一进入系统打开“我的电脑”就提示有病毒,Trojan.win32.undef.qjb Trojan.win32.undef.vpv
病毒文件所在 c:\windows\system32\liprip.dll 瑞星清毒失败,提示删除文件,
一旦删除文件系统就马上重启,开机后病毒仍在。好像还有别的病毒。
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 20:26:27,2009-2-5
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v7.00 (7.00.6000.16762)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\internet applications\system safety\rising\Rising\Rav\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\internet applications\system safety\rising\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
D:\internet applications\system safety\rising\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\Explorer.EXE
D:\system software\Apache 2.2.4\bin\httpd.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\system software\my sql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\internet applications\tools\O&O Defrag\Defrag\oodag\oodag.exe
D:\internet applications\system safety\rising\Rising\Rav\RavTask.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\internet applications\system safety\rising\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\svchost.exe
D:\system software\Apache 2.2.4\bin\httpd.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
D:\internet applications\ASUS software\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ACEngSvr.exe
D:\internet applications\system safety\rising\Rising\Rav\RsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\internet applications\system safety\safety tools\HiJackThis\hijackthis_v2.02h\HijackThis.exe
R3 - 默认 URLSearchHook 丢失
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\internet applications\downloading tools\thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Promote Class - {0FA24E3E-422C-4D94-A125-104F32352C90} - C:\WINDOWS\system32\promote.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (未命名) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (没有文件)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\internet applications\downloading tools\thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (未命名) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\INTERN~1\tools\酷狗\kugoo\200641~1\KUGOO3~1.OCX
O2 - BHO: QuickFlash - {BF50AC63-19DA-487E-AD4A-0B452D823B59} - C:\WINDOWS\system32\fsutk.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] D:\internet applications\ASUS software\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\internet applications\Adobe read\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] ; D:\internet applications\tools\picasa\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RavTray] "D:\internet applications\system safety\rising\Rising\Rav\RsTray.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MultiFrame.lnk = ?
O8 - 扩展右键菜单项: Snip to my eSnips account - D:\internet applications\tools\esnips\res\SnipIt.htm
O8 - 扩展右键菜单项: 使用KuGoo3下载(&K) - D:\internet applications\tools\酷狗\kugoo\200641114556422\KuGoo3DownX.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - D:\internet applications\downloading tools\thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - D:\internet applications\downloading tools\thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://D:\INTERN~1\WORKSO~1\OFFICE~1\MC_OFF~1\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - D:\internet applications\communication software\QQ\qq\AddEmotion.htm
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\internet applications\downloading tools\thunder\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\internet applications\downloading tools\thunder\Thunder.exe
O9 - 额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\games\haofang\Platform\GameClient.exe
O9 - 额外的按钮: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - 额外的“工具”菜单项目: Windows Live Writer 中的“写入日志”(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - 额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\INTERN~1\WORKSO~1\OFFICE~1\MC_OFF~1\OFFICE11\REFIEBAR.DLL
O9 - 额外的按钮: (未命名) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - 额外的“工具”菜单项目: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: imgupldr -
http://download.clients.hexun.com/tools/imgupldr/imgupldr.CABO16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
http://support.asus.com.cn/common/asusTek_sys_ctrl.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://picasaweb.google.com/s/v/29.24/uploader2.cabO16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
https://img.alipay.com/download/2121/aliedit.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://mhxf.spaces.live.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181554398417O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://flory0730.spaces.live.com/PhotoUpload/MsnPUpld.cabO16 - DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (163Uploader Control) -
http://photo.163.com/163Uploader.cabO16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) -
https://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabO16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) -
https://www.tenpay.com/download/qqedit.cabO16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} (BoBoControl Class) -
http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocxO18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Apache2 - Apache Software Foundation - D:\system software\Apache 2.2.4\bin\httpd.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - NT 服务: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务: LiveUpdate - Hewlett-Packard Company - (没有文件)
O23 - NT 服务: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\internet applications\work softening\3dsmax\az\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - NT 服务: MySQL - Unknown owner - D:\system.exe(文件不存在)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: O&O Defrag - O&O Software GmbH - D:\internet applications\tools\O&O Defrag\Defrag\oodag\oodag.exe
O23 - NT 服务: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - D:\internet applications\system safety\rising\Rising\Rav\CCENTER.EXE
O23 - NT 服务: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - D:\internet applications\system safety\rising\Rising\Rav\RavTask.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\internet applications\system safety\rising\Rising\Rav\RavMonD.exe
O23 - NT 服务: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - D:\internet applications\system safety\rising\Rising\Rav\ScanFrm.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
