防毒軟體TREND MICRO OFFICE SCAN
更新完後,只能安全模式上網
是PROXY被變更了嗎?
---------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 下午 02:45:03, on 2007/7/24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 把σ戈 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: OfficeScan NT 即時掃瞄 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
--------------------------------------------------------------------------------------------------
複製程式
2007-07-24,16:36:22
System Repair Engineer 2.4.12.806
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600) - Not in Administrators Group - Restricted Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation]
<OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow> [(Verified)"Trend Micro, Inc."]
<Matrox Powerdesk><C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch> [(Verified)Microsoft Windows Publisher]
<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[DameWare Mini Remote Control / DWMRCS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><DameWare Development>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HP Port Resolver / HP Port Resolver][Stopped/Manual Start]
<C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE><Hewlett-Packard Company>
[HP Status Server / HP Status Server][Stopped/Manual Start]
<C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE><Hewlett-Packard Company>
[MGABGEXE / MGABGEXE][Running/Auto Start]
<C:\WINDOWS\System32\mgabg.exe><Matrox Graphics Inc.>
[OfficeScan NT 即時掃瞄 / ntrtscan][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"><Trend Micro Inc.>
[Outpost Firewall Service / OutpostFirewall][Running/Auto Start]
<C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service><Agnitum>
[OfficeScan NT Listener / tmlisten][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"><Trend Micro Inc.>
[OfficeScan NT Proxy Service / TmProxy][Stopped/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe"><Trend Micro Inc.>
==================================
Drivers
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Outpost Firewall PlugIn (CONTENT.DLL) / CONTENT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL><Agnitum>
[CO_Mon / CO_Mon][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\CO_Mon.sys><N/A>
[Outpost Firewall PlugIn (DNSCACHE.DLL) / DNSCACHE.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL><Agnitum>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[Outpost Firewall PlugIn (FTPFILT.DLL) / FTPFILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL><Agnitum>
[G400 / G400][Stopped/Manual Start]
<System32\DRIVERS\G400m.sys><Matrox Graphics Inc.>
[G400DH / G400DH][Running/Manual Start]
<System32\DRIVERS\g400dhm.sys><Matrox Graphics Inc.>
[Outpost Firewall PlugIn (HTMLFILT.DLL) / HTMLFILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (HTTPFILT.DLL) / HTTPFILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL><Agnitum>
[i81x / i81x][Stopped/Manual Start]
<System32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
<System32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
<System32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
<System32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
<System32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
<System32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
<System32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
<System32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
<System32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
<System32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[Outpost Firewall PlugIn (IMAPFILT.DLL) / IMAPFILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (MAILFILT.DLL) / MAILFILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (NNTPFILT.DLL) / NNTPFILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (POP3FILT.DLL) / POP3FILT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL><Agnitum>
[Outpost Firewall PlugIn (PROTECT.DLL) / PROTECT.DLL][Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL><Agnitum>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[tmcomm / tmcomm][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[Trend Micro Filter / TmFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[Trend Micro TDI Driver / tmtdi][Running/System Start]
<system32\DRIVERS\tmtdi.sys><Trend Micro Incorporated.>
[Outpost Firewall Kernel Driver / VFILT][Running/System Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS><Agnitum>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[@C:\Program Files\Messenger\Msgslang.dll,-61144]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[匯出至 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
Running Processes
[PID: 1072][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\PDesk\PDKERNEL.DLL] [Matrox Graphics Inc., 6.93.009]
[C:\WINDOWS\system32\PDesk\PDTOOLS.DLL] [Matrox Graphics Inc., 6.93.009]
[C:\WINDOWS\system32\PDesk\PDRESENG.DLL] [Matrox Graphics Inc., 6.93.009]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1108][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2104][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 2112][C:\WINDOWS\System32\PDesk\PDesk.exe] [Matrox Graphics Inc., 6.93.009]
[C:\WINDOWS\system32\PDesk\PDTOOLS.DLL] [Matrox Graphics Inc., 6.93.009]
[C:\WINDOWS\system32\PDesk\PDRESENG.DLL] [Matrox Graphics Inc., 6.93.009]
[PID: 2128][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2184][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 5.0.0482]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 3420][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINDOWS\system32\vb6cht.dll] [Microsoft Corporation, 6.00.8988]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINDOWS\system32\vb6cht.dll] [Microsoft Corporation, 6.00.8988]
[C:\WINDOWS\system32\msstdfmt.dll] [Microsoft Corporation, 6.01.9782]
[C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL] [Microsoft Corporation, 3.51.1608.0]
[C:\WINDOWS\system32\MSJET35.DLL] [Microsoft Corporation, 3.51.3203.0]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
