启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <AtiPTA><Atiptaxx.exe>  [(Verified)ATI Technologies, Inc.]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]

==================================
启动文件夹
[安徽铁通宽带拨号软件]
  <D:\Documents and Settings\Administrator\「开始」菜单\程序\启动\安徽铁通宽带拨号软件.lnk --> D:\PROGRA~1\安徽铁~1\HelloNet.exe [HelloNet]><N>

服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <D:\WINNT\system32\ati2evxx.exe><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Infrared Monitor / Irmon][Others/Auto Start]
  <D:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\irmon.dll><N/A>
[TNS Servers  / Service49773][Stopped/Auto Start]
  <D:\WINNT\lm\SCHVOTS.EXE><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ALi Infrared Device Driver / ALiIRDA][Running/Manual Start]
  <system32\DRIVERS\alifir.sys><Acer Labs Inc>
[ati2mpab / ati2mpab][Stopped/Manual Start]
  <system32\DRIVERS\ati2mpab.sys><ATI Technologies Inc.>
[atirage3 / atirage3][Running/Manual Start]
  <system32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
  <system32\DRIVERS\brpppoe.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100bnt5.sys><Intel Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\软件\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sony Memory Stick Driver(SONYPVM1) / SONYPVM1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SONYPVM1.SYS><Sony Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\软件\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <C:\软件\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\软件\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\软件\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\软件\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\D:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\D:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 220][D:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [D:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 232][D:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 384][D:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 428][D:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 260][D:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
[PID: 548][D:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 584][D:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 660][D:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 740][D:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
[PID: 764][D:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 884][D:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 832][D:\Program Files\安徽铁通宽带拨号软件\HNMainUI.exe]  [N/A, 2, 3, 0, 1]
    [D:\Program Files\安徽铁通宽带拨号软件\HNKernel.dll]  [HelloNet, 2.2.0.1]
    [D:\Program Files\安徽铁通宽带拨号软件\HNUtils.dll]  [N/A, 2, 2, 0, 1]
    [D:\Program Files\安徽铁通宽带拨号软件\HNRes_0804.dll]  [N/A, 2, 2, 0, 1]
    [D:\Program Files\安徽铁通宽带拨号软件\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
[PID: 1204][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
[PID: 792][D:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [D:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [D:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [D:\WINNT\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 996][D:\工具\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  Error. [D:\WINNT\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [D:\WINNT\hh.exe %1]
.HLP  Error. [D:\WINNT\winhlp32.exe %1]
.INI  Error. [D:\WINNT\NOTEPAD.EXE %1]
.INF  Error. [D:\WINNT\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

HOSTS 文件
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script LANGUAGE="JavaScript">
<!--
if (window != top)
top.location.href = location.href;
// -->
</script>
<title>Site Unavailable</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
body{text-align:center;}
.geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
.geohead #geologo {width:270px;display:block; float:left; }
.geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
.geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
.geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
.ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
.bodywrap{display:block;height:470px;}
.bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
.title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
.adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
.adcnt td {text-align:left;}
.adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
.ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
.ybadge img {margin-top:6px;}
.adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
.adttl{font-weight:bold;margin-bottom:3px;}
.addescr{color:#6b6b6b; margin-bottom:3px;}
.adlink a {color:#008200; text-decoration:none;}
</style>
</head>
<body>
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE -->
<div id="maincnt">
<div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
<div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
</div></div>
<div class="bodywrap">
<div class="bodycnt">
<div class="title">Sorry, this GeoCities site is currently unavailable.</div>
<p>The GeoCities web site you were trying to view has temporarily exceeded its  data transfer limit. Please try again later. </p>
<p>Are you the site owner?
Avoid service interruptions in the future by increasing your data transfer limit!
<a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>
<p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
</div>
<div class="adcnt">
<a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
<div class="adsubt">SPONSORED LINKS</div>
<!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
<div class="adtable">
<div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>
$25 Setup Waived</a></div>
<div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
<div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
</div>
<div class="adtable">
<div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
<div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
<div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
</div>
<div class="adtable">
<div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
<div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
<div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
</div>
<div class="adtable">
<div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
<div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
<div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
</div>
<div class="ybadge">
Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
<a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
</div>
</div>
</div>
<div class=ftr>
<hr size=1 width=100%>
Copyright ©
2005 Yahoo! Inc. All rights reserved<br>
<a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
- <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
- <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
- <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
- <a href="http://help.yahoo.com/help/us/geo/">Help</a>
</div>
</div>
</body>
</html>
<!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
<IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1165573382&f=us-w64" ALT=1 WIDTH=1 HEIGHT=1>