自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WinampAgent = rem "C:\Program Files\Winamp\Winampa.exe"
SoundMan = SOUNDMAN.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
helper.dll = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
yahoo_mini = C:\Program Files\3721\Dlaccel\YDownloader.exe
YLive.exe = C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
yassistse = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system
HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll = C:\WINDOWS\System32\ctfmon.exe
shell32.dll = C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\RavExt.dll= Rising Execute File Exts hook
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\System32\webcheck.dll
SysTray = C:\WINDOWS\System32\st
object.dll
DLMon = C:\WINDOWS\System32\DLMain.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\System32\browseui.dll= Browseui 预加载程序
%SystemRoot%\System32\browseui.dll= 组件类别缓存程序
SYSTEM.INI BOOT SHELL Explorer.exe
SYSTEM.INI BOOT SCRNSAVE.EXE C:\WINDOWS\System32\logon.scr
其他相关项
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search searchassistant ----> http://seek.yisou.com/srchasst.htm
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search CustomizeSearch ----> http://seek.yisou.com/srchcust.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> yao
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> yao
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> KB3999521.LOG
Hosts
127.0.0.1 localhost
进程列表
[System Process]
System
CCenter.exe
RavMonD.exe
RFWSRV.EXE
RavStub.exe
RfwMain.exe
atiptaxx.exe (Made by ATI Technologies, Inc.)
SOUNDMAN.EXE (Made by Realtek Semiconductor Corp.)
realsched.exe
YDownloader.exe
YLIVE.EXE
RavTask.exe
RavMon.exe
AdskScSrv.exe
CDAC11BA.EXE
DHCORE.EXE
IEXPLORE.EXE
IEXPLORE.EXE
SMSS.EXE
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
EXPLORER.EXE
rundll32.exe
CTFMON.EXE
ALG.EXE
rundll32.exe
wdfmgr.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
RavDetect.exe
进程详细信息
rundll32.exe
C:\WINDOWS\KB3999521.LOG
C:\WINDOWS\SYSTEM32\stdup.dll
C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll
IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll (made by Yahoo)
C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll
C:\WINDOWS\System32\AcSignIcon.dll (made by Autodesk)
C:\WINDOWS\System32\xunleibho_v3.dll
C:\WINDOWS\System32\wint\wint.dll
rundll32.exe
C:\WINDOWS\system32\STDSVER.DLL
CDAC11BA.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE (made by Macrovision)
AdskScSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (made by Autodesk, Inc.)
RavMon.exe
C:\WINDOWS\TEMP\84.dll
SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE (made by Realtek Semiconductor Corp.)
EXPLORER.EXE
C:\Program Files\WinRAR\rarext.dll
