当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
e:\rising\rfw\rfwproxy.exe
e:\rising\rfw\rfwsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
E:\rising\Rav\RavTask.exe
E:\rising\Rfw\rfwmain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
H:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
C:\WINDOWS\system32\spoolsv.exe
E:\rising\Rav\Ravmon.exe
E:\rising\Rav\RavStub.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\0\LOCALS~1\Temp\wt\wt.exe
C:\WINDOWS\System32\conime.exe
h:\Program Files\Ahead\nero startsmart\nerostartsmart.exe
h:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\rising\Rav\Rav.exe
E:\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
G:\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - (no file)
O1 - Hosts: 210.51.8.238 www.phoenixtv.com
O1 - Hosts: 219.232.48.108 www.yannan.cn
O1 - Hosts: 211.154.41.29 www.zgsd.net
O1 - Hosts: 202.108.35.188 vip.sina.com.cn
O1 - Hosts: 219.232.48.108 www.yannan.cn
O1 - Hosts: 61.144.120.8 www.nanfangdaily.com.cn
O1 - Hosts: 64.235.234.140 www.richbits.com
O1 - Hosts: 199.108.225.114 www.i118.com
O1 - Hosts: 210.51.180.139 bjyouth.ynet.com
O1 - Hosts: 219.239.11.8 www.bplisn.net.cn
O1 - Hosts: 61.135.134.230 house.sohu.com
O1 - Hosts: 61.152.188.197 www.2ndspace.com
O1 - Hosts: 131.107.102.120 www.betaplace.com
O1 - Hosts: 60.28.241.33 www.21dnn.com
O1 - Hosts: 202.108.119.194 www.xinhuanet.com
O1 - Hosts: 202.106.46.39 adbill.bbn.com.cn
O1 - Hosts: 207.46.225.60 www.microsoft.com
O1 - Hosts: 207.46.225.60 www.microsoft.com
O1 - Hosts: 207.46.225.60 www.microsoft.com
O1 - Hosts: 207.46.225.60 www.microsoft.com
O1 - Hosts: 202.108.249.208 www.cctv.com
O1 - Hosts: 202.43.216.50 cn.yahoo.com
O1 - Hosts: 202.108.249.208 www.cctv.com
O1 - Hosts: 202.108.249.208 www.cctv.com
O1 - Hosts: 202.165.103.8 cn.sports.yahoo.com
O1 - Hosts: 211.151.238.102 edu.beida-online.com
O1 - Hosts: 61.144.120.8 www.nanfangdaily.com.cn
O1 - Hosts: 61.175.171.86 www.cnradio.com.cn
O1 - Hosts: 202.108.34.234 auto.search.msn.com
O1 - Hosts: 210.51.186.130 www.chinadaily.com.cn
O1 - Hosts: 210.51.185.10 en.chinabroadcast.cn
O1 - Hosts: 211.154.222.22 www.people.com.cn
O1 - Hosts: 202.108.248.153 www.bjradio.com.cn
O1 - Hosts: 218.247.229.85 www.tctc.com.cn
O1 - Hosts: 219.237.203.68 www.cetv.edu.cn
O1 - Hosts: 219.232.48.108 www.yannan.cn
O1 - Hosts: 211.196.154.177 www.nba.com
O1 - Hosts: 61.129.65.95 wxb.wenxuebao.com
O1 - Hosts: 219.141.235.4 www.cass.net.cn
O1 - Hosts: 202.108.249.208 www.cctv.com
O1 - Hosts: 211.151.238.102 edu.beida-online.com
O1 - Hosts: 202.99.23.201 www.cyol.net
O1 - Hosts: 219.232.48.108 ww2.gotopku.com
O1 - Hosts: 202.96.31.117 www.nlc.gov.cn
O1 - Hosts: 140.147.249.7 www.loc.gov
O1 - Hosts: 218.16.124.59 www.yexinhua.com
O1 - Hosts: 209.59.196.227 www.shakespeare.com
O1 - Hosts: 218.12.168.1 www.systudy.com
O1 - Hosts: 210.51.172.237 hezuo.db66.com
O1 - Hosts: 202.43.216.50 cn.yahoo.com
O1 - Hosts: 211.151.238.102 edu.beida-online.com
O1 - Hosts: 211.100.30.171 www.vertinfo.com
O1 - Hosts: 61.175.223.130 carhowto.00to.com
O1 - Hosts: 67.15.35.48 www.qqppt.com
O1 - Hosts: 219.232.48.108 www.yannan.cn
O1 - Hosts: 66.171.59.135 www.vzavenue.net
O1 - Hosts: 193.61.65.8 www.ram.ac.uk
O1 - Hosts: 219.141.235.4 www.cass.net.cn
O1 - Hosts: 219.141.235.4 www.cass.net.cn
O1 - Hosts: 166.111.120.60 www.lib.tsinghua.edu.cn
O1 - Hosts: 61.152.251.213 www.sharebook.net
O1 - Hosts: 202.108.249.208 www.cctv.com
O1 - Hosts: 61.139.76.108 wutai.w3.zccn.net
O1 - Hosts: 222.36.40.139 www.allart.com.cn
O1 - Hosts: 210.51.180.139 fukan.ynet.com
O1 - Hosts: 64.1.16.250 www.gotofind.com
O1 - Hosts: 202.108.201.226 www.wxg.org.cn
O1 - Hosts: 202.108.249.208 www.cctv.com
O1 - Hosts: 166.111.107.226 arts.tsinghua.edu.cn
O1 - Hosts: 210.51.8.220 www.5i5j.com
O1 - Hosts: 216.239.57.103 groups.google.com
O1 - Hosts: 61.135.150.66 music.sohu.com
O1 - Hosts: 218.22.93.252 www.zhengjun.com
O1 - Hosts: 210.82.89.102 www.51ez.com
O1 - Hosts: 202.108.33.23 blog.sina.com.cn
O1 - Hosts: 61.129.65.95 www.whb.com.cn
O1 - Hosts: 211.151.23.204 www.stardaily.com.cn
O1 - Hosts: 210.51.180.138 www.bjyouth.com
O1 - Hosts: 168.160.251.130 www.beijingdaily.com.cn
O1 - Hosts: 210.51.8.238 www.phoenixtv.com
O1 - Hosts: 211.154.222.22 www.people.com.cn
O1 - Hosts: 61.144.120.8 www.nanfangdaily.com.cn
O1 - Hosts: 61.144.120.8 www.nanfangdaily.com.cn
O1 - Hosts: 219.232.48.108 www.yannan.cn
O1 - Hosts: 61.144.120.8 www.nanfangdaily.com.cn
O1 - Hosts: 219.141.235.4 www.cass.net.cn
O1 - Hosts: 61.129.65.95 wxb.wenxuebao.com
O1 - Hosts: 210.51.180.139 bjyouth.ynet.com
O1 - Hosts: 210.51.180.139 fukan.ynet.com
O1 - Hosts: 61.129.65.95 dszb.whdszb.com
O1 - Hosts: 202.181.231.146 www.cap.org.hk
O1 - Hosts: 202.108.35.191 chwmc.vip.sina.com
O1 - Hosts: 61.139.126.18 www.wordofgod4u.net
O1 - Hosts: 66.78.27.6 www.lingliang.org
O1 - Hosts: 222.88.88.228 www.edzx.com
O1 - Hosts: 222.88.88.228 www.edzx.com
O1 - Hosts: 202.43.216.29 cn.dir.yahoo.com
O1 - Hosts: 66.179.152.75 new.christianity.com
O1 - Hosts: 219.235.232.152 www.39.net
O1 - Hosts: 210.51.8.238 www.phoenixtv.com
O1 - Hosts: 220.194.57.98 www.chihaola.com

O2 - BHO: Target Class - {002AF282-E42D-4B51-9F70-F1570C02FAAD} - C:\Progra~1\Microsoft\Office\0.9.0.9\Office.dll
O2 - BHO: CCIT Memory Manager - {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} - C:\WINDOWS\DOWNLO~1\cytdcli.dll
O2 - BHO: Deliverer Class - {3E290290-1728-4C1E-863A-AA12526333F6} - C:\Progra~1\CNet\ADDeliverer\0.9.9.5\ADDeliverer.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - g:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - E:\PROGRA~1\sina\UC\UCddt\ddtkillw.ocx (file missing)
O2 - BHO: AtlObj Class - {7E093FD0-5372-4FD5-9C7B-875668B4CDB2} - C:\WINDOWS\System32\Ado32.dll
O2 - BHO: YOK广告拦截插件 - {972566B2-93BF-41AA-B06D-5F81DB7E38E1} - C:\WINDOWS\System32\yokhad.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barsmall24.dll
O2 - BHO: AlxTB BHO Class - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll
O3 - IE工具栏增项: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\\WINDOWS\\System32\\SHDOCVW.DLL
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - 启动项HKLM\\Run: [msn] C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - 启动项HKLM\\Run: [RavTask] "E:\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "e:\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [RemoteControl] "h:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSCalsClocks] H:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - IE右键菜单中的新增项目: 导出当前页到超星阅览器(&A) - E:\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导出选中部分到超星阅览器(&S) - E:\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - G:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: TOL24 - {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} - http://www.TOL24.com (file missing)
O9 - 浏览器额外的按钮: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - 浏览器额外的“工具”菜单项: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - g:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - g:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - IE插件，支持文件类型.UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} (SSReaderPlug Control) - http://reg.ssreader.com/ssreaderplug.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {40CFEA79-ED5B-4B2B-8B8D-B567E40AF812} (sslclient Control) - http://www.chinaorg.tol24.com/download/ocx/sslclientnew.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8135EF31-FE8C-4C6E-A18A-F59944C3A488} - http://ddddl.dudu.com/ddd/update/plugin/dddspocx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://download.ourgame.com/GLWebAvt.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://202.99.42.177/sso/ccitpay.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{838F5A38-88F5-43AC-A4AA-608F5C719A6E}: NameServer = 202.106.0.20 202.106.46.151
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - 列举现有的协议: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - 列举现有的协议: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - 列举现有的协议: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - 列举现有的协议: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: WintUPp - Unknown owner - C:\DOCUME~1\0\LOCALS~1\Temp\wt\wt.exe