R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 172.28.128.208 IREA3NBU001
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1
\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - 启动项HKLM\\Run: [WAATService] C:\WINNT\system32\waatservice.exe -install
O4 - 启动项HKLM\\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - 启动项HKLM\\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - 启动项HKLM\\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - 启动项HKLM\\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - 启动项HKLM\\Run: [RascAgent] C:\WINNT\rascAgnt.exe
O4 - 启动项HKLM\\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - 启动项HKLM\\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - 启动项HKLM\\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1
\pwrmonit.dll,StartPwrMonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
/WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\System32\DrvMon.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office
Communicator\Communicator.exe"
O4 - Startup: desktop.ini
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program
Files\Connected\CBSysTray.exe
O4 - Global Startup: desktop.ini
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1
\mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program
Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program
Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1
\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} -
C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O14 - IERESET.INF: START_PAGE_URL=
about:blank
O14 - IERESET.INF: MS_START_PAGE_URL=
about:blank
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O15 - “受信任的站点”中添加项: http://myfactory.pd.intel.com
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://asktech.intel.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {05DA0521-0B6B-458C-BFB1-1EFEF1F3C8FF} (SSOClientAgent Class) -
http://www.segame.com/common/SEGAme.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -
https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {0D9872E2-954F-442A-8998-9666815033EB} (WMMMsg.Messages) -
http://wmm.patch.intel.com/activex/WMMMsg.CAB
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) -
http://testdirector.intel.com/qcbin/Spider80.ocx
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) -
http://pdspwsweb001/crystalreportviewers/activeXViewer/activexviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) -
http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} (Kuaiso Toolsbar) -
http://www.kuaiso.com/toolsbar/Kuaiso.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} -
https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) -
http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control
10.0) - http://pdsce001/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
O16 - DPF: {BF7BBBC3-0CE8-4A06-BAE6-A1D582172521} (PortalCache Class) -
http://myfactory.pd.intel.com/clientdistribution/eats/PortalConfigCache.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) -
http://pdmars.pd.intel.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) -
http://download.ourgame.com/IEDown4.cab
O16 - DPF: {D0ACA121-DC43-49C1-A78E-431CCE43B53D} (WMIAsset.MyAsset) -
http://assetdirect.intel.com/WMIComponent/WMIAsset.CAB
O16 - DPF: {E6BBB867-EA6C-437C-9D07-6152D7228AA6} (CNBEnv.CNBProj) -
http://clientbackup.intel.com/cnb/CNBEnv.CAB
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) -
http://218.85.138.27/vqqsdl.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) -
http://www.linkedin.com/cab/wabctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccr.corp.intel.com
O17 - HKLM\Software\..\Telephony: DomainName = ccr.corp.intel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccr.corp.intel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 172.16.1.11 172.16.16.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ccr.corp.intel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 172.16.1.11 172.16.16.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 172.16.1.11 172.16.16.12
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINNT\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1
\WinKld\WinKld.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} -
C:\WINNT\webwork\webwork.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINNT\system32
\themeadp.dll
O21 - SSODL: MediaCheck - {D1F73845-4BAB-4061-A46B-FCF7ECC19217} - C:\PROGRA~1
\Kuree\MService.dll
O23 - NT 服务: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program
Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - NT 服务: Access Connections Main Service (AcSvc) - Lenovo - C:\Program
Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - NT 服务: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program
Files\Connected\AgentSrv.EXE
O23 - NT 服务: ISS Agent Service (ApexAgent) - Intel Corporation - C:\Program
Files\Apex\ApexAgnt.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - NT 服务: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix
Enterprise\BES Client\BESClient.exe
O23 - NT 服务: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network
ICE\BlackICE\blackd.exe
O23 - NT 服务: SMS Agent Assistant (ccmhelp) - Unknown owner - C:\WINNT\system32
\INTELMAA\ccmhlp32.exe
O23 - NT 服务: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32
\ibmpmsvc.exe
O23 - NT 服务: Intel(R) NetStructure(TM) VPN Client (ICService) - Unknown owner -
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
O23 - NT 服务: LANDesk? Instant Support Client Service (ISSUSER) - LANDesk Software, Inc.
- C:\PROGRA~1\Intel\INSTAN~1\issuser.exe
O23 - NT 服务: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. -
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - NT 服务: Network Associates McShield (McShield) - Network Associates, Inc. -
C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - NT 服务: Network Associates Task Manager (McTaskManager) - Network Associates, Inc.
- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - NT 服务: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - NT 服务: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92
\bin\omtsreco.exe
O23 - NT 服务: OracleoraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - NT 服务: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network
ICE\BlackICE\RapApp.exe
O23 - NT 服务: Terminus Agent (RasC) - Intel Corporation - C:\WINNT\rasc.exe
O23 - NT 服务: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -
C:\WINNT\system32\S24EvMon.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog
Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software -
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - NT 服务: WinWrCup - MsWinCup - C:\WINNT\wincup\wincup.exe
O23 - NT 服务: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1
\Xpoint\xpadmin\xpadmin.exe
O23 - NT 服务: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1
\Xpoint\agent\Xpagent.exe
