HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ (Default)\
+ ADShowFile not found: C:\WINNT\system32\bcsysnote.exe
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ BCUpdatec:\winnt\system32\bcup.exe
+ CdnCtrLiveUpdate Modulec:\program files\cnnic\cdn\cdnup.exe
+ e-Border CredentialPermeo Security Driver IconPermeo Technologies Inc.d:\program files\permeo\e-border driver\ebicon.exe
+ mdac_runonceFile not found: C:\WINDOWS\SYSTEM\runonce.exe
+ MINI_BFYYFile not found: C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
+ SKYNET Personal FireWallFile not found: C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
+ StormCodec_Helperc:\program files\ringz studio\storm codec\stormset.exe
+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe
+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ Adobe Gamma Loader.exe.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ 新浪游戏下载加速器.lnkFile not found: C:\Program Files\DuDu\DDDClient\DuDuAcc.exe
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
+ 腾讯QQ.lnkQQTENCENTc:\program files\tencent\qq\qq.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+ INETc:\winnt\system32\inetsrv\inetsync.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ eMuleAutoStarteMulehttp://www.emule.org.cnf:\emule\emule.exe
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Pollerc:\winnt\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\winnt\system32\ati2sgag.exe
+ IE URL Servicec:\program files\zsxz\urlservice.exe
+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
+ SDAgentServicesde北京兴华基业软件技术有限公司c:\program files\common files\smartde\sde.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll
+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
+ 金山毒霸2005\
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ AlxTB BHO ClassFile not found: C:\WINNT\system32\AlxTB1.dll
+ BandIE ClassBaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll
+ CNNIC_IDNCndnIEHelper Modulec:\program files\cnnic\cdn\cdniehlp.dll
+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll
+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll
+ IEBHOLiver ClassIMU IE PlusIMUc:\winnt\system32\imuliver.dll
+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll
+ QQBrowserHelper
Object ClassQQIEHelper Module深圳市腾讯计算机系统有限公司c:\program files\tencent\qq\qqiehelper.dll
+ SDObmObj Classobwbkya Module北京兴华基业软件技术有限公司c:\winnt\system32\obwbkya.dll
+ ShowBar
Object ClassAlibabaIEToolBarAlibabac:\winnt\system32\alitb1\bar.dll
+ ThunderIEHelper Classxunleibho Modulec:\winnt\system32\xunleibho_v5.dll
+ ThunderIEHelper ClassThunderBHO Modulec:\winnt\system32\thunderbho0.dll
+ WMHlprObj ClassWMHlpr Modulec:\program files\cnnic\cdn\wmhlpr.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ coolbar\
+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864c:\winnt\web\related.htm
+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1
+ 访问卡卡社区File not found: http://www.ikaka.com
+ 访问瑞星网站File not found: http://www.rising.com.cn
+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns
+ 上网助手File not found: http://assistant.3721.com/index.htm?fb=Cns
+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns
Task Scheduler
+ Symantec NetDetect.jobSymantec NetDetectSymantec Corporationc:\program files\symantec\liveupdate\ndetect.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventc:\winnt\system32\ati2evxx.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ Permeo e-Border Layered Service Providere-Border DRiver LSP hooksPermeo Technologies Inc.d:\program files\permeo\e-border driver\s5spi.dll
+ Permeo e-Border MSAFD Tcpip [TCP/IP]e-Border DRiver LSP hooksPermeo Technologies Inc.d:\program files\permeo\e-border driver\s5spi.dll
+ Permeo e-Border MSAFD Tcpip [UDP/IP]e-Border DRiver LSP hooksPermeo Technologies Inc.d:\program files\permeo\e-border driver\s5spi.dll
+ Permeo e-Border RSVP TCP Service Providere-Border DRiver LSP hooksPermeo Technologies Inc.d:\program files\permeo\e-border driver\s5spi.dll
+ Permeo e-Border RSVP UDP Service Providere-Border DRiver LSP hooksPermeo Technologies Inc.d:\program files\permeo\e-border driver\s5spi.dll
