机子老莫名其妙跳广告。附SRE2.0扫描日志 bbs.ikaka.com

efdff - 2006-9-25 10:10:00

附上日志，请各位慢慢看
2006-09-25,07:56:01

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Advanced Server Service Pack 4 (Build 2195)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<gcasServ><"F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><F:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []

==================================
Startup Folders
[ShutDownPro]
<F:\Documents and Settings\Administrator.LITEONAUTO\「開始」功能表\程式集\啟動\ShutDownPro.lnk><N>

==================================
Services
[ARCserve Database Engine / ASDBEngine]
<"F:\Program Files\ComputerAssociates\ARCserve\DBENG.exe"><Computer Associates International, Inc.>
[ARCserve Discovery Service / ASDiscoverySvc]
<"F:\Program Files\ComputerAssociates\ARCserveITDS\asdscsvc.exe"><Computer Associates>
[ARCserve Job Engine / ASJobEngine]
<"F:\Program Files\ComputerAssociates\ARCserve\jobeng.exe"><N/A>
[ARCserve Message Engine / ASMsgEngine]
<"F:\Program Files\ComputerAssociates\ARCserve\msgeng.exe"><N/A>
[ARCserve Tape Engine / ASTapeEngine]
<"F:\Program Files\ComputerAssociates\ARCserve\tapeeng.exe"><N/A>
[pcAnywhere Host Service / awhost32]
<C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Cheyenne Alert Notification Server / Cheyenne Alert Notification Server]
<"F:\Program Files\ComputerAssociates\ARCserve\Alert\ALERT.exe"><Cheyenne Division Of Computer Associates International, Inc.>
[Logical Disk Manager Administrative Service / dmadmin]
<F:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Altium Designer Network License Service / DXPNetworkSecurityService]
<"F:\Program Files\Altium Designer\DXPSecurityService.exe"><N/A>
[Trend ServerProtect Agent / EarthAgent]
<"F:\Program Files\Trend\SProtect\EarthAgent.exe"><Trend Micro Inc.>
[FLEXlm server for PTC / FLEXlm server for PTC]
<"F:\Program Files\flexnet\i486_nt\obj\lmgrd.exe"><Macrovision Corporation>
[FLEXlm Service 1 / FLEXlm Service 1]
<F:\Program Files\Autodesk Network License Manager\lmgrd.exe><Macrovision Corporation>
[Event Log Watch / LogWatch]
<F:\WINNT\LogWatNT.exe><N/A>
[OfficeScan Master Service / ofcservice]
<C:\OFC\PCCSRV\web\service\ofcservice.exe><Trend Micro Inc.>
[CA Backup Agent for Open Files Service / OpenFileAgent]
<"F:\Program Files\ComputerAssociates\BAOF\Ofant.exe"><Computer Associates International, Inc.>
[Trend ServerProtect / SpntSvc]
<"F:\Program Files\Trend\SProtect\SpntSvc.exe"><Trend Micro Inc.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <F:\WINNT\system32\SafeHelper12.dll, LINKMEDIA Tech>
[參考資料(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <F:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@msdxmLC.dll,-1@1028,收音機[&R]]
{8E718888-423F-11D2-876E-00A0C9082467} <F:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[Encrypt Class]
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <F:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[OfficeScan 管理主控台]
{69B502DF-D12F-4FD7-9892-D8DFA2D96474} <F:\WINNT\DOWNLO~1\ATXCON~1.OCX, Trend Micro Inc.>
[OfficeScan 管理主控台]
{8990AFAD-D352-42AC-A72F-A660BBF6E209} <F:\WINNT\DOWNLO~1\CONFLICT.1\ATXCON~1.OCX, Trend Micro Inc.>
[PieChart Class]
{A050E865-64E3-431B-8079-F0DFCEA90A2D} <F:\WINNT\Downloaded Program Files\AtxPie.dll, Trend Micro Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <F:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[匯出至 Microsoft Office Excel(&X)]
<res://F:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000, N/A>

efdff - 2006-9-25 10:12:00

==================================
Running Processes
[PID: 176][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\F:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 220][\??\F:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[F:\WINNT\system32\PCANotify.dll] <Symantec Corporation><10.5.1.505>
[PID: 248][F:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[F:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 260][F:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 488][F:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 512][F:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[F:\WINNT\system32\HPDCMON.DLL] <Hewlett-Packard><04.20.00>
[F:\WINNT\system32\awmon.dll] <Symantec Corporation><9.2.1>
[PID: 816][F:\Program Files\Trend\SProtect\SpntSvc.exe] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\CheckEVC.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\CheckSecurityPatch.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\StCommon.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\GENKEY32.dll] <Trend Micro Inc.><1, 0, 0, 0>
[F:\Program Files\Trend\SProtect\GetRemoteVer.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\SpTrace.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\LogMaster.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\LogDb.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\Notification.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\TMNotify.dll] <Trend Micro Inc.><1.0.0.1022>
[F:\Program Files\Trend\SProtect\Eng50.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\tmeng.dll] <Trend Micro Inc.><6.800-1034>
[F:\Program Files\Trend\SProtect\StRpcSrv.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\TmRpcSrv.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\AgRpcCln.dll] <Trend Micro Inc.><5.58.0.1061>
[PID: 948][F:\Program Files\Trend\SProtect\StWatchDog.exe] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\TmRpcSrv.dll] <Trend Micro Inc.><5.58.0.1061>
[PID: 984][F:\Program Files\Trend\SProtect\StOPP.exe] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\LogMaster.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\LogDb.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\StCommon.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\GENKEY32.dll] <Trend Micro Inc.><1, 0, 0, 0>
[F:\Program Files\Trend\SProtect\GetRemoteVer.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\CheckEVC.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\SpTrace.dll] <Trend Micro Inc.><5.58.0.1061>
[PID: 1016][F:\Program Files\ComputerAssociates\ARCserve\jobeng.exe] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\TSI.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\CSTool.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASMBO.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASLOG.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASCORE.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ADMIN.dll] <Computer Associates International, Inc.><7.0.1200.0>
[F:\Program Files\ComputerAssociates\ARCserve\CHEYPROD.dll] <Computer Associates International, Inc.><7.0.1230.0>
[F:\Program Files\ComputerAssociates\ARCserve\ASBRDCST.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASVCTL.dll] <Computer Associates International, Inc.><7.0.1230.0>
[F:\Program Files\ComputerAssociates\ARCserve\ALBUILD.DLL] <Cheyenne Division Of Computer Associates International, Inc.><4, 0, 221, 1>
[PID: 1024][F:\Program Files\ComputerAssociates\ARCserve\msgeng.exe] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\dyncpp.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASDBAPI.DLL] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\CSTool.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASLOG.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\CATIRPC.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASCORE.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ALBUILD.DLL] <Cheyenne Division Of Computer Associates International, Inc.><4, 0, 221, 1>
[F:\Program Files\ComputerAssociates\ARCserve\asdbcli2.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crpc32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Cncp32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crm32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Cenc32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\_smem32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crdm32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Cadm32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crdbc32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\asdbnt2.dll] <Computer Associates International, Inc.><7.0.1210.0>
[F:\Program Files\ComputerAssociates\ARCserve\ASEBLOAD.DLL] <N/A><N/A>
[PID: 1100][F:\Program Files\ComputerAssociates\ARCserve\tapeeng.exe] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ADMIN.dll] <Computer Associates International, Inc.><7.0.1200.0>
[F:\Program Files\ComputerAssociates\ARCserve\CSTool.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\TAPEENG.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\CHGLIST.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\TAPELIST.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\RAWSCSI.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\MTF2CTF.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\CHANGER.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\TSI.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\TAPEERR.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\TAPEUTIL.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\RAID.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\SETUPRD.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\VALIDATE.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASLOG.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ALBUILD.DLL] <Cheyenne Division Of Computer Associates International, Inc.><4, 0, 221, 1>
[F:\Program Files\ComputerAssociates\ARCserve\CHEYPROD.dll] <Computer Associates International, Inc.><7.0.1230.0>
[F:\Program Files\ComputerAssociates\ARCserve\ASBRDCST.dll] <N/A><N/A>
[C:\CA_LIC\lic98.dll] <Computer Associates><00.27>
[F:\Program Files\ComputerAssociates\ARCserve\ASDBAPI.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\asdbcli2.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crpc32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Cncp32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crm32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Cenc32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\_smem32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crdm32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Cadm32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\Crdbc32.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\asdbnt2.dll] <Computer Associates International, Inc.><7.0.1210.0>
[PID: 1116][F:\Program Files\ComputerAssociates\ARCserve\casmrtbk.exe] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\CHEYPROD.dll] <Computer Associates International, Inc.><7.0.1230.0>
[F:\Program Files\ComputerAssociates\ARCserve\ASBRDCST.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASDCEN.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\cstool.dll] <N/A><N/A>
[PID: 1156][C:\Program Files\Symantec\pcAnywhere\awhost32.exe] <Symantec Corporation><10.5.1.505>

efdff - 2006-9-25 10:12:00

[C:\Program Files\Symantec\pcAnywhere\Util.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\InstData.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL] <Symantec Corporation><15.0.0.14>
[C:\Program Files\Symantec\pcAnywhere\AWSES32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awofrwrk.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awio.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\dundata.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\PowerMgr.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awgui32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AWDS32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awcm32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\crypto.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awtime32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\pcaime.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AWHXPRB.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AWHPROBEDLL.dll] <Symantec Corporation><10.5.2.520>
[C:\Program Files\Symantec\pcAnywhere\TrayIcon.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AWDSP32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awcp.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\IMPLODE.DLL] <PKWare><1, 0, 0, 1>
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awRes-all.dll] <Symantec Corporation><10.5.1.505>
[F:\Program Files\Common Files\Symantec Shared\ehandres.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\awres-host.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AwioResources.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL] <Symantec Corporation><10.5.2.520>
[C:\Program Files\Symantec\pcAnywhere\awlog32.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\snmputil.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\libsnmp.dll] <Symantec Corporation><10.5.1.505>
[C:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL] <Symantec Corporation><10.5.2.520>
[C:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL] <Symantec Corporation><10.5.1.505>
[PID: 1192][F:\WINNT\system32\Dfssvc.exe] <Microsoft Corporation><5.00.2195.6664>
[PID: 1268][F:\Program Files\Altium Designer\DXPSecurityService.exe] <N/A><N/A>
[PID: 1312][F:\Program Files\Trend\SProtect\EarthAgent.exe] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\AgentClient.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\TmUpdate.dll] <Trend Micro Inc.><1,81,0,1011>
[F:\Program Files\Trend\SProtect\StRpcCln.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\SpTrace.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\StCommon.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\GENKEY32.dll] <Trend Micro Inc.><1, 0, 0, 0>
[F:\Program Files\Trend\SProtect\GetRemoteVer.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\CheckEVC.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\SpnwClient.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\TmRpcSrv.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\NOTIFICATION.dll] <Trend Micro Inc.><5.58.0.1061>
[F:\Program Files\Trend\SProtect\TMNotify.dll] <Trend Micro Inc.><1.0.0.1022>
[F:\Program Files\Trend\SProtect\TMReg.dll] <Trend Micro Inc.><1.0.0.1007>
[F:\Program Files\Trend\SProtect\loadhttp.dll] <Trend Micro Inc.><1.32.0.1018>
[F:\Program Files\Trend\SProtect\TMCrypt.dll] <Trend Micro Inc.><1.0.0.1007>
[F:\Program Files\Trend\SProtect\tmeng.dll] <Trend Micro Inc.><6.800-1034>
[F:\Program Files\Trend\SProtect\CheckSecurityPatch.dll] <Trend Micro Inc.><5.58.0.1061>
[PID: 1344][F:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[f:\winnt\system32\acss.dll] <LINKMEDIA Tech><1, 5, 0, 4>
[f:\winnt\system32\nwsapagent.dll] <LINKMEDIA Tech><1, 5, 0, 4>
[PID: 1368][F:\Program Files\flexnet\i486_nt\obj\lmgrd.exe] <Macrovision Corporation><10, 8, 0, 7>
[PID: 1384][F:\Program Files\flexnet\i486_nt\obj\lmgrd.exe] <Macrovision Corporation><10, 8, 0, 7>
[PID: 1392][F:\Program Files\Autodesk Network License Manager\lmgrd.exe] <Macrovision Corporation><9, 2, 2, 0>
[PID: 1412][F:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.7021>
[PID: 1440][F:\WINNT\LogWatNT.exe] <N/A><N/A>
[C:\CA_LIC\lic98.dll] <Computer Associates><00.27>
[PID: 1472][F:\WINNT\system32\ntfrs.exe] <Microsoft Corporation><5.00.2195.6709>
[PID: 1536][F:\Program Files\flexnet\i486_nt\obj\ptc_d.exe] <N/A><N/A>
[PID: 1552][F:\Program Files\Autodesk Network License Manager\adskflex.exe] <Autodesk, Inc.><9, 2, 2, 0>
[PID: 1592][C:\OFC\PCCSRV\web\service\ofcservice.exe] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\OfcNotifyQueue.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\LogAgent.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\Pwd.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\CGIShare.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\VSAPI32.dll] <Trend Micro Inc.><7.510-1002>
[C:\OFC\PCCSRV\web\service\tmu.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\DZIP32.dll] <Inner Media, Inc.><3.00.15>
[C:\OFC\PCCSRV\web\service\loadhttp.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\TimeString.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\ofcCheckClient.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>
[C:\OFC\PCCSRV\web\service\ofcDownload.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\ofcNotify.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\TMNotify.dll] <Trend Micro Inc.><1, 0, 0, 0>
[C:\OFC\PCCSRV\web\service\OfcShare.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\CGIResUTF8.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\ofcPurgeLog.dll] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\web\service\wtclog.dll] <Trend Micro Inc.><1, 0, 0, 1>
[C:\OFC\PCCSRV\web\service\HCcommon.dll] <Trend Micro Inc.><5.70.0.1080>
[C:\OFC\PCCSRV\web\service\tmeng.dll] <Trend Micro Inc.><7.500-1001>
[C:\OFC\PCCSRV\web\service\CmdHOConsole.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\OfcPfwCommon.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\ZLib.dll] <Trend Micro Inc.><1.31.0.1708>
[C:\OFC\PCCSRV\web\service\LogCache.dll] <N/A><N/A>
[C:\OFC\PCCSRV\web\service\CGIOCommon.dll] <N/A><N/A>
[C:\OFC\PCCSRV\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>
[C:\OFC\PCCSRV\web\service\CGIRes.dll] <N/A><N/A>
[C:\OFC\PCCSRV\Web\Service\TmUpdate.dll] <Trend Micro Inc.><2,6,0,1367>
[C:\OFC\PCCSRV\web\service\CmdHLClient.dll] <N/A><N/A>
[PID: 1644][F:\Program Files\ComputerAssociates\BAOF\Ofant.exe] <Computer Associates International, Inc.><7, 0, 0, 522>
[C:\CA_LIC\lic98.dll] <Computer Associates><00.27>
[PID: 1600][F:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1744][F:\WINNT\System32\locator.exe] <Microsoft Corporation><5.00.2195.6619>
[PID: 1768][F:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 1860][F:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 1892][C:\OFC\PCCSRV\Web\Service\DbServer.exe] <Trend Micro Inc.><7.0.0.1077>
[C:\OFC\PCCSRV\Web\Service\ZLib.dll] <Trend Micro Inc.><1.31.0.1708>
[C:\OFC\PCCSRV\Web\Service\tmeng.dll] <Trend Micro Inc.><7.500-1001>
[C:\OFC\PCCSRV\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>

efdff - 2006-9-25 10:12:00

[PID: 1904][F:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[F:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserve\ASHELL.DLL] <Computer Associates International, Inc.><7.0.1200.0>
[F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300>
[PID: 1912][F:\WINNT\System32\wins.exe] <Microsoft Corporation><5.00.2195.7005>
[PID: 1928][F:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1972][F:\WINNT\System32\dns.exe] <Microsoft Corporation><5.00.2195.6715>
[PID: 1988][F:\WINNT\System32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984>
[PID: 2044][F:\WINNT\System32\ismserv.exe] <Microsoft Corporation><5.00.2195.6684>
[PID: 2056][F:\WINNT\System32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3>
[PID: 2288][F:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] <Microsoft Corporation><9.107.5512.0>
[PID: 2756][F:\Program Files\ComputerAssociates\ARCserveITDS\asdscsvc.exe] <Computer Associates><6, 6, 0, 777>
[F:\Program Files\ComputerAssociates\ARCserveITDS\ASBrdCst.Dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserveITDS\CHEYPROD.dll] <N/A><N/A>
[F:\Program Files\ComputerAssociates\ARCserveITDS\cstool.dll] <N/A><N/A>
[PID: 2776][F:\Program Files\ComputerAssociates\ARCserveITDS\Liccheck.exe] <N/A><N/A>
[C:\CA_LIC\lic98.dll] <Computer Associates><00.27>
[PID: 2912][F:\WINNT\system32\rundll32.exe] <Microsoft Corporation><5.00.2134.1>
[F:\WINNT\system32\sdmAgent22.dll] <LINKMEDIA Tech><1, 5, 0, 7>
[PID: 2928][F:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 2684][F:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 3036][F:\Program Files\ShutDownPro\ShutDownPro.exe] <ShutDownPro><1.1.3.8>
[PID: 3064][F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe] <Microsoft Corporation><1.00.0509>
[PID: 2784][F:\WINNT\system32\mmc.exe] <Microsoft Corporation><5.00.2195.7102>
[PID: 2996][F:\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[F:\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>
[PID: 2008][F:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692>

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["F:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider

==================================

efdff - 2006-9-25 14:33:00

顶上去

efdff - 2006-9-26 12:06:00

顶

efdff - 2006-9-27 14:10:00

efdff - 2006-9-28 7:59:00

efdff - 2006-9-29 16:56:00

efdff - 2006-9-30 8:21:00

战神︻┻┳═一 - 2006-9-30 10:56:00

ARCserve\VALIDATE.dll]
\..........
\..........?????????????????????
DXPSecurityService.exe这些都是什么东西你的机子好乱哦

战神︻┻┳═一 - 2006-9-30 11:06:00

要卸载 ARCserve 6.5 ：
1. 运行 ARCserve 卸载实用工具。
2. 启动注册表编辑器 (Regedt 32), 并确保已删除以下项：

ARCserve HKEY 软件
HKEY DiscoveryImplementationList 软件
CurrentControlSet HKEY / 系统 / 服务 ASDBEngine
CurrentControlSet HKEY / 系统 / 服务 ASDiscoverySvc
CurrentControlSet HKEY / 系统 / 服务 ASJobEngine
CurrentControlSet HKEY / 系统 / 服务 ASMsgEngine
CurrentControlSet HKEY / 系统 / 服务 ASTapeEngine
CurrentControlSet HKEY / 系统 / 服务 cheysaq
CurrentControlSet HKEY / 系统 / 服务 / Cheyenne 警报通知服务器

备注：如果已安装数据迁移选项, 然后删除以下项：

CurrentControlSet HKEY / 系统 / 服务 CheyenneDME
CurrentControlSet HKEY / 系统 / 服务 CheyenneDMP
CurrentControlSet HKEY / 系统 / 服务 CheyenneDMSHEXT
CurrentControlSet HKEY / 系统 / 服务 CheyenneFSM

3. Winnt\System 32 目录中关闭以下文件的只读属性，然后删除它们：

CHEYPROD.DLL
CSTOOL.DLL
ASBRDCST.DLL
CHEYSAQ.EXE
ASDSCSVC.EXE
4. 重新启动计算机, 并进行任何 ARCserve 错误然后检查事件查看器。

本文中讨论的第三方产品由程序是独立于 Microsoft 公司制造。 Microsoft 使任何默示或其他, 形式不保证, 有关性能或可靠性对这些产品。

有关如何联系 ComputerAssociates, 请单击下面列表中相应的文章编号以查看 Microsoft 知识库中相应：
65416 (http://support.microsoft.com/kb/65416/EN-US/) 第三方硬件和软件供应商联系人列表 A-K

60781 (http://support.microsoft.com/kb/60781/EN-US/) 第三方硬件和软件供应商联系人列表 L-P

60782 (http://support.microsoft.com/kb/60782/EN-US/) 第三方硬件和软件供应商联系人列表 Q-Z

瑞星卡卡安全论坛