HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ nwizNVIDIA nView Wizard, Version 40.72 NVIDIA Corporationc:\windows\system32\nwiz.exe
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
+ VikaClientVika Transfer ClientSIANc:\program files\vika\vkclient.exe
C:\Documents and Settings\ak\「开始」菜单\程序\启动
+ 腾讯QQ.lnkQQTENCENTd:\qq\qq.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ CuteFTP Shell ExtensionGlobalSCAPE, Inc.e:\cuteftp\cuteshell.dll
+ Desktop ExplorerNVIDIA Desktop Explorer, Version 40.72 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 40.72 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\realplayer\rpshell.dll
+ WinRAR shell extensiond:\winrar\rarext.dll
+ Yahoo Trojan Cleannerf:\ske\contmenu.dll
+ Yahoo!PhotoFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
+ 粉碎文件File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
+ DragSearch BHOFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
+ QQBrowserHelper
Object ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\qq\qqiehelper.dll
+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll
+ Yahoo!PhotoFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864c:\windows\web\related.htm
+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1
+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns
+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 瑞丽网刊c:\program files\vika\vkclient.exe.lnk
+ 手机短信File not found: http://sms.3721.com/ie/index.htm
+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns
+ 寻宝乐趣多File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138
+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns
HKLM\System\CurrentControlSet\Services
+ nvidGUIv2Manages Video devices for Windows-based c:\windows\nvidguiv.exe
+ NVSvcNVIDIA Driver Helper Service, Version 40.72NVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ kmsinputc:\windows\system32\drivers\kmsinput.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\qq\npkcrypt.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 40.72 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ nv_agpNVIDIA nForce AGP FilterNVIDIA Corporationc:\windows\system32\drivers\nv_agp.sys
+ nvatabusNVIDIA? nForce(TM) IDE Performance DriverNVIDIA Corporationc:\windows\system32\drivers\nvatabus.sys
+ NVENETFDNVIDIA Networking Function Driver.NVIDIA Corporationc:\windows\system32\drivers\nvenetfd.sys
+ nvnetbusNVIDIA Networking Bus Driver.NVIDIA Corporationc:\windows\system32\drivers\nvnetbus.sys
+ nvraidNVIDIA? nForce(TM) RAID DriverNVIDIA Corporationc:\windows\system32\drivers\nvraid.sys
+ PCAMPR5PCAUSA NDIS 5.0 MPR Protocol DriverPrinting Communications Assoc., Inc. (PCAUSA)c:\windows\system32\pcampr5.sys
+ PCANDIS5PCAUSA NDIS 5.0 Protocol DriverPrinting Communications Assoc., Inc. (PCAUSA)c:\windows\system32\pcandis5.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RTL8023Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnic51.sys
+ rtl8139NDIS 5.0 driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
