HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\explore.exec:\windows\system32\explore.exe
+ C:\WINDOWS\system32\internt.exeFile not found: C:\WINDOWS\system32\internt.exe
+ C:\WINDOWS\system32\Launcher.exec:\windows\system32\launcher.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ HP Software UpdateHewlett-Packard Product AssistantHewlett-Packard Co.c:\program files\hp\hp software update\hpwuschd2.exe
+ NeroFilterCheckNeroCheckNero AGc:\program files\common files\ahead\lib\nerocheck.exe
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ nwizNVIDIA nView Wizard, Version 110.14 NVIDIA Corporationc:\windows\system32\nwiz.exe
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising RavStubBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravstub.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+ CheckFaultKernelc:\windows\system32\mswdm.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ Super Rabbit IEProFile not found: C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0File not found:
About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop ExplorerNVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ NeroDigitalIconHandlerNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandlerNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll
+ NvCpl DesktopContext ClassNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Play on my TV helperNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler ClassNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll
Task Scheduler
+ DDD_Uninstall_Program.jobFile not found: C:\WINDOWS\Temp\rep.exe
HKLM\System\CurrentControlSet\Services
+ ewido anti-spyware 4.0 guardewido anti-spyware guardAnti-Malware Development a.s.d:\新建文件夹 (2)\ewido-www.jz5u.com\ewido anti-spyware 4.0+3.0\ewido anti-spyware 4.0\guard.exe
+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ Remote SQL在局域网以及广域网环境中为企业提供路由服务。File not found: C:\WINDOWS\system32\su.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
+ sfrem01This service will automatically uninstall SF FrontLine drivers when you don't need them anymore to launch any applications used them. After uninstalling the drivers, the service will also uninstall itself. If an application requires SF FrontLine drivers, the drivers, as well as this service, will be reinstalled. This service isn't constantly operating, and doesn't use memory. It is launched automatically on operational system start and unloads itself from memory after completing all tasks described above. To view information on SF FrontLine drivers, or to uninstall drivers manually, visit http://www.star-force.com/protection/users/.Protection Technology (StarForce)c:\windows\system32\sfrem01.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ cdnprot中国互联网络信息中心(CNNIC)c:\windows\system32\drivers\cdnprot.sys
+ dtscsic:\windows\system32\drivers\dtscsi.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.c:\program files\tencent\qq\npkcrypt.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 82.65 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ pacdcacmPanasonic Mobilephone Connectivity Device 1.0Panasonic c:\windows\system32\drivers\pacdcacm.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ SecdrvSafeDisc driverMacrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.c:\windows\system32\drivers\secdrv.sys
+ sfdrv01StarForce Protection Environment DriverProtection Technologyc:\windows\system32\drivers\sfdrv01.sys
+ sfdrv01aFrontLine Environment DriverProtection Technology (StarForce)c:\windows\system32\drivers\sfdrv01a.sys
+ sfhlp02FrontLine Helper DriverProtection Technology (StarForce)c:\windows\system32\drivers\sfhlp02.sys
+ sfsync02StarForce Protection Synchronization DriverProtection Technologyc:\windows\system32\drivers\sfsync02.sys
+ sfsync04FrontLine Synchronization DriverProtection Technology (StarForce)c:\windows\system32\drivers\sfsync04.sys
+ sptdc:\windows\system32\drivers\sptd.sys
+ vaxscsiSCSI miniportAlcohol Soft Co., Ltd.c:\windows\system32\drivers\vaxscsi.sys
+ vcddevVirtual Native Network DriverVNN B.J.c:\windows\system32\drivers\vcdvnic.sys
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSTCP ProviderMFCDLLc:\windows\system32\wshcon32.dll
+ MSTCPChain ProviderMFCDLLc:\windows\system32\wshcon32.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ LIDIL Language MonitorLanguageMonitorHewlett-Packard Companyc:\windows\system32\hpzll3xu.dll
是这个吗?
