启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<QQNetbar><E:\Tencent\QQNetBar\QQNetBar.exe> [腾讯科技(深圳)有限公司]
<Ted><C:\WINNT\Ted\Client.exe> []
<Tray><C:\WINNT\command\rundll32.exe> []
<zt><C:\WINNT\Intel\rundll32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{C54B4AFB-7A2A-6C3E-BA4D-C20F0294B724}><C:\WINNT\system32\temp4.dll> []
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<SysTime><C:\PROGRA~1\winkld\winkld.dll> [www.88dog.com]
<webwork><C:\WINNT\webwork\webwork.dll> [MSWebwork Cop.]
<themeadp><C:\WINNT\system32\themeadp.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll> []
==================================
启动文件夹
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk><N>
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINNT\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINNT\system32\ati2sgag.exe><>
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[GrayPigeonServer / GrayPigeonServer]
<C:\WINNT\G_Server2006.exe><N/A>
[JMediaService / JMediaService]
<C:\WINNT\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[NDClient / NDClient]
<C:\Program Files\Rainsoft\NetDetective\NDClient.exe><Rainsoft Company>
[NDUpgrade / NDUpgrade]
<C:\Program Files\Rainsoft\NetDetective\NDUpgrade.exe><Rainsoft Company>
[NetDetective / NetDetective]
<C:\Program Files\Rainsoft\NetDetective\NetDetective.exe><Rainsoft Company>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[StdService / StdService]
<C:\WINNT\system32\rundll32.exe C:\WINNT\System32\STDSVER.DLL,Service><N/A>
[WbemCtrl / WbemCtrl]
<C:\Program Files\Rainsoft\NetDetective\WbemCtrl.exe><上海雨人软件开发有限公司>
[winaua / winaua]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aua\aua.exe -R><N/A>
[WintUPp / WintUPp]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wt\wt.exe -R><N/A>
==================================
浏览器加载项
[IExpress]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINNT\system32\iexpress.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, N/A>
[QQBrowserHelper
Object Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <e:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINNT\SYSTEM32\stdup.dll, MStdup Co Ltd.>
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINNT\Downloaded Program Files\barhelp24.0.dll, HDT, Inc.>
[免费精彩视频超流畅在线观看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[LoadSQL]
{0713E8D2-850A-101B-AFC0-4210102A8DA7} <http://loadsql.126.com, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[酷热影音]
{7D73FF86-05F1-39ed-C850-A423120EC338} <www.kuree.com/index.htm?id=00011001, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <e:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[天下搜索]
{56A7DC70-E102-4408-A34A-AE06FEF01586} <, N/A>
[PP Control]
{7005341F-8E42-47E3-987B-3DBE6288048C} <C:\WINNT\DOWNLO~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[AxReader Class]
{B7E69D85-E810-468E-8BC8-83668F4CFA12} <C:\WINNT\Downloaded Program Files\RsAxReader.dll, 上海雨人软件开发有限公司>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[PubwinKey Control]
{C701A35F-761C-4E95-BF98-2F5E16C3AD5D} <C:\DOCUME~1\ADMINI~1\桌面\屗\PUBWIN~1.OCX, N/A>
[CPasswordEditCtrl
Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[VqqSpeedDlProxy Class]
{F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, Tencent>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINNT\Downloaded Program Files\pCastCtl.dll, >
[ >> 彩信发送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[上传到QQ网络硬盘]
<F:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<F:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\qq\SendMMS.htm, N/A>
