worm.lover.a是什么病毒  今晚AVG突然弹出来提示C:\program files\internet explorer\iexplorer.exe里面有这个病毒  怎么处理  高人帮忙

日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 23:25:23, on 2008-08-10
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常

正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\360Safebox\safeboxTray.exe
D:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\VM_STI.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
d:\Program Files\StormII\stormliv.exe
d:\Program Files\Helexis\Drive Health\dhcore.exe
C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Tencent\QQ\QQ.exe
d:\Program Files\Tencent\QQ\TXPlatform.exe
D:\Program Files\KuGoo2007\KuGoo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\安装\ha_hijackthisv2_pp\HA_HijackThisv2_PP\HiJackThis_v2.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (未命名) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (没有文件)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - d:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows木马防火墙] D:\Program Files\ftc\Trojanwall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [360Safetray] d:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE SOVIC PC Camera
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'Default user')
O8 - 扩展右键菜单项: "添加到反广告" - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Excel(&X) - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - d:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - d:\Program Files\Holdfast\Platform\GameClient.exe (file missing)
O9 - Extra button: Web 流量保护状态 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://site.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178434398812
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} (金山毒霸在线产品升级) - http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - d:\Program Files\StormII\stormliv.exe
O23 - Service: DriveHealth - Helexis Software Development - d:\Program Files\Helexis\Drive Health\dhcore.exe
O23 - Service: HD_CertService - Unknown owner - C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
文件结束 - 8859 字节

请按照版规上传HIJACKTHIS日志与SRENG日志。

病毒别名：Worm.Win32.Delf.n[AVP]
处理时间：
威胁级别：★★
中文名称：
病毒类型：蠕虫
影响系统：Win9x / WinNT
病毒行为:
这是一个用Delphi 编写的蠕虫病毒，在每天的早八点到晚八点之间的整点和凌晨0点病毒程序运行。病毒运行时会显示一些文字和窗口.

1).生成文件一个文件及多个副本：
病毒文件：%\Love.exe

副本： %\windows\sys32.exe
%\windows\System\shell.exe
%\Windows\Command\Deltree.exe
2).添加启动项，使得病毒在计算机在启动时运行。：
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Load 键值 %\windows\sys32.exe
3).显示的文字信息：IGNORANCE MONOTONY DEJECTION AIMLESSNESS YOUR - LIFE ALL WE are DUST and SHEDOWS DO YOU WANT? TO KNOW? WHO AM I? I AM... JUSTICE
SKY EARTH PLANTS ANIMALS PEOPLE WHAT FOR IT ALL?

Quote:

引用第1楼happyboys_xp于2008-08-10 23:00发表的  :
请按照版规上传HIJACKTHIS日志与SRENG日志。

HIJACKTHIS日志已经上传 SRENG日志超过5字节不能上传怎么办

Quote:

引用第3楼tony95于2008-08-10 23:36发表的  :


HIJACKTHIS日志已经上传 SRENG日志超过5字节不能上传怎么办

不要以附件的形式上传就可以啊。
另外HIJACKTHIS日志没有看出什么问题。。
不过你的启动项还真多啊。。这样很影响系统的速度地。。

进安全模式杀试下,关闭系统还原

谢谢了  可能是误报  今天又不报有病毒了