HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ jiahu c:\windows\system32\svchqst.exe
+ RavTask RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtask.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
C:\Documents and Settings\123\「开始」菜单\程序\启动
+ ADSL拨号王.lnk c:\program files\hellonet\hellonet.exe
+ 腾讯QQ.lnk QQ TENCENT c:\program files\tencent\qq\qq.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+ SystemRunOn c:\windows\system32\soconfig.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad
+ SysTrays c:\windows\system32\dlmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ cq.dll c:\windows\system32\cq.dll
+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Kingsoft Antivirus Menu File not found: CLSID\{F154D4A0-35C4-E1D3-A8B8-5254AB111F56}\InprocServer32
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll
+ 好看123上网精灵 超级兔子上网精灵 超级兔子 c:\program files\super rabbit\magicset\haokanbar.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ BandIE Class BaiduBar Module Baidu.com, Inc. c:\program files\baidu\bar\baidubar.dll
+ BdSearchHook Class Baidu Search Companion c:\program files\baidu\iexp\bdsrhook.dll
+ QQBrowserHelper
Object Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 c:\program files\tencent\qq\qqiehelper.dll
+ SnapFlash Class Jd2002 Module justDo Software c:\program files\common files\justdo\jd2002.dll
+ ThunderIEHelper Class xunleibho Module c:\windows\system32\xunleibho_v5.dll
+ 超级兔子上网精灵 超级兔子上网精灵 超级兔子 c:\program files\super rabbit\magicset\haokanbar.dll
+ 上网助手 File not found: C:\Program Files\3721\Assist\asbar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ bdsrhook.dll Baidu Search Companion c:\program files\baidu\iexp\bdsrhook.dll
+ socul.dll Sogou Express c:\windows\system32\socul.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Accoona AToolbar Module Accoona Corp. c:\program files\accoona\atoolbar.dll
+ 超级兔子上网精灵 超级兔子上网精灵 超级兔子 c:\program files\super rabbit\magicset\haokanbar.dll
+ 上网助手 File not found: C:\Program Files\3721\Assist\asbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Yahoo 1G电邮 File not found: http://cn.mail.yahoo.com/promo/rd1
+ 百度首页 File not found: http://baidu.com/index.php?tn=365wavedg
+ 情景聊天 File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 上网助手 File not found: http://assistant.3721.com/index.htm?fb=Cns
+ 手机短信 File not found: http://sms.3721.com/ie/index.htm?pid=209660_1006
+ 腾讯QQ QQ TENCENT c:\program files\tencent\qq\qq.exe
+ 相关站点 c:\windows\web\related.htm
HKLM\System\CurrentControlSet\Services
+ NVSvc NVIDIA Driver Helper Service, Version 45.23 NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe
+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe
+ Service c:\windows\meid.exe
HKLM\System\CurrentControlSet\Services
+ Achernar c:\windows\system32\drivers\achernar.sys
+ AgereSoftModem SoftModem Device Driver Agere Systems c:\windows\system32\drivers\agrsm.sys
+ ALCXSENS Sensaura WDM 3D Audio Driver Sensaura Ltd c:\windows\system32\drivers\alcxsens.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ Aldebaran c:\windows\system32\drivers\aldebaran.sys
+ AN983 ADMtek AN983/AN985/ADM951X NDIS5 Driver ADMtek Incorporated. c:\windows\system32\drivers\an983.sys
+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys
+ BRPPPOE c:\windows\system32\drivers\brpppoe.sys
+ CA561 Universal Serial Bus Camera Driver SP c:\windows\system32\drivers\spca561.sys
+ Cdsys File not found: C:\WINDOWS\System32\cdcd.sys
+ EasyFirewall Easy Firewall NDIS Intermediate Driver Easy Firewall Corporation c:\windows\system32\drivers\enetfilt.sys
+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys
+ HookReg c:\program files\rising\rav\hookreg.sys
+ hooksys Hooksys Rising c:\program files\rising\rav\hooksys.sys
+ ISP68X W99683 Camera Debug Driver Winbond Electronics Crop. c:\windows\system32\drivers\isp68x.sys
+ kmsinput c:\windows\system32\drivers\kmsinput.sys
+ KWatch2 KWatch2 Kingsoft Antivirus c:\windows\system32\drivers\kwatch2.sys
+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys
+ Mp3Drv SigmaTel Stmp3400 Mp3 Player USB Driver SigmaTel, Inc. c:\windows\system32\drivers\mp3drv.sys
+ New0 c:\windows\system32\new.sys
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. c:\program files\tencent\qq\npkcrypt.sys
+ NPPTNT2 nProtect NPSC Kernel Mode Driver for NT INCA Internet Co., Ltd. c:\windows\system32\npptnt2.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ StScsi SigmaTel Stmp3400 Mp3 Player SCSI Miniport SigmaTel, Inc. c:\windows\system32\drivers\stscsi.sys
+ SVKP SVKP driver for NT AntiCracking c:\windows\system32\svkp.sys
+ XDDFFSS File not found: C:\WINDOWS\TEMP\7k25w5v.sys
+ XPROTECTOR c:\windows\system32\drivers\oreans.sys
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ taskmgr.exe File not found: C:\DOCUME~1\123\LOCALS~1\Temp\Rar$EX00.891\procexp.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ KB2357802.LOG c:\windows\kb2357802.log
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ VENTURI_TP Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{05E4581A-313D-4CC1-9697-68677F6062FE}] DATAGRAM 0 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{05E4581A-313D-4CC1-9697-68677F6062FE}] SEQPACKET 0 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FA9F4AE-AC14-4EE4-9788-344931B659C8}] DATAGRAM 1 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FA9F4AE-AC14-4EE4-9788-344931B659C8}] SEQPACKET 1 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D3614CF-B318-40B1-9A63-98B95CAD2CC0}] DATAGRAM 5 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D3614CF-B318-40B1-9A63-98B95CAD2CC0}] SEQPACKET 5 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{4ECAB9AF-A636-4171-9FCF-831D49C69B44}] DATAGRAM 3 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{4ECAB9AF-A636-4171-9FCF-831D49C69B44}] SEQPACKET 3 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{95F4D26B-4E77-4E18-ADBD-5404D113E6C1}] DATAGRAM 2 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{95F4D26B-4E77-4E18-ADBD-5404D113E6C1}] SEQPACKET 2 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC2A9E45-7076-4CF4-81C5-C9705573EF03}] DATAGRAM 4 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC2A9E45-7076-4CF4-81C5-C9705573EF03}] SEQPACKET 4 Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD Tcpip [RAW/IP] Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD Tcpip [TCP/IP] Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP MSAFD Tcpip [UDP/IP] Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP RSVP TCP Service Provider Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
+ VENTURI_TP RSVP UDP Service Provider Venturi Layered Service Provider Shim Fourelle Systems, Inc c:\windows\system32\vlsp.dll
