HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll
+ DAEMON Tools-2052Virtual DAEMON ManagerDAEMON'S HOMEd:\program files\d-tools\daemon.exe
+ HuaShanTGEKBDPS2c:\program files\联想\联想键盘驱动\ps2kbdriver.exe
+ IMJPMIG8.1File not found: ;
+ NvCplDaemonNVIDIA Taskbar Utility LibraryNVIDIA Corporationc:\windows\system32\nvqtwk.dll
+ PHIME2002AFile not found: ;
+ PHIME2002ASyncFile not found: ;
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe
+ TkBellExeFile not found: ;
+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe
+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravstub.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ MSMSGSFile not found: ;
HKLM\System\CurrentControlSet\Services
+ NVSvcNVIDIA Driver Helper Service, Version 15.20NVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe
+ TGECardReaderMgrHost.2TGELogonSrv Microsoft 基础类应用程序c:\program files\联想\联想键盘驱动\tgesrvlogon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
+ DragSearchDragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll
+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864File not found: C:\WINDOWS\web\related.htm
+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1
+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司c:\documents and settings\user_father\my documents\hfgame3\gameclient.exe
+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns
+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 上网助手File not found: http://assistant.3721.com/index.htm?fb=Cns
+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=U_emule_90050
+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns
+ 寻宝乐趣多File not found: http://hot.3721.com/rd/shop_btn.htm
Task Scheduler
+ Symantec NetDetect.jobSymantec NetDetectSymantec Corporationc:\program files\symantec\liveupdate\ndetect.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ NVDESK32.DLLNVIDIA Desktop Manager Hook LibraryNVIDIA Corporationc:\windows\system32\nvdesk32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ ZGNotifyTGELogonSrv Microsoft 基础类应用程序c:\windows\mynotification.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\FIFASC~1.SCR32 Bit ScreenTime Screen Saver EngineMacSourceryc:\windows\fifa screen saver.scr
