瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » HJ扫描出来的病毒文件无法删除,请教!谢谢。
bluecosmic - 2005-10-31 13:34:00
C:\WINNT\system32\fp8203loe.dll(已改名)
C:\WINNT\system32\jkklm.dll
C:\WINNT\system32\mllml.dll
这三个删除不掉,用killbox也无法删除,但c:\!submit\jkklm.dll 和 mllml.dll倒是可以删除。现在办公室电脑的问题都是如此——无法删除!
请问该如何处理?谢谢。
安模下再次扫描如下:
——————————————
Logfile of HijackThis v1.99.1
Scan saved at 11:08:30, on 2005-10-31
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rav\RAVMON.EXE
C:\Program Files\Rising\Rav\RAVTRAY.EXE
C:\Program Files\Rising\Rav\RavService.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
bluecosmic - 2005-10-31 13:35:00
日志继续:
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINNT\system32\jkklm.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - C:\WINNT\Downlo~1\ddtkillw.ocx
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINNT\system32\mllml.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavTray] C:\Program Files\Rising\Rav\RavTray.exe
O4 - HKLM\..\Run: [RavMon] C:\Program Files\Rising\Rav\RavMon.exe -system
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - C:\WINNT\Downlo~1\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加QQ网络收藏夹 - C:\Program Files\Tencent\qq\NAF.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: 情景聊天 - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (VGAPlayer Control) - http://www.jxedu.com.cn/gwy/ggglx/01/VGAPlayer.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://218.108.248.143/zvc/plugin/myv3na.cab
O16 - DPF: {D083891E-C11A-11D6-9A01-0010D7094A99} (bfdown Class) - http://www.gameabc.com/Gameintro/inc/bfinst.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O20 - Winlogon Notify: jkklm - C:\WINNT\SYSTEM32\jkklm.dll
O20 - Winlogon Notify: mllml - C:\WINNT\system32\mllml.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINNT\system32\fp8203loe.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
天使之剑 - 2005-10-31 15:02:00
【回复“bluecosmic”的帖子】



请楼主使用下面的两个多引擎扫描器扫描下列文件:
C:\WINNT\system32\fp8203loe.dll
C:\WINNT\system32\jkklm.dll
C:\WINNT\system32\mllml.dll
多引擎扫描之Virustotal:
http://www.virustotal.com/
多引擎扫描之Jotti
http://virusscan.jotti.org/


请务必将报告贴全。
将以下文件上报瑞星:
C:\WINNT\system32\fp8203loe.dll
C:\WINNT\system32\jkklm.dll
C:\WINNT\system32\mllml.dll
下载VundoFix:

http://www.atribune.org/downloads/VundoFix.exe
将它解压至桌面,会看到一个VundoFix文件夹。重新启动计算机,运行该文件夹中的KillVundo.bat。将C:\WINDOWS\system32\jkklm.dll填入,按“Enter”按钮。然后填入C:\WINDOWS\system32\mlkkj.*,按“Enter”按钮。
重新运行HijackThis,修复:
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINNT\system32\jkklm.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINNT\system32\mllml.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINNT\system32\fp8203loe.dll
下载并使用CleanUp!:

http://forum.ikaka.com/topic.asp?board=67&artid=7241088
天使之剑 - 2005-10-31 15:08:00
【回复“bluecosmic”的帖子】



修复期间的那次重启是指重启至安全模式。
天使之剑 - 2005-10-31 15:19:00
【回复“bluecosmic”的帖子】



另外纠正一下,下载VundoFix.exe后是运行它而不是解压。
bluecosmic - 2005-10-31 16:51:00

Logfile of HijackThis v1.99.1
Scan saved at 16:38:30, on 2005-10-31
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - C:\WINNT\Downlo~1\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加QQ网络收藏夹 - C:\Program Files\Tencent\qq\NAF.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: 情景聊天 - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (VGAPlayer Control) - http://www.jxedu.com.cn/gwy/ggglx/01/VGAPlayer.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://218.108.248.143/zvc/plugin/myv3na.cab
O16 - DPF: {D083891E-C11A-11D6-9A01-0010D7094A99} (bfdown Class) - http://www.gameabc.com/Gameintro/inc/bfinst.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\n86q0ij5e8o.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
bluecosmic - 2005-10-31 16:57:00
http://virusscan.jotti.org/扫描后制订为特若依木马,卡巴斯基能杀。卸载rav,安装卡巴斯基,升级,能查不能杀。进dos,del C:\WINNT\system32\jkklm.dll 和 C:\WINNT\system32\mllml.dll。那个变名dll不能查,找到个可疑的变名dll,备份,del
重启,Hj扫描显示n86q0ij5e8o.dll存在,用vundofix删除C:\WINNT\system32\n86q0ij5e8o.dll,重启,Hj扫描如下:cleanup在学,问题仍然存在:)
————————
Logfile of HijackThis v1.99.1
Scan saved at 16:38:30, on 2005-10-31
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - C:\WINNT\Downlo~1\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加QQ网络收藏夹 - C:\Program Files\Tencent\qq\NAF.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: 情景聊天 - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (VGAPlayer Control) - http://www.jxedu.com.cn/gwy/ggglx/01/VGAPlayer.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://218.108.248.143/zvc/plugin/myv3na.cab
O16 - DPF: {D083891E-C11A-11D6-9A01-0010D7094A99} (bfdown Class) - http://www.gameabc.com/Gameintro/inc/bfinst.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\n86q0ij5e8o.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

天使之剑 - 2005-10-31 17:07:00
【回复“bluecosmic”的帖子】



感谢bluecosmic朋友能按照我的要求进行了第2楼的相关操作。
进入DOS,输入:
C:
Cd WINNT
Cd SYSTEM32
Dir *.dll(找到这个变名的链接库)
Attrib -r -s -h 这个链接库
Regsvr32 /u 这个链接库
Del 这个链接库
修复相关的O20项。
bluecosmic - 2005-10-31 17:55:00
Dir *.dll(找到这个变名的链接库)

这步太难了,进入dos下就变名了,实在难找。

再慢慢看看有没可疑的,呵呵

另用木马工具扫描出:tro2005-5-31-spyware-hooldll,73728;
c:\winnt\system32\rpcns4.dll怀疑为木马广告,这个已经del。
bluecosmic - 2005-10-31 18:02:00
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\n86q0ij5e8o.dll
每次开机这个Winlogon Notify 都会改变  请问就上面的log 帮我分析下
天使之剑 - 2005-10-31 18:12:00
【回复“bluecosmic”的帖子】



下面两个控件如果楼主不认识的话请修复:
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://218.108.248.143/zvc/plugin/myv3na.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
使用HijackThis扫描,记住与这个O20项相关的文件。调用命令提示符,去属性并反注册这个文件,然后删除。最后修复这个O20项。
bluecosmic - 2005-10-31 18:28:00
请问去属性并反注册这个文件该如何操作:)
天使之剑 - 2005-10-31 18:50:00
【回复“bluecosmic”的帖子】



请bluecosmic朋友参考第7楼的意见,但注意不要重新启动计算机。
bluecosmic - 2005-11-1 10:59:00
修复:
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://218.108.248.143/zvc/plugin/myv3na.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
HijackThis扫描,O20项为n86q0ij5e8o.dll
进入DOS,至c;\winnt\SYSTEM32下,每次进入dos,这个n86q0ij5e8o.dll都变名,这次居然没有,
Dir n86q0ij5e8o.dll
Attrib -r -s -h n86q0ij5e8o.dll;无法应用,提示正在运行;
Regsvr32 /u n86q0ij5e8o.dll,无法反注册,提示正在运行;
Del n86q0ij5e8o.dll,居然成功
重启,进入安全模式,没找到n86q0ij5e8o.dll,运行HijackThis修复020项。重启进入系统~~~晕倒~~~还在!!!又变名!!!(灰溜溜回家去¥#◎……%)
天使之剑 - 2005-11-1 12:24:00
【回复“bluecosmic”的帖子】



楼主的计算机中似乎存在一种称为“Look2Me”的间谍软件,手动清除它不太可能,现在借用下面这个工具L2MFix:

http://www.atribune.org/downloads/l2mfix.exe
1、保存该文件至桌面,双击l2mfix.exe;
2、按下“Install”按钮,安装该工具,双击进入新产生的L2MFix文件夹;
3、双击l2mfix.bat,选择选项1,称为Run Find Log,回车,等待一到两分钟后,会弹出一份报告,请将它贴上来。
bluecosmic - 2005-11-2 9:12:00
谢天使之剑,报告如下:
——————————————
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\h62olgf3162.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW  Read        BUILTIN\Users
(ID-IO) ALLOW  Read        BUILTIN\Users
(ID-NI) ALLOW  Read        BUILTIN\Power Users
(ID-IO) ALLOW  Read        BUILTIN\Power Users
(ID-NI) ALLOW  Full access BUILTIN\Administrators
(ID-IO) ALLOW  Full access BUILTIN\Administrators
(ID-NI) ALLOW  Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AAECDE91-21A9-1DAA-AEDC-7FD436232186}"=""

**********************************************************************************
Shell Extension key:
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Invalid keyboard code specified

C:\WINNT\SYSTEM32\
  wghext.dll    Wed  2005-10-26  16:36:22  ..S.R        234,272  228.78 K
  nvtman.dll    Mon  2005-10-31  15:57:18  ..S.R        234,033  228.55 K
  tvpi32.dll    Mon  2005-10-31  12:18:28  ..S.R        237,008  231.45 K
  glgiftga.dll  Tue  2005-08-23  17:15:14  A....        32,768    32.00 K
  gljpg.dll      Tue  2005-08-23  17:15:14  A....        94,208    92.00 K
  glpng.dll      Tue  2005-08-23  17:15:14  A....        94,208    92.00 K
  czrsrv.dll    Wed  2005-10-26  14:56:04  ..S.R        234,272  228.78 K
  dhcompos.dll  Thu  2005-10-27  9:02:30  ..S.R        235,569  230.05 K
  drsrslvr.dll  Wed  2005-11-02  9:01:24  .....        235,585  230.06 K
  enn8l1~1.dll  Wed  2005-10-26  16:20:44  ..S.R        234,458  228.96 K
  wvspdmod.dll  Wed  2005-10-26  16:44:02  ..S.R        234,272  228.78 K
  oaethk32.dll  Mon  2005-10-31  11:02:14  ..S.R        235,283  229.77 K
  wvpasf.dll    Mon  2005-10-31  14:28:42  ..S.R        234,033  228.55 K
  atmtd.dll      Tue  2005-10-25  9:40:56  A....        687,592  671.48 K
  nydskcc.dll    Wed  2005-10-26  16:00:06  ..S.R        234,458  228.96 K
  lv4s09~1.dll  Tue  2005-11-01  14:02:50  ..S.R        234,259  228.77 K
  glzip.dll      Tue  2005-08-23  17:15:12  A....        69,632    68.00 K
  glcards.dll    Tue  2005-08-23  17:15:12  A....        807,424  788.50 K
  glmpdll.dll    Tue  2005-08-23  17:15:12  A....        94,208    92.00 K
  glsocks.dll    Tue  2005-08-23  17:15:12  A....        10,240    10.00 K
  glmpeg.dll    Tue  2005-08-23  17:15:14  A....        57,344    56.00 K
  gliedo~1.dll  Tue  2005-08-23  17:15:14  A....        106,496  104.00 K
  glcomp~1.dll  Tue  2005-08-23  17:15:12  A....        57,344    56.00 K
  ywriin~1.dll  Wed  2005-10-26  16:18:44  ..S.R        234,458  228.96 K
  kt66l7~1.dll  Fri  2005-10-28  16:33:32  ..S.R        235,483  229.96 K
  epfpix~1.dll  Mon  2005-10-31  12:38:34  ..S.R        234,033  228.55 K
  h62olg~1.dll  Tue  2005-11-01  11:03:48  ..S.R        235,585  230.06 K

27 items found:  27 files (15 H/S), 0 directories.
  Total of file sizes:  5,868,525 bytes      5.59 M
Locate .tmp files:

C:\WINNT\SYSTEM32\
  guard.tmp      Wed  2005-11-02  9:03:24  ..S.R        235,585  230.06 K

1 item found:  1 file (1 H/S), 0 directories.
  Total of file sizes:  235,585 bytes    230.06 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0D25-160A

Directory of C:\WINNT\System32

2005-11-02  09:03              235,585 guard.tmp
2005-11-01  14:02              234,259 lv4s09h7e.dll
2005-11-01  11:03              235,585 h62olgf3162.dll
2005-10-31  15:57              234,033 nvtman.dll
2005-10-31  14:41              165,624 lmllm.ini
2005-10-31  14:28              234,033 wvpasf.dll
2005-10-31  12:38              234,033 epfpixpsets.dll
2005-10-31  12:18              237,008 TVPI32.DLL
2005-10-31  11:02              162,974 lmllm.bak2
2005-10-31  11:02              235,283 oaethk32.dll
2005-10-28  16:33              235,483 kt66l7js1.dll
2005-10-28  11:56              162,351 lmllm.bak1
2005-10-27  09:02              235,569 dhcompos.dll
2005-10-26  16:44              234,272 wvspdmod.dll
2005-10-26  16:36              234,272 wghext.dll
2005-10-26  16:20              234,458 enn8l15u1.dll
2005-10-26  16:18              234,458 ywriinsert.dll
2005-10-26  16:00              234,458 nydskcc.dll
2005-10-26  14:56              234,272 CZRSRV.DLL
2004-04-13  15:17      <DIR>          dllcache
              19 File(s)      4,248,010 bytes
              1 Dir(s)  6,210,830,336 bytes free
————————————————
天使之剑 - 2005-11-2 11:35:00
【回复“bluecosmic”的帖子】



建议下载并使用CoolWeb粉碎机:
[必读]本版说明及常用小软件下载第3楼有教程和下载地址。

http://forum.ikaka.com/topic.asp?board=67&artid=5188931
修复前请关闭所有不必要的窗口。
双击L2MFix文件夹中的l2mfix.bat,键入2,然后回车,进行修复。按任意键重新启动计算机。重新启动后桌面图标会出现然后消失,这是正常的现象。L2MFix会继续扫描计算机直到弹出一份报告。
使用CoolWeb粉碎机。
再次双击L2MFix文件夹中的l2mfix.bat,键入2,让L2MFix修复注册表键。
双击L2MFix文件夹中的l2mfix.bat,键入4,然后回车。修复Winlogon定义。
最后请楼主附上修复报告和修复完成后的HijackThis报告。
bluecosmic - 2005-11-2 12:29:00
coolweb报告如下:
————————
Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rga:(ci)) - There is no ACE to remove!


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW  Read        BUILTIN\Users
(ID-IO) ALLOW  Read        BUILTIN\Users
(ID-NI) ALLOW  Read        BUILTIN\Power Users
(ID-IO) ALLOW  Read        BUILTIN\Power Users
(ID-NI) ALLOW  Full access BUILTIN\Administrators
(ID-IO) ALLOW  Full access BUILTIN\Administrators
(ID-NI) ALLOW  Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access CREATOR OWNER
——————

HiJackThis报告如下:
————————————————
Logfile of HijackThis v1.99.1
Scan saved at 12:17:25, on 2005-11-2
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - C:\WINNT\Downlo~1\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加QQ网络收藏夹 - C:\Program Files\Tencent\qq\NAF.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: 情景聊天 - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\Downlo~1\DDTONG~1.DLL
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - C:\WINNT\Downlo~1\rssband.dll (HKCU)
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\j22q0cf5ef2.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
————————————
bluecosmic - 2005-11-2 12:33:00
貌似广告倒不弹出来了,
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\j22q0cf5ef2.dll
这个居然还在!

天使之剑 - 2005-11-2 12:56:00
【回复“bluecosmic”的帖子】



辛苦bluecosmic朋友了。
下载并使用Spy Sweeper试用版:

http://www.webroot.com/downloads/
点击右边的“Free Trial”链接,安装并更新Spy Sweeper,使用Spy Sweeper修复,然后导出报告。



感谢bluecosmic朋友的耐心配合。
bluecosmic - 2005-11-2 16:08:00
spy sweeper扫描如下:
——————————————————————————————
********
15:34: |      Start of Session, 2005年11月2日      |
15:34: Spy Sweeper started
15:34: Sweep initiated using definitions version 564
15:34: Starting Memory Sweep
15:34:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  Found Adware: icannnews
15:35:  Detected running threat: C:\WINNT\system32\t8r8li9u18.dll (ID = 83)
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:35:  Detected running threat: C:\WINNT\system32\porfnw.dll (ID = 83)
15:36:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:36:  Detected running threat: C:\WINNT\system32\guard.tmp (ID = 83)
15:36:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:36: Memory Sweep Complete, Elapsed Time: 00:01:20

—————————>to be continue...
bluecosmic - 2005-11-2 16:10:00
(2)
15:36: Starting Registry Sweep
15:36:  Found Adware: cnsmin
15:36:  HKCR\interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1}\  (8 subtraces) (ID = 106174)
15:36:  HKCR\interface\{be08f6bc-c3e6-4149-beb1-cb449e1b372e}\  (8 subtraces) (ID = 106178)
15:36:  HKLM\software\classes\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\  (9 subtraces) (ID = 106206)
15:36:  HKLM\software\classes\typelib\{19069804-2cf0-4357-b696-ba6e9aad99ef}\  (9 subtraces) (ID = 106207)
15:36:  HKLM\software\cnnic\ (ID = 106210)
15:36:  HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\cnsmin.dll (ID = 106248)
15:36:  HKCR\typelib\{4158db95-de71-41ff-bea1-2c3d1c679df1}\  (9 subtraces) (ID = 106260)
15:36:  HKCR\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\  (9 subtraces) (ID = 106261)
15:36:  HKCR\typelib\{19069804-2cf0-4357-b696-ba6e9aad99ef}\  (9 subtraces) (ID = 106262)
15:36:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:36:  Found System Monitor: sc-keylog
15:36:  HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\  (6 subtraces) (ID = 140468)
15:36:  Found Trojan Horse: iedown
15:36:  HKCR\clsid\{d0a29c6c-aa71-4423-8c4a-5998b774c448}\  (21 subtraces) (ID = 144126)
15:36:  HKCR\gliedown.iedown\  (5 subtraces) (ID = 144127)
15:36:  HKCR\gliedown.iedown.1\  (3 subtraces) (ID = 144128)
15:36:  HKCR\interface\{2f6385b1-1dc1-4278-8700-31d52f995112}\  (8 subtraces) (ID = 144129)
15:36:  HKLM\software\classes\clsid\{d0a29c6c-aa71-4423-8c4a-5998b774c448}\  (21 subtraces) (ID = 144130)
15:36:  HKLM\software\classes\gliedown.iedown\  (5 subtraces) (ID = 144131)
15:36:  HKLM\software\classes\gliedown.iedown.1\  (3 subtraces) (ID = 144132)
15:36:  HKLM\software\classes\interface\{2f6385b1-1dc1-4278-8700-31d52f995112}\  (8 subtraces) (ID = 144133)
15:36:  HKLM\software\classes\typelib\{c997be00-8ffa-4784-8da4-34722569ff82}\  (9 subtraces) (ID = 144134)
15:36:  HKCR\typelib\{c997be00-8ffa-4784-8da4-34722569ff82}\  (9 subtraces) (ID = 144135)
15:36:  Found Adware: virtumonde
15:36:  HKCR\msevents.msevents\  (5 subtraces) (ID = 749130)
15:36:  HKCR\msevents.msevents.1\  (3 subtraces) (ID = 749136)
15:36:  HKLM\software\classes\msevents.msevents\  (5 subtraces) (ID = 749153)
15:36:  HKLM\software\classes\msevents.msevents.1\  (3 subtraces) (ID = 749157)
15:36:  Found Trojan Horse: trojan-downloader-conhook
15:36:  HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\  (3 subtraces) (ID = 833627)
15:36:  HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\  (3 subtraces) (ID = 833628)
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\main\ || cnsautoupdate (ID = 106221)
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\main\ || cnsenable (ID = 106222)
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\main\ || cnslist (ID = 106224)
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\main\ || cnsmenu (ID = 106225)
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
15:36:  Found Adware: findthewebsiteyouneed hijacker
15:36:  HKU\S-1-5-21-1409082233-1606980848-682003330-500\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
15:36: Registry Sweep Complete, Elapsed Time:00:00:07
15:36: Starting Cookie Sweep
15:36:  Found Spy Cookie: yieldmanager cookie
15:36:  administrator@ad.yieldmanager[2].txt (ID = 3751)
15:36: Cookie Sweep Complete, Elapsed Time: 00:00:00
15:36: Warning: Failed to open file "c:\pagefile.sys". 拒绝访问。
15:36: Starting File Sweep
15:36:  Found Adware: look2me
15:36:  installer.exe (ID = 168558)
15:36:  Found Adware: isearch desktop search
15:36:  mte3ndi6odoxng.exe (ID = 178687)
15:36:  icont.exe (ID = 65722)
15:36:  wghext.dll (ID = 163672)
15:36:  czrsrv.dll (ID = 163672)
15:36:  wvspdmod.dll (ID = 163672)
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:36:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  Found Adware: apropos
15:37:  atmtd.dll (ID = 166754)
15:37:  gliedown2.dll (ID = 79911)
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  atmtd.dll._ (ID = 166754)
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  Warning: Failed to open file "c:\winnt\system32\t8r8li9u18.dll". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\ktnsl7571.dll". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\porfnw.dll". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\software.log". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\default.log". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\security". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\security.log". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\system.alt". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\sam". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\sam.log". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\system". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\software". 进程无法访问文件,因为另一个程序正在使用此文件。
15:37:  Warning: Failed to open file "c:\winnt\system32\config\default". 进程无法访问文件,因为另一个程序正在使用此文件。
_________>to be continue...
bluecosmic - 2005-11-2 16:13:00
(3)
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:37:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:38:  Found Adware: isearch toolbar
15:38:  cmdinst.exe (ID = 154747)
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:38:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  cnsminex.dll (ID = 53263)
15:39:  cnsminex.ini (ID = 53264)
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:39:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse00d4b35-f1d4-47bd-837f-59c7d9906ac7.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7d7ea23a-73a2-4908-a8f8-5d27e65c80c6.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf0612a93-cae0-4ed6-a710-9ab4ab4b330f.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc78c4a7c-bffc-4eef-b1fd-ef52d401399b.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsfa3d2422-2ed5-45c3-8df0-1eb4f0b188af.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1f394a28-6f3f-4701-a855-81edf99b26b7.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs10ef0f4a-9cc4-4ae7-a6bc-6d9765d5a7b9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs90590080-3ef5-4e47-bba0-8b114340dc73.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0ae150ed-59c7-455c-9ad4-add4abed41ed.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs90a38ae8-d161-447a-a612-26f710cb5bdb.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs30b41a8f-ce85-474c-9295-b65192ec1814.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs01bd82fc-6abe-4f09-809a-697c05895d2b.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4faf3751-8b86-4d8c-82ff-f344b5d50a03.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3ee3a69a-4f67-461c-bcd2-55dd43001f76.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
_____________>to be continue...
bluecosmic - 2005-11-2 16:20:00
(4)
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs688915d2-80ff-4a89-8337-971d34a95344.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscscdad80f9-3c28-4c90-855e-77639d9acb41.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs14d2c238-fd34-4a33-ac53-cb62e0bac7a9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7381b328-33e3-408a-ac97-c173b6935301.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd4e876b1-f79c-4bfb-b01c-766ffa0db82a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5a42c486-49be-4e9d-bbe3-306537683a2c.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs222b85d0-f50c-4901-a141-0dcdffee2d73.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbf765f25-ef20-44c1-8875-72d452be500c.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscseaff0743-ee69-42a2-be82-fc697d15ce4a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd85af2d7-7dea-430c-9890-81a3914f486b.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs701a77ba-4b53-450b-8c26-e5d4e56d67ae.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1d4ea6c4-f192-48b6-bf59-7553662eccd9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb9442aaf-31ff-4b66-92ab-f7fb3111b1c3.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdb48b5f7-9955-4380-9a36-454a665740cf.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa6cd9948-903c-44da-b3ad-8fed816e4406.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6d1db31b-0aee-42f6-979a-e1c366df5ff4.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3135e5f8-7496-435f-95f8-d892f43e4be2.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8d915fbe-597c-4f8d-9736-a4eeb409371a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs50a8fdce-7176-431f-9cad-233e54459017.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc8ecdc44-ad71-4cb6-ad64-6af9b418fbed.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs26a20731-5f1d-4048-8974-eee4e6c98d26.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs562a4a1a-d719-42d3-b8ef-cb5470282572.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4960392e-d2cb-4d16-8347-c579de84c615.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs33072c58-1063-4f96-b4fa-2745ad959b0e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs75217be1-8281-4628-aeee-b04592e30409.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb8d398a0-c257-423b-9ee7-4d7e57f74219.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc88a9b93-6a4c-4d5a-962b-5e7dbe11e73e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd027bce9-4c3c-49dc-8ae6-fb1d56a7e3f7.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs415a73e5-db4d-4a9a-b6f3-62021d3d81a3.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs35f99d3b-0cfa-40a5-bf72-a1553767b98a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc0a89381-6f10-4587-b969-17af35e98529.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7737382b-c67f-4dea-bc35-46a99e53d0a6.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf01bf926-d6e0-4e51-b0c5-9110f4eab5e4.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2f0a1584-ff65-45ec-ba29-80f230c5e3e9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsddee9fdb-8e7c-441b-ae2c-88a02756de02.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs99790651-b677-4483-8fd0-ec9c247bdab1.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7760c4e1-b123-4978-8207-1ca746289cf7.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs97ba5f50-877d-4e6e-bf58-26816f0b7da9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7135563a-aeee-41c1-a58f-89928094425e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbf63ca47-1686-40f8-986b-242683e3f255.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb9057cb4-4029-4e44-b819-6c8eee23ac51.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6dba8f59-adad-403c-b6e3-b8e97ebff8c0.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse23c77a5-66aa-43a4-bc99-6defef822c00.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3d07ffed-446d-4b65-8907-9826366604ce.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2ee914a7-e215-494e-9806-c8d2de5351e8.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs685581b2-fa86-438d-9c1b-8b171fc0c2c5.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
_____________>to be continue...

bluecosmic - 2005-11-2 16:22:00
(5)
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs91878f3d-bf7e-4d6d-bca2-42fdd6feca58.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs34e3fa02-e93b-4618-898a-378d1ce5927b.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs48642309-7ced-45a6-a6c6-48e7789267af.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1d9a3722-2c53-44cf-b00e-7cb70a23a6d3.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb10b4622-bb0f-4a79-986f-888a7872845e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1e7a2b41-f75a-491c-bf45-8f6adc7d6062.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsee8b2000-0790-41e5-a912-db2ea587d8f7.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs70ee130f-6678-44ad-889d-492181d220bb.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8d68b953-a5dd-458f-a210-e37e99e64fe9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1a4870e2-343e-4cdf-be44-ef3cbe96afad.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2977ab70-a380-4735-81b0-7baf8dc1623e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5e767820-4c29-420a-8e3c-8f667cb9ffe6.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs14b94eb2-340b-44ce-ba0e-4ee449788452.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs55bed9fc-7c1c-4303-bd65-783ee0c0677e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse3bb7338-a846-42f0-a19a-5069bf0f1939.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsacac0a0c-14c6-447b-bb25-be0e0022d82f.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsac92dea1-88aa-4cc0-836c-5739a5b09852.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6989f320-c5a1-477d-9055-16e44038ab72.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf5a0131c-a55f-4e1b-b676-2626451e1ace.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse61b5dc3-2d9d-42a4-a8be-161b30b4a3b2.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs761e4867-b5f6-473b-9f1a-a4a7810b13c4.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs132bf290-8513-4149-8044-63240004a1cd.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb6cfadbe-81c7-47cd-88f4-9060bd201f35.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc42e11bc-73f2-4903-964b-0776c2e6009e.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdb28dad8-f8bf-49f0-9b0c-849044ac1e7a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5e01671c-2915-475d-8598-a3295f1ebeb9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8e172509-48af-47c3-abe7-5eda22cc64ae.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5d95a2b5-9fb1-4773-825f-d89aefff2e79.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb4db5b78-5666-4ee4-b257-a48d35b04cff.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs867b67fd-8ca6-4002-a421-926efbd51cfb.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsfcfd371d-1227-45bd-a641-223d3305bee6.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1ec746b2-37aa-4724-8c69-aece8890a646.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
_____________>to be continue...
bluecosmic - 2005-11-2 16:25:00
(6)
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf93e8c67-0eb0-438a-b5e9-15079e14a05a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5a0e6f85-d9ea-4f10-bd09-380fb5e55054.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs584dc302-5179-4f44-b427-a4744b9763f5.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsfb4ed6d5-effd-4723-858d-c752bf3d4a34.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbc505888-f189-4601-b5d5-94f802f39d9b.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0de737e1-eff2-45b6-a843-37e11d751811.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs107eb6a3-eb0f-45f8-abb0-9751d5a5f7d6.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs67f2bebd-f3fb-419e-b265-c8c11f90f9be.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs37785753-822b-4eea-875d-9243a21b55f9.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3660818e-0473-4633-926e-dfa48c9f0c9a.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs80d5d9d0-41e5-4433-9e3b-aca62d187226.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa2003c5c-491e-4198-a568-7b09a1a4a8dc.tmp". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat.log". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat.log". 进程无法访问文件,因为另一个程序正在使用此文件。
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:40:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:41:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:41:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:41:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
_____________>to be continue...
bluecosmic - 2005-11-2 16:27:00
(7)
_____________>to be continue...
bluecosmic - 2005-11-2 16:27:00
(8)
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:44:  5d2dc39a-58b7-4938-9b80-731958 (ID = 144946)
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45: File Sweep Complete, Elapsed Time: 00:09:37
15:45: Full Sweep has completed.  Elapsed time 00:11:10
15:45: Traces Found: 231
15:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
_____________>to be continue...
bluecosmic - 2005-11-2 16:29:00
(9)
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:46: Removal process initiated
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  Quarantining All Traces: look2me
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  Quarantining All Traces: iedown
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:46:  Quarantining All Traces: sc-keylog
15:46:  Quarantining All Traces: trojan-downloader-conhook
15:46:  Quarantining All Traces: apropos
15:46:  Quarantining All Traces: cnsmin
15:47:  Quarantining All Traces: findthewebsiteyouneed hijacker
15:47:  Quarantining All Traces: icannnews
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  icannnews is in use.  It will be removed on reboot.
15:47:    C:\WINNT\system32\t8r8li9u18.dll is in use.  It will be removed on reboot.
15:47:    C:\WINNT\system32\porfnw.dll is in use.  It will be removed on reboot.
15:47:    C:\WINNT\system32\guard.tmp is in use.  It will be removed on reboot.
15:47:  Quarantining All Traces: isearch desktop search
15:47:  Quarantining All Traces: isearch toolbar
15:47:  Quarantining All Traces: virtumonde
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:47:  Quarantining All Traces: yieldmanager cookie
15:47:  Preparing to restart your computer. Please wait...
15:47: Removal process completed.  Elapsed time 00:00:44
********
15:33: |      Start of Session, 2005年11月2日      |
15:33: Spy Sweeper started
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:34: Your spyware definitions have been updated.
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:34:
| End of Session, 2005年11月2日      |
魔法学徒 - 2005-11-2 20:43:00
使用Spy Sweeper修复并重启后,您的问题是否还在?
12
查看完整版本: HJ扫描出来的病毒文件无法删除,请教!谢谢。
© 2000 - 2026 Rising Corp. Ltd.