启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <iamapp><C:\Program Files\Norton Internet Security\IAMAPP.EXE>  [(Verified)Symantec Corporation]
    <KAVRUN><D:\KAV6\KAVRUN.EXE>  [kingsoft]
    <helper.dll><C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <CnsMin><Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <Symantec NetDriver Monitor><C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer>  [(Verified)Symantec Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINNT\downlo~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\System32\NavLogon.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\program\office2k\Office\OSA9.EXE [Microsoft Corporation]><N>
[Service Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk --> C:\MSSQL7\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[alarmProc]
  <C:\Documents and Settings\administrator\「开始」菜单\程序\启动\alarmProc.lnk --> D:\110视~1\接警台\ALARMP~1.EXE [浙江师大计海新技术有限公司]><N>

==================================
服务
[pcAnywhere Host Service / awhost32]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[MSSQLServer / MSSQLServer]
  <C:\MSSQL7\binn\sqlservr.exe><Microsoft Corporation>
[Norton Internet Security Service / NISSERV]
  <C:\Program Files\Norton Internet Security\NISSERV.EXE><Symantec Corporation>
[Norton Internet Security Accounts Manager / NISUM]
  <C:\Program Files\Norton Internet Security\NISUM.EXE><Symantec Corporation>
[Rising Process Communication Center / RsCCenter]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Network Drivers Service / SNDSrvc]
  <C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe><Symantec Corporation>
[SQLServerAgent / SQLServerAgent]
  <C:\MSSQL7\binn\sqlagent.exe><Microsoft Corporation>
[Norton Internet Security Proxy Service / SymProxySvc]
  <C:\Program Files\Norton Internet Security\SymProxySvc.exe><Symantec Corporation>

驱动程序
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\216064546.sys><N/A>
[260159968 / 260159968]
  <\SystemRoot\System32\drivers\260159968.sys><N/A>
[488490359 / 488490359]
  <\SystemRoot\System32\drivers\488490359.sys><N/A>
[a0 / a0]
  <\SystemRoot\\SystemRoot\System32\drivers\488490359.sys><N/A>
[atirage3 / atirage3]
  <System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[awlegacy / awlegacy]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[BaseTDI / BaseTDI]
  <\??\C:\WINNT\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Adapter Driver / E1000]
  <System32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Intel PRO Adapter Driver / E100B]
  <System32\DRIVERS\e100bnt5.sys><Intel Corporation>
[ExpScaner / ExpScaner]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[Gernuwa / Gernuwa]
  <C:\WINNT\SYSTEM32\DRIVERS\Gernuwa.SYS><Symantec Corporation>
[HOOKAPI / HOOKAPI]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[HookCont / HookCont]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt]
  <\??\C:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RSPPSYS / RSPPSYS]
  <\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[SYMDNS / SYMDNS]
  <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW]
  <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS]
  <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMNDIS / SYMNDIS]
  <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_u3 / sym_u3]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>