启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <JMB36X Configure><C:\WINDOWS\system32\JMRaidTool.exe boot>  [N/A]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [Analog Devices, Inc.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{08315c1a-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp>  [N/A]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Symantec SPBBCSvc / SPBBCSvc]
  <C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

[PID: 2956][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3780][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3384][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[PID: 2504][E:\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 2188][C:\Program Files\Tencent\QQ\QZone\QZone.exe]  [腾讯公司, 1, 3, 102, 22]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]