HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ CnsMin3721北京三七二一科技有限公司c:\winnt\downloaded program files\cnsmin.dll
+ ExFiltercdnspiec:\program files\cnnic\cdn\cdnspie.dll
+ Install AlitalkFile not found: C:\WINNT\temp\alitalk\alitalk.exe
+ mscfsc:\winnt\system32\msibm\cfsys.dll
+ NeroCheckNeroCheckAhead Software Gmbhc:\winnt\system32\nerocheck.exe
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\winnt\system32\nvcpl.dll
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
+ Updatec:\program files\common files\updat\update.exe
+ Windows木马防火墙File not found: C:\Program Files\ftc\Trojanwall.exe
+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe
+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe
C:\Documents and Settings\ndison1\「开始」菜单\程序\启动
+ Adobe Gamma.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ Rc:\documents and settings\ndison1\「开始」菜单\程序\启动\rsautorunsdisabled
+ 划词搜索.lnk划词搜索中搜在线c:\program files\huaci\huaci\zsearch.exe
+ 腾讯QQ.lnkQQTENCENTc:\program files\tencent\qq\qq.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AutoCAD 数字签名图标覆盖处理程序AcSignIcon ModuleAutodeskc:\winnt\system32\acsignicon.dll
+ Autodesk Drawing PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll
+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ AntiFish Classyangling.dllYahoo.c:\program files\yahoo!\assistant\assist\yangling.dll
+ CBHelper
Objectc:\winnt\system32\msibm\cfsbho.dll
+ CPub
ObjectIE MonitorSohu.com Inc.c:\program files\p4p\sodaie.dll
+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll
+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll
+ MMSAssist BHOMMSAssistc:\program files\mmsassist\mmsass~1.dll
+ QQBrowserHelper
Object ClassQQIEHelper Module深圳市腾讯计算机系统有限公司c:\program files\tencent\qq\qqiehelper.dll
+ QuickBtnQuick LinkFengcentc:\program files\coolwebsite\quicklink.dll
+ Shareaza Web Download HookShareaza Web Download HookShareaza Pty. Ltd.e:\刘傲\新建文件夹\plugins\razawebhook.dll
+ ThunderIEHelper Classxunleibho Modulec:\winnt\system32\xunleibho_v4.dll
+ VnetCookie ClassVnetTransfer Modulec:\program files\chinanet\vnettransfer.dll
+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll
+ 上网助手Assist Modulec:\program files\3721\assist\assist.dll
+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\winnt\system32\kakatool.dll
+ 上网助手Assist Modulec:\program files\3721\assist\assist.dll
+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll
+ 一搜YiSou ToolBar 3721c:\program files\yisou\yisou.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864c:\winnt\web\related.htm
+ Yahoo 1G电邮File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
+ 清理上网记录File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
+ 情景聊天File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg
+ 腾讯QQQQTENCENTc:\program files\tencent\qq\qq.exe
+ 新浪UC北京新浪信息技术有限公司c:\program files\sina\uc\uc.exe
+ 修复浏览器File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair
+ 寻宝乐趣多File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao
+ 雅虎助手File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist
Task Scheduler
+ DM_Install_Program.jobFile not found: C:\Documents and Settings\ndison1\Local Settings\Temp\{9889fe9e-6963-4ab9-9afd-e681ce0bc657}\601032.exe
HKLM\System\CurrentControlSet\Services
+ C-DillaCdaC11BAMacrovision RTS ServiceMacrovisionc:\winnt\system32\drivers\cdac11ba.exe
+ NVSvcNVIDIA Driver Helper Service, Version 43.51NVIDIA Corporationc:\winnt\system32\nvsvc32.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
+ SolidWorks SolidNetWork License ManagerMacrovision Corporationc:\flexlm\sw2005_sp0_licenses\solidworks solidnetwork license manager\lmgrd.exe
HKLM\System\CurrentControlSet\Services
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\winnt\system32\drivers\basetdi.sys
+ CdaC15BAMacrovision SECURITY DriverMacrovision Europe Ltdc:\winnt\system32\drivers\cdac15ba.sys
+ cmpciC-Media Audio WDM DriverC-Media Incc:\winnt\system32\drivers\cmaudio.sys
+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys
+ dmloadNT Disk Manager Startup DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmload.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ GMSIPCIFile not found: G:\INSTALL\GMSIPCI.SYS
+ GNetPPPoEIntermediate Miniport Driver For PPP over Ethernet ProtocolGuangdong Data Communications Network Co.Ltd.c:\winnt\system32\drivers\pppoe.sys
+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ InCDPassFile not found: system32\drivers\InCDPass.sys
+ InCDRmFile not found: system32\drivers\InCDRm.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.d:\program files\rising\rfw\mprocrs.sys
+ New0c:\winnt\system32\new.sys
+ NPFNPF Driver - TME extensionsPolitecnico di Torinoc:\winnt\system32\drivers\npf.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.c:\program files\tencent\qq\npkcrypt.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 43.51 NVIDIA Corporationc:\winnt\system32\drivers\nv4_mini.sys
+ pfcPadus(R) ASPI ShellPadus, Inc.c:\winnt\system32\drivers\pfc.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ rtl8139NDIS 5.0 driver Realtek Semiconductor Corporation c:\winnt\system32\drivers\rtl8139.sys
+ SVKPSVKP driver for NTAntiCrackingc:\winnt\system32\svkp.sys
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Bluebeam PDF MonitorBBPDFPortMonBluebeam Software, Inc.c:\winnt\system32\bbpdfportmon.dll
+ Canon BJ Language Monitor S100SPBJ Language MonitorCANON INC.c:\winnt\system32\cnmlm3c.dll
