HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + 360Safebox 360保险箱 360安全中心 c:\program files\360\360safebox\safeboxtray.exe + 360Safetray 360安全卫士实时保护模块 360安全中心 c:\program files\360\360safe\safemon\360tray.exe + Google IME Autoupdater Google Pinyin Network Daemon Google Inc. c:\program files\google\google pinyin\googlepinyindaemon.exe + HDAudDeck HDeck MFC Application VIA Technologies, Inc. c:\program files\via\viaudioi\hdadeck\hdeck.exe + runeip RSTray Beijing Rising Information Technology Co., Ltd. c:\program files\rising\antispyware\rstray.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce C:\Documents and Settings\All Users\「开始」菜单\程序\启动 C:\Documents and Settings\Administrator\「开始」菜单\程序\启动 + QQ游戏启动加速程序.lnk QQ游戏 深圳市腾讯计算机系统有限公司 c:\program files\腾讯游戏\qqgame\accel.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run + aliim AliWangWang Alibaba software (Shanghai) Corporation. f:\ghost\aliim.exe + PPS Accelerator PPS 网络加速器 PPStream Inc e:\ppstream\ppsap.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Classes\Protocols\Filter HKLM\SOFTWARE\Classes\Protocols\Handler HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 没有发现文件: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + Eset Smart Security - Context Menu Shell Extension Shell Extension ESET f:\ghost\shellext.dll + OpenFolder 阿里旺旺发送文件辅助模块. Alibaba software (Shanghai) Corporation. f:\ghost\aliimext.dll + WinRAR c:\program files\winrar\rarext.dll HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + Eset Smart Security - Context Menu Shell Extension Shell Extension ESET f:\ghost\shellext.dll + WinRAR c:\program files\winrar\rarext.dll HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + WinRAR c:\program files\winrar\rarext.dll HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers HKCU\Software\Classes\Folder\Shellex\ColumnHandlers HKLM\Software\Classes\Folder\Shellex\ColumnHandlers HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers HKCU\Software\Microsoft\Ctf\LangBarAddin HKLM\Software\Microsoft\Ctf\LangBarAddin HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Display Panning CPL Extension 没有发现文件: deskpan.dll + Eset Smart Security - Context Menu Shell Extension Shell Extension ESET f:\ghost\shellext.dll + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll + WinRAR shell extension c:\program files\winrar\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + IEFXZ IEFXZ c:\program files\iefxz\iefxz.dll + SafeMon Class 360安全卫士实时保护模块 360.CN c:\program files\360\360safe\safemon\safemon.dll + Thunder Browser Helper XunLeiBHO Thunder Networking Technologies,LTD c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll + ThunderAtOnce Class 迅雷浏览器高级特性支持模块 Thunder Networking Technologies,LTD c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll + 卡卡上网安全助手 Rising AntiSpyware UrlFilter Module Beijing Rising Information Technology Co., Ltd. c:\windows\system32\urlfilter.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks HKLM\Software\Microsoft\Internet Explorer\Toolbar HKCU\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Extensions HKLM\Software\Microsoft\Internet Explorer\Extensions + 很快视频搜索 没有发现文件: http://www.henkuai.com/?from=iebannel + 启动UUSee 网络电视 UUPlayer c:\program files\uusee\uuseeplayer.exe Task Scheduler HKLM\System\CurrentControlSet\Services + 2B71CC7C 7946916C c:\windows\fonts\e051967c.exe + 923690FA 250399DC 没有发现文件: C:\WINDOWS\Fonts\81DCD1D8.EXE + ekrn Eset Service ESET f:\ghost\ekrn.exe HKLM\System\CurrentControlSet\Services + 360TimeProt c:\windows\system32\drivers\360timeprot.sys + AtcL002 Atheros Fast Ethernet Controller ndis miniport driver Atheros Communications, Inc. c:\windows\system32\drivers\l251x86.sys + BREGDRV 没有发现文件: C:\Downloads\BREGDRV.sys + Changer 没有发现文件: C:\WINDOWS\System32\Drivers\Changer.sys + eamon Eset file on-access scanner ESET c:\windows\system32\drivers\eamon.sys + easdrv Eset AntiStealth driver ESET c:\windows\system32\drivers\easdrv.sys + epfwtdir EPFW Filter Driver c:\windows\system32\drivers\epfwtdir.sys + i2omgmt 没有发现文件: C:\WINDOWS\System32\Drivers\i2omgmt.sys + ialm Intel Graphics Miniport Driver Intel Corporation c:\windows\system32\drivers\igxpmp32.sys + KAVBootC Kingsoft Boot Clean Kingsoft Corporation c:\windows\system32\drivers\kavbootc.sys + lbrtfdc 没有发现文件: C:\WINDOWS\System32\Drivers\lbrtfdc.sys + MACPIET c:\windows\system32\drivers\poblaobu.sys + monfilt Creative WDM Audio Driver (32-bit) Creative Technology Ltd. c:\windows\system32\drivers\monfilt.sys + PCIDump 没有发现文件: C:\WINDOWS\System32\Drivers\PCIDump.sys + PDCOMP 没有发现文件: C:\WINDOWS\System32\Drivers\PDCOMP.sys + PDFRAME 没有发现文件: C:\WINDOWS\System32\Drivers\PDFRAME.sys + PDRELI 没有发现文件: C:\WINDOWS\System32\Drivers\PDRELI.sys + PDRFRAME 没有发现文件: C:\WINDOWS\System32\Drivers\PDRFRAME.sys + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys + SafeBoxKrnl 360安全卫士 - 保险箱 360安全中心 c:\windows\system32\drivers\safeboxkrnl.sys + Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys + SiFilter Windows Accelerator Driver Silicon Image, Inc. c:\windows\system32\drivers\siwinacc.sys + TesDrvPt Kernel helper of the Tencent's game trojan killer TENCENT c:\windows\system32\tesdrvpt.sys + TesSafe TesSafe NT Driver TENCENT c:\windows\system32\tessafe.sys + VIAHdAudAddService VIA High Definition Audio Function Driver VIA Technologies, Inc. c:\windows\system32\drivers\viahduaa.sys + vmmouse VMware Pointing Device Driver VMware, Inc. c:\windows\system32\drivers\vmmouse.sys + WDICA 没有发现文件: C:\WINDOWS\System32\Drivers\WDICA.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk * 没有发现文件: autocheck HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute HKLM\System\CurrentControlSet\Control\Session Manager\Execute HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKLM\Software\Microsoft\Command Processor\Autorun HKCU\Software\Microsoft\Command Processor\Autorun HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls + kmon.dll KaKa Monitors Beijing Rising Information Technology Co., Ltd. c:\windows\system32\kmon.dll HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + igfxcui igfxdev Module Intel Corporation c:\windows\system32\igfxdev.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKCU\Control Panel\Desktop\Scrnsave.exe HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order