启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(helper.dll)(C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32) []
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(snpstd3)(C:\WINDOWS\vsnpstd3.exe) []
(IMJPMIG8.1)(; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [N/A]
(PHIME2002ASync)(; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(RavStub)("C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({D157330A-9EF3-49F8-9A67-4141AC41ADD4})(C:\WINDOWS\DOWNLO~1\CnsHook.dll) [北京三七二一科技有限公司]
({E568441B-9EF3-49F8-9A67-4141AC41ADD4})() [N/A]
({4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A})() [N/A]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]

启动文件夹

[QQ游戏启动加速程序]
(C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --) C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司])(N)



--------------------------------------------------------------------------------



服务

[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
(C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe)(Microsoft Corporation)
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
("C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe")(Autodesk)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
(C:\WINDOWS\system32\wdfmgr.exe)(N/A)

驱动程序

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
(system32\drivers\ac97intc.sys)(Intel Corporation)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
(System32\DRIVERS\amdk8.sys)(Advanced Micro Devices)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[CdaC15BA / CdaC15BA][Running/Auto Start]
(\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS)(Macrovision Europe Ltd)
[CnsMinKP / CnsMinKP][Running/Boot Start]
(\SystemRoot\system32\drivers\CnsMinKP.sys)(Copyright (C) 3721 Corporation.)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\ExpScan.sys)()
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
(system32\DRIVERS\fetnd5.sys)(VIA Technologies, Inc.)
[HookCont / HookCont][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs][Running/Auto Start]
(\??\c:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
(system32\drivers\npf.sys)(Politecnico di Torino)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\C:\Program Files\QQ2006\npkcrypt.sys)(INCA Internet Co., Ltd.)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[qimiqbr / qimiqbr][Running/]
(2 - 系统找不到指定的文件。
)(N/A)
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
(\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
(system32\DRIVERS\snpstd3.sys)()
[WINIO / WINIO][Stopped/Manual Start]
(\??\F:\winio.sys)(N/A)
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
(system32\DRIVERS\WSTCODEC.SYS)(Microsoft Corporation)
[R2A / R2A][Stopped/Disabled]
(\??\C:\WINDOWS\system32a2.sys)(N/A)
[rhpcsg / rhpcsg][Running/Boot Start]
(\SystemRoot\\SystemRoot\System32\drivers\rhpcsg.sys)(N/A)

浏览器加载项

[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} (c:\PROGRA~1\chinanet\VNETTR~1.DLL, )
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} (C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (e:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD)
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A)
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} (http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A)
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A)
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} (http://cn.widget.yahoo.com/index.htm?source=Cns, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A)
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A)
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A)
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司)
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} (C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} (c:\PROGRA~1\chinanet\VNETTR~1.DLL, )
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} (C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation)
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} (%SystemRoot%\system32\shdocvw.dll, N/A)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} (C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.)
[&使用迅雷下载]
(e:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A)