------------------------------------------------



服务

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
(C:\WINDOWS\system32\Ati2evxx.exe)(ATI Technologies Inc.)
[ATI Smart / ATI Smart][Stopped/Auto Start]
(C:\WINDOWS\system32\ati2sgag.exe)()
[Gentad / Gentad][Running/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\PROGRA~1\gentad\gentad.dll)( )
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
(C:\Program Files\Windows Media Connect 2\wmccds.exe)(Microsoft Corporation)
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
(C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup--)%SystemRoot%\System32\WUDFSvc.dll)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[ASTRA32 Kernel Driver 5.2.1.0 / ASTRA32][Running/Auto Start]
(\??\C:\Program Files\ASTRA32\ASTRA32.sys)(Licensed for Sysinfo Lab)
[ati2mtag / ati2mtag][Running/Manual Start]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[BdGuard / BdGuard][Running/Boot Start]
(\SystemRoot\system32\drivers\BDGuard.SYS)()
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
(system32\drivers\cmaudio.sys)(C-Media Inc)
[CnsMinKP / CnsMinKP][Running/Boot Start]
(\SystemRoot\system32\drivers\CnsMinKP.sys)(Copyright (C) 3721 Corporation.)
[Netgroup Packet Filter / NPF][Running/Manual Start]
(system32\drivers\npf.sys)(Politecnico di Torino)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\E:\Program Files\Tencent\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[ofpgpco / ofpgpco][Running/Manual Start]
(2 - 系统找不到指定的文件。
)(N/A)
[pacdcacm / pacdcacm][Stopped/Manual Start]
(system32\DRIVERS\pacdcacm.sys)(Panasonic)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
(\SystemRoot\system32\drivers\RsBoot.sys)(N/A)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[tlsxavss / tlsxavss][Running/System Start]
(2 - 系统找不到指定的文件。
)(N/A)
[WINIO / WINIO][Stopped/Manual Start]
(\??\F:\winio.sys)(N/A)
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
(system32\DRIVERS\WSTCODEC.SYS)(Microsoft Corporation)
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
(system32\DRIVERS\WudfPf.sys)(Microsoft Corporation)
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
(system32\DRIVERS\wudfrd.sys)(Microsoft Corporation)
[yaskp / yaskp][Running/Boot Start]
(\SystemRoot\system32\drivers\yaskp.sys)(Copyright (C) yahoo Corporation.)
[USB PC Camera (ZS211) / ZSMC211][Stopped/Manual Start]
(System32\Drivers\ZS211.sys)(ZSMC Corporation)
[R2A / R2A][Stopped/Disabled]
(\??\C:\WINDOWS\system32a2.sys)(N/A)
[javohbke / javohbke][Stopped/Boot Start]
(\SystemRoot\System32\DRIVERS\javohbke.sys)(Yahoo! China Corporation)
[qdpgqb / qdpgqb][Running/Boot Start]
(\SystemRoot\\SystemRoot\System32\drivers\qdpgqb.sys)(N/A)



--------------------------------------------------------------------------------



浏览器加载项

[Thunder Browser Helper]
{33BBE42F-0E42-4F12-B075-8D21ACB10DCB} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD)
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china)
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} (C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.)
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} (C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司)
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD)
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A)
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} (http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A)
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A)
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} (http://cn.widget.yahoo.com/index.htm?source=Cns, N/A)
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A)
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A)
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A)
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china)
[UpdateC2 Control]
{DC7094C6-8F61-42ED-AECE-63F5EEF647C5} (C:\PROGRA~1\UUSee\updateC2.ocx, uusee.com)
[BoBo P2P多媒体网络点播/广播/直播系统 V3]
{EC0978ED-24E3-403C-AB7A-060E388553E6} (C:\WINDOWS\DOWNLO~1\BOBO_A~1.OCX, 广州易播信息科技有限公司)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[Thunder Browser Helper]
{33BBE42F-0E42-4F12-B075-8D21ACB10DCB} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD)
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China)
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china)
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} (C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.)
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} (C:\PROGRA~1\3721\autolive.dll, )
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} (C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.)
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China)
[&使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A)
[&使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A)
[上传到QQ网络硬盘]
(E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A)
[添加到QQ自定义面板]
(E:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(E:\Program Files\Tencent\QQ\SendMMS.htm, N/A)
[用比特精灵下载(&B)]
(C:\Program Files\BitSpirit\bsurl.htm, N/A)

你好，你的病毒问题解决了吗？我今天也中了这种病毒Trojan.PSW.OnLineGame啊，如果你解决了麻烦帮我一下啊！

呵呵,都是在为这事烦啊?我也是啊.这狗日的是什么病毒啊
那么多变种,杀了又来,烦都烦死了

我也中了，不知道该怎么杀呀

顶帖http://forum.ikaka.com/topic.asp?board=28&artid=8290293
还有你的日志不全，请关闭无关项重新扫描，不要修改，分几次贴出

特洛伊木马!!
我前段时间和你一样!!怎么杀也不行!!
我是 进入安全模式 找出所感染文件全部删除!!
再用rising查杀一遍!!扫描一下系统漏洞,及时打上BD!!
我也是重装系统N遍,新装的系统出来  再查杀还是有毒!!
后来才发现是rising备份文件被感染了,重新下了rising安装程序文件,再装!!现在已经OK了!!

我中了好多 tsjpsw.psw.onlinegames.yg tsjpsw.psw.onlinegames.yv  还有好几个这都是什么毒啊  杀了重起电脑 还有 郁闷