启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MSMSGS><; ; "C:\Program Files\Messenger\msmsgs.exe" /background>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <CameraFixer><; ; C:\WINDOWS\CameraFixer.exe>  []
    <helper.dll><; ; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <IgfxTray><; ; C:\WINDOWS\System32\igfxtray.exe>  [Intel Corporation]
    <RichMedia><; ; C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]
    <snpstd3><; ; C:\WINDOWS\vsnpstd3.exe>  []
    <SoundMAX><; ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  []
    <SoundMAXPnP><; ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  []
    <spoolsv><; ; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>  []
    <StormCodec_Helper><; ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <tsnpstd3><; ; C:\WINDOWS\tsnpstd3.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ajffb.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.d
启动文件夹
服务
[RavService / RavService]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <C:\Program Files\Rising\Rav\CCenter.exe><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
浏览器加载项
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[FltSetUp Class]
  {1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, Microsoft Corporation>
[ActiveBHO Class]
  {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, >
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\PROGRA~1\baigoo\baigoobh.dll, >
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\hbclient\tbcast.dll, Shanghai Henbang Technology Co., Ltd>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, 北京三七二一科技有限公司>
[IEHlprObj Class]
  {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\conf.dll, N/A>
[WebDownloader Class]
  {E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, N/A>
[免费精彩视频超流畅在线观看]
  {022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[FltSetUp Class]
  {1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, Microsoft Corporation>
[ActiveBHO Class]
  {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, >
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\PROGRA~1\baigoo\baigoobh.dll, >
[BrowserObject Class]
  {808EAF87-61B8-4EEA-8B85-27480D1BDBEE} <C:\PROGRA~1\baigoo\bgook.dll, baigoo>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\hbclient\tbcast.dll, Shanghai Henbang Technology Co., Ltd>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[IEHlprObj Class]
  {D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\conf.dll, N/A>
[WebDownloader Class]
  {E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, N/A>
[&使用暴风下载器下载]
  <C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

病毒名为Trojan.Agent.dte