在我F盘里出现了一个名为84a72240d4b81f6cc594c515da的文件夹．里面还有 sp1qfe　 sp2gdr　 sp2qfe　 update　这四个文件夹．我怀疑是下载了带病毒的软件，一运行就中了黑客的圈套了，为什么删不掉，这不就是霸王条款吗．所以很有可能是黑客把它作为客户端，等我们一上网，他就施行远程攻击，大量占有内存，使电脑运行极度缓慢，甚至死机．希望各位电脑高手们帮忙解决一下这个头痛的问题，谢谢．我都快被他们搞惨了

http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 开始扫描＝》导出信息，导成txt格式（也可以是htm格式方便自己看，不过论坛不能上传htm格式）
4 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分次发上来）
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
6 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm

LZ同命啊
在我F盘里有一个名为4a4e95a314cdeeee9c8a09的文件夹．里面还有SP2QFE、pdate这2个文件夹和spmsg.dll与spuninst.exe两个程序！
其状况和LZ的一样！
删不掉，等一上网，他就施行远程攻击，大量占有内存，使电脑运行极度缓慢，甚至死机

稍后上传文件。。。

瑞星卡卡电脑诊断日志 v1.30 (2007-10-13 14:59:18)


北京瑞星科技股份有限公司


+ 注册表自运行项目 (8)
+ 系统服务(1)
+ HKLM\System\CurrentControlSet\Services(7)
+ MDM = Machine Debug Manager
c:\program files\common files\microsoft shared\vs7debug\mdm.exe

+ NVSvc = NVIDIA Display Driver Service
c:\windows\system32\nvsvc32.exe

+ ose = Office Source Engine
c:\program files\common files\microsoft shared\source engine\ose.exe

+ RfwProxySrv = Rising Proxy Service
c:\program files\rising\rfw\rfwproxy.exe

+ RfwService = Rising Personal Firewall Service
c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenter = Rising Process Communication Center
c:\program files\rising\rav\ccenter.exe

+ RsRavMon = Rising RealTime Monitor
c:\program files\rising\rav\ravmond.exe

+ 内核驱动(1)
+ HKLM\System\CurrentControlSet\Services(19)
+ AtcL002 = NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller
c:\windows\system32\drivers\atl02_xp.sys

+ BaseTDI = Rising TDI Base Driver
c:\windows\system32\drivers\basetdi.sys

+ cdnprot = cdnprot
c:\windows\system32\drivers\cdnprot.sys

+ ExpScaner = ExpScaner
c:\program files\rising\rav\expscan.sys

+ HDAudBus = Microsoft UAA Bus Driver for High Definition Audio
c:\windows\system32\drivers\hdaudbus.sys

+ HookCont = HookCont
c:\program files\rising\rav\hookcont.sys

+ HookReg = HookReg
c:\program files\rising\rav\hookreg.sys

+ HookSys = HookSys
c:\program files\rising\rav\hooksys.sys

+ HookUrl = HookUrl
c:\program files\rising\rfw\hookurl.sys

+ IntcAzAudAddService = Service for Realtek HD Audio (WDM)
c:\windows\system32\drivers\rtkhdaud.sys

+ MEMSCAN = MEMSCAN
c:\program files\rising\rav\memscan.sys

+ mProcRs = mProcRs
c:\program files\rising\rfw\mprocrs.sys

+ MTsensor = ATK0110 ACPI UTILITY
c:\windows\system32\drivers\asacpi.sys

+ RsAntiSpyware = RsAntiSpyware
c:\windows\system32\drivers\rsboot.sys

+ RsFwDrv = RsFwDrv
c:\program files\rising\rfw\rsfwdrv.sys

+ RsNTGDI = RsNTGDI
c:\windows\system32\drivers\rsntgdi.sys

+ RSPPSYS = RSPPSYS
c:\program files\rising\rav\rsppsys.sys

+ Secdrv = Secdrv
c:\windows\system32\drivers\secdrv.sys

+ Tcpip = TCP/IP Protocol Driver
c:\windows\system32\drivers\tcpip.sys

+ IE浏览器加载模块(2)
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects(5)
+ {01443AEC-0FD1-40fd-9C87-E93D1494C233} = ThunderAtOnce Class
d:\软件程序\thunder network\thunder\comdlls\tdatonce_now.dll

+ {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} = IeHelper Class
d:\软件程序\thunder network\thunder\components\resworker\dsiehelper.dll

+ {2E476D03-B089-DDA8-79DA-0B69AD48DFB0} = Thunder Browser Helper
d:\软件程序\thunder network\thunder\comdlls\xunleibho_now.dll

+ {2E476D04-B089-DDA8-79DA-0B69AD48DFB0} = ThaLorvs Class
c:\windows\downloaded program files\zmwfma.dll

+ {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} = CdnForIE Class
c:\program files\cnnic\cdn\cdnforie.dll

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions(1)
+ Exec = d:\软件程序\Thunder Network\Thunder\Thunder.exe
d:\软件程序\thunder network\thunder\thunder.exe

+ 资源管理器加载模块(4)
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter(1)
+ text/xml = {807553E5-5146-11D5-A672-00B0D022E945}
c:\program files\common files\microsoft shared\office11\msoxmlmf.dll

+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler(2)
+ ms-itss = {0A9007C0-4076-11D3-8789-0000F8105754}
c:\program files\common files\microsoft shared\information retrieval\msitss.dll

+ mso-offdap11 = {32505114-5902-49B2-880A-1F7738E5A384}
c:\program files\common files\microsoft shared\web components\11\owc11.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved(10)
+ HyperTerminal Icon Ext = {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class = {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\nvcpl.dll

+ Play on my TV helper = {FFB699E0-306A-11d3-8BD1-00104B6F7516}
c:\windows\system32\nvcpl.dll

+ Desktop Explorer = {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu = {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
c:\windows\system32\nvshell.dll

+ nView Desktop Context Menu = {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
c:\windows\system32\nvshell.dll

+ Microsoft Office HTML Icon Handler = {42042206-2D85-11D3-8CFF-005004838597}
d:\软件程序\microsoft office\office11\msohev.dll

+ Web Folders = {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
c:\program files\common files\microsoft shared\web folders\msonsext.dll

+ WinRAR shell extension = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll

+ RISING = {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}
c:\windows\system32\ravext.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks(2)
+ {32CD708B-60A7-4C00-9377-D73EAA495F0F} = ShlExecHack Class
c:\windows\system32\ravext.dll

+ {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A} = 瑞星卡卡上网安全助手
c:\windows\system32\shlhook.dll

+ 用户登陆自运行项目(1)
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run(12)
+ nwiz = nwiz.exe /install
c:\windows\system32\nwiz.exe

+ SkyTel = SkyTel.EXE
c:\windows\skytel.exe

+ IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
c:\program files\common files\microsoft shared\ime\imsc40a\imscmig.exe

+ CdnCtr = C:\Program Files\CNNIC\Cdn\cdnup.exe
c:\program files\cnnic\cdn\cdnup.exe

+ Thunder = "D:\软件程序\Thunder Network\Thunder\Thunder.exe" /s
d:\软件程序\thunder network\thunder\thunder.exe

+ RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system
c:\program files\rising\rav\ravtask.exe

+ RfwMain = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
c:\program files\rising\rfw\rfwmain.exe

+ runeip = "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
c:\program files\rising\antispyware\runiep.exe

+ RTHDCPL = RTHDCPL.EXE
c:\windows\rthdcpl.exe

+ SoundMan = SOUNDMAN.EXE
c:\windows\soundman.exe

+ AlcWzrd = ALCWZRD.EXE
c:\windows\alcwzrd.exe

+ Alcmtr = ALCMTR.EXE
c:\windows\alcmtr.exe

+ 开机执行(1)
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order(1)
+ BootExecute = "autocheck autochk *";" bsmain";
c:\windows\system32\bsmain.exe

+ 映像劫持(2)
+ HKCR\.html(2)
+ htmlfile\Edit\Command = "D:\软件程序\Microsoft Office\OFFICE11\msohtmed.exe" %1
d:\软件程序\microsoft office\office11\msohtmed.exe

+ htmlfile\Print\Command = "D:\软件程序\Microsoft Office\OFFICE11\msohtmed.exe" /p %1
d:\软件程序\microsoft office\office11\msohtmed.exe

+ HKCR\.htm(2)
+ htmlfile\Edit\Command = "D:\软件程序\Microsoft Office\OFFICE11\msohtmed.exe" %1
d:\软件程序\microsoft office\office11\msohtmed.exe

+ htmlfile\Print\Command = "D:\软件程序\Microsoft Office\OFFICE11\msohtmed.exe" /p %1
d:\软件程序\microsoft office\office11\msohtmed.exe

+ 打印机监控(1)
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors(1)
+ Microsoft Document Imaging Writer Monitor = mdimon.dll
c:\windows\system32\mdimon.dll

+ 正在运行的进程(26)
+ 00000070(112) wscntfy.exe(2)
+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 00000084(132) ctfmon.exe(2)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 000000d0(208) Thunder5.exe(39)
+ 00400000[00190000] = Thunder5.exe
d:\软件程序\thunder network\thunder\program\thunder5.exe

+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 00F50000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 01070000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 010C0000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 21D00000[0002D000] = TaskManager.dll
d:\软件程序\thunder network\thunder\program\taskmanager.dll

+ 21120000[00365000] = download_interface.dll
d:\软件程序\thunder network\thunder\program\download_interface.dll

+ 21880000[000CB000] = stlport_vc646.dll
d:\软件程序\thunder network\thunder\program\stlport_vc646.dll

+ 210E0000[00018000] = asyn_dns.dll
d:\软件程序\thunder network\thunder\program\asyn_dns.dll

+ 21B50000[0001E000] = iTargetAD.dll
d:\软件程序\thunder network\thunder\program\itargetad.dll

+ 21A20000[0000A000] = BHOStub.dll
d:\软件程序\thunder network\thunder\program\bhostub.dll

+ 222B0000[0002A000] = DownAndPlay.dll
d:\软件程序\thunder network\thunder\components\downandplay\downandplay.dll

+ 02790000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 30000000[002DE000] = flash.ocx
c:\windows\system32\macromed\flash\flash.ocx

+ 22190000[00017000] = iEmbedShell.dll
d:\软件程序\thunder network\thunder\components\inmedia\iembedshell.dll

+ 37000000[00075000] = XLCommunity.dll
d:\软件程序\thunder network\thunder\components\community\xlcommunity.dll

+ 21BA0000[0003D000] = LiveUpdate.dll
d:\软件程序\thunder network\thunder\program\liveupdate.dll

+ 21F80000[0001E000] = XLSearch.dll
d:\软件程序\thunder network\thunder\components\search\xlsearch.dll

+ 220B0000[0001E000] = P4PClient.dll
d:\软件程序\thunder network\thunder\components\p4pclient\p4pclient.dll

+ 223E0000[0000A000] = DiagnoseHelper.dll
d:\软件程序\thunder network\thunder\components\diagnosehelper\diagnosehelper.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 22250000[00010000] = ExplorerHelper.dll
d:\软件程序\thunder network\thunder\components\explorerhelper\explorerhelper.dll

+ 21F30000[0001E000] = TipsClient.dll
d:\软件程序\thunder network\thunder\components\tips\tipsclient.dll

+ 21ED0000[00009000] = VPSHELL.dll
d:\软件程序\thunder network\thunder\components\vpshell\vpshell.dll

+ 21F00000[0000B000] = UserExperience.dll
d:\软件程序\thunder network\thunder\components\userexperience\userexperience.dll

+ 22040000[0000E000] = DsXlCom.dll
d:\软件程序\thunder network\thunder\components\resworker\dsxlcom.dll

+ 22100000[0003F000] = iEmbed09.dll
d:\软件程序\thunder network\thunder\components\inmedia\iembed09.dll

+ 21800000[00039000] = RegisterDll.dll
d:\软件程序\thunder network\thunder\program\registerdll.dll

+ 21000000[00015000] = TingTing.dll
d:\软件程序\thunder network\thunder\plugins\tingting\tingting.dll

+ 21040000[00020000] = bho_adv.dll
d:\软件程序\thunder network\thunder\plugins\bhoadv\bho_adv.dll

+ 51660000[0002C000] = PDM.DLL
c:\program files\common files\microsoft shared\vs7debug\pdm.dll

+ 51810000[00006000] = mdmui.dll
c:\program files\common files\microsoft shared\vs7debug\2052\mdmui.dll

+ 51580000[0002B000] = MSDBG2.DLL
c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll

+ 05DD0000[00019000] = RavScrCh.dll
c:\program files\rising\rav\ravscrch.dll

+ 21E90000[00014000] = VideoPicture.dll
d:\软件程序\thunder network\thunder\components\vpshell\videopicture.dll

+ 21FD0000[0001C000] = DataProcessor.dll
d:\软件程序\thunder network\thunder\components\resworker\dataprocessor.dll

+ 21D70000[00019000] = XLNet.Dll
d:\软件程序\thunder network\thunder\program\xlnet.dll

+ 22060000[0000E000] = MediaWorker.dll
d:\软件程序\thunder network\thunder\components\resworker\mediaworker.dll

- 000001a8(424) smss.exe(0)
- 000001e8(488) csrss.exe(0)
+ 00000200(512) winlogon.exe(2)
+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 0000022c(556) services.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00000238(568) lsass.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 000002dc(732) svchost.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00000320(800) svchost.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00000358(856) svchost.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00000394(916) svchost.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 000003ac(940) svchost.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 000004a8(1192) spoolsv.exe(3)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00AF0000[00008000] = mdimon.dll
c:\windows\system32\mdimon.dll

+ 00B00000[00008000] = mdippr.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

+ 00000530(1328) MDM.EXE(3)
+ 00400000[0004D000] = MDM.EXE
c:\program files\common files\microsoft shared\vs7debug\mdm.exe

+ 51810000[00006000] = mdmui.dll
c:\program files\common files\microsoft shared\vs7debug\2052\mdmui.dll

+ 51580000[0002B000] = MSDBG2.DLL
c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll

+ 00000550(1360) nvsvc32.exe(3)
+ 00400000[0002C000] = nvsvc32.exe
c:\windows\system32\nvsvc32.exe

+ 009F0000[00036000] = nvapi.dll
c:\windows\system32\nvapi.dll

+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 0000065c(1628) alg.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00000684(1668) runiep.exe(3)
+ 00400000[00013000] = runiep.exe
c:\program files\rising\antispyware\runiep.exe

+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 00C00000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 000006c8(1736) RavStub.exe(4)
+ 00400000[00018000] = RavStub.exe
c:\program files\rising\rav\ravstub.exe

+ 10000000[0001B000] = RsCommX.dll
c:\program files\rising\rav\rscommx.dll

+ 23700000[0001A000] = RSCOMMON.DLL
c:\program files\rising\rav\rscommon.dll

+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 0000073c(1852) IEXPLORE.EXE(16)
+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 00A70000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 00DC0000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 01000000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 01630000[00032000] = TDAtOnce_Now.dll
d:\软件程序\thunder network\thunder\comdlls\tdatonce_now.dll

+ 01670000[00016000] = DSIeHelper.dll
d:\软件程序\thunder network\thunder\components\resworker\dsiehelper.dll

+ 21FD0000[0001C000] = DataProcessor.dll
d:\软件程序\thunder network\thunder\components\resworker\dataprocessor.dll

+ 016C0000[00019000] = xunleiBHO_Now.dll
d:\软件程序\thunder network\thunder\comdlls\xunleibho_now.dll

+ 016F0000[0003D000] = zmwfma.dll
c:\windows\downloaded program files\zmwfma.dll

+ 02780000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 325C0000[00012000] = msohev.dll
d:\软件程序\microsoft office\office11\msohev.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 03660000[00019000] = RavScrCh.dll
c:\program files\rising\rav\ravscrch.dll

+ 30000000[002DE000] = flash.ocx
c:\windows\system32\macromed\flash\flash.ocx

+ 012A0000[0000B000] = MSOXMLMF.DLL
c:\program files\common files\microsoft shared\office11\msoxmlmf.dll

+ 00000784(1924) RfwMain.exe(12)
+ 00400000[00073000] = RfwMain.exe
c:\program files\rising\rfw\rfwmain.exe

+ 26600000[0007D000] = RsGuiLib.dll
c:\program files\rising\rfw\rsguilib.dll

+ 23700000[0001A000] = RSCOMMON.DLL
c:\program files\rising\rfw\rscommon.dll

+ 10000000[0000F000] = RfwCtrl.dll
c:\program files\rising\rfw\rfwctrl.dll

+ 23800000[0001A000] = RsXML.dll
c:\program files\rising\rfw\rsxml.dll

+ 23900000[00031000] = PngDll.dll
c:\program files\rising\rfw\pngdll.dll

+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 00F10000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 01130000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 01250000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 012A0000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 01300000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 000007c4(1988) cdnup.exe(7)
+ 00400000[00026000] = cdnup.exe
c:\program files\cnnic\cdn\cdnup.exe

+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 00B60000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 00BB0000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 00EE0000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 01290000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 000008c4(2244) svchost.exe(1)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 00000914(2324) Ras.exe(15)
+ 00400000[00160000] = Ras.exe
c:\program files\rising\antispyware\ras.exe

+ 10000000[00013000] = TopSoft.dll
c:\program files\rising\antispyware\topsoft.dll

+ 7C140000[00103000] = MFC71.DLL
c:\program files\rising\antispyware\mfc71.dll

+ 7C340000[00056000] = MSVCR71.dll
c:\program files\rising\antispyware\msvcr71.dll

+ 7C3A0000[0007B000] = MSVCP71.dll
c:\program files\rising\antispyware\msvcp71.dll

+ 5ADC0000[00037000] = uxtheme.dll
c:\windows\system32\uxtheme.dll

+ 00DE0000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 00F10000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 01030000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 01180000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 01360000[000BD000] = RasGui.dll
c:\program files\rising\antispyware\rasgui.dll

+ 01B60000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 51660000[0002C000] = PDM.DLL
c:\program files\common files\microsoft shared\vs7debug\pdm.dll

+ 51810000[00006000] = mdmui.dll
c:\program files\common files\microsoft shared\vs7debug\2052\mdmui.dll

+ 51580000[0002B000] = MSDBG2.DLL
c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll

+ 00000934(2356) conime.exe(6)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 00A50000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 00CA0000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 00DE0000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 00E80000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 00000ea0(3744) explorer.exe(19)
+ 5ADC0000[00037000] = UxTheme.dll
c:\windows\system32\uxtheme.dll

+ 10000000[0001B000] = cdnspie.dll
c:\program files\cnnic\cdn\cdnspie.dll

+ 00BB0000[0000C000] = imaoe.dll
c:\program files\cnnic\cdn\imaoe.dll

+ 00CD0000[0003C000] = cdnforie.dll
c:\program files\cnnic\cdn\cdnforie.dll

+ 00E20000[00012000] = cdndet.dll
c:\program files\cnnic\cdn\cdndet.dll

+ 018A0000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 02200000[00036000] = nvapi.dll
c:\windows\system32\nvapi.dll

+ 21FD0000[0001C000] = DataProcessor.dll
d:\软件程序\thunder network\thunder\components\resworker\dataprocessor.dll

+ 01980000[0001B000] = RavExt.dll
c:\windows\system32\ravext.dll

+ 23700000[0001A000] = RSCOMMON.DLL
c:\program files\rising\rav\rscommon.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 03430000[0054F000] = UNISPIM6.IME
c:\windows\system32\unispim6.ime

+ 019B0000[00011000] = shlhook.dll
c:\windows\system32\shlhook.dll

+ 01940000[00019000] = xunleiBHO_Now.dll
d:\软件程序\thunder network\thunder\comdlls\xunleibho_now.dll

+ 325C0000[00012000] = msohev.dll
d:\软件程序\microsoft office\office11\msohev.dll

+ 04A80000[0076D000] = nvcpl.dll
c:\windows\system32\nvcpl.dll

+ 01C70000[00036000] = NVRSZHC.DLL
c:\windows\system32\nvrszhc.dll

+ 01CB0000[00073000] = nvshell.dll
c:\windows\system32\nvshell.dll

+ 01D60000[0002C000] = rarext.dll
c:\program files\winrar\rarext.dll

相关文件信息列表(点击文件名Google一下)


注释: [A]表示该文件存在自启动关联;[M]表示该文件在内存中;


35. [A ] c:\program files\common files\microsoft shared\web components\11\owc11.dll
76. [ M] d:\软件程序\thunder network\thunder\components\p4pclient\p4pclient.dll
28. [AM] d:\软件程序\thunder network\thunder\components\resworker\dsiehelper.dll
23. [A ] c:\windows\system32\drivers\rsntgdi.sys
40. [A ] c:\program files\common files\microsoft shared\web folders\msonsext.dll
72. [ M] d:\软件程序\thunder network\thunder\components\inmedia\iembedshell.dll
106. [ M] c:\program files\rising\antispyware\ras.exe
42. [AM] c:\windows\system32\ravext.dll
26. [A ] c:\windows\system32\drivers\tcpip.sys
59. [ M] c:\program files\rising\antispyware\ieprot.dll
111. [ M] c:\program files\rising\antispyware\rasgui.dll
97. [ M] c:\windows\system32\nvapi.dll
44. [A ] c:\windows\system32\nwiz.exe
34. [A ] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
77. [ M] d:\软件程序\thunder network\thunder\components\diagnosehelper\diagnosehelper.dll
33. [AM] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
3. [A ] c:\program files\common files\microsoft shared\source engine\ose.exe
45. [A ] c:\windows\skytel.exe
109. [ M] c:\program files\rising\antispyware\msvcr71.dll
60. [ M] d:\软件程序\thunder network\thunder\program\thunder5.exe
6. [A ] c:\program files\rising\rav\ccenter.exe
9. [A ] c:\windows\system32\drivers\basetdi.sys
57. [AM] c:\windows\system32\mdimon.dll
82. [ M] d:\软件程序\thunder network\thunder\components\userexperience\userexperience.dll
41. [AM] c:\program files\winrar\rarext.dll
30. [AM] c:\windows\downloaded program files\zmwfma.dll
39. [AM] d:\软件程序\microsoft office\office11\msohev.dll
73. [ M] d:\软件程序\thunder network\thunder\components\community\xlcommunity.dll
92. [ M] d:\软件程序\thunder network\thunder\components\vpshell\videopicture.dll
71. [ M] c:\windows\system32\macromed\flash\flash.ocx
90. [ M] c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll
74. [ M] d:\软件程序\thunder network\thunder\program\liveupdate.dll
25. [A ] c:\windows\system32\drivers\secdrv.sys
37. [AM] c:\windows\system32\nvcpl.dll
98. [ M] c:\program files\rising\rav\ravstub.exe
51. [A ] c:\windows\rthdcpl.exe
38. [AM] c:\windows\system32\nvshell.dll
27. [AM] d:\软件程序\thunder network\thunder\comdlls\tdatonce_now.dll
101. [ M] c:\program files\rising\rfw\rsguilib.dll
102. [ M] c:\program files\rising\rfw\rscommon.dll
94. [ M] d:\软件程序\thunder network\thunder\program\xlnet.dll
91. [ M] c:\program files\rising\rav\ravscrch.dll
100. [ M] c:\program files\rising\rav\rscommon.dll
104. [ M] c:\program files\rising\rfw\rsxml.dll
96. [ M] c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
85. [ M] d:\软件程序\thunder network\thunder\program\registerdll.dll
12. [A ] c:\windows\system32\drivers\hdaudbus.sys
18. [A ] c:\program files\rising\rav\memscan.sys
70. [ M] d:\软件程序\thunder network\thunder\components\downandplay\downandplay.dll
58. [ M] c:\windows\system32\uxtheme.dll
19. [A ] c:\program files\rising\rfw\mprocrs.sys
29. [AM] d:\软件程序\thunder network\thunder\comdlls\xunleibho_now.dll
79. [ M] d:\软件程序\thunder network\thunder\components\explorerhelper\explorerhelper.dll
54. [A ] c:\windows\alcmtr.exe
11. [A ] c:\program files\rising\rav\expscan.sys
50. [AM] c:\program files\rising\antispyware\runiep.exe
81. [ M] d:\软件程序\thunder network\thunder\components\vpshell\vpshell.dll
2. [AM] c:\windows\system32\nvsvc32.exe
4. [A ] c:\program files\rising\rfw\rfwproxy.exe
64. [ M] d:\软件程序\thunder network\thunder\program\taskmanager.dll
21. [A ] c:\windows\system32\drivers\rsboot.sys
66. [ M] d:\软件程序\thunder network\thunder\program\stlport_vc646.dll
108. [ M] c:\program files\rising\antispyware\mfc71.dll
107. [ M] c:\program files\rising\antispyware\topsoft.dll
24. [A ] c:\program files\rising\rav\rsppsys.sys
103. [ M] c:\program files\rising\rfw\rfwctrl.dll
61. [ M] c:\program files\cnnic\cdn\cdnspie.dll
20. [A ] c:\windows\system32\drivers\asacpi.sys
13. [A ] c:\program files\rising\rav\hookcont.sys
78. [ M] c:\windows\system32\msacm32.drv
5. [A ] c:\program files\rising\rfw\rfwsrv.exe
68. [ M] d:\软件程序\thunder network\thunder\program\itargetad.dll
69. [ M] d:\软件程序\thunder network\thunder\program\bhostub.dll
7. [A ] c:\program files\rising\rav\ravmond.exe
63. [ M] c:\program files\cnnic\cdn\cdndet.dll
1. [AM] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
84. [ M] d:\软件程序\thunder network\thunder\components\inmedia\iembed09.dll
110. [ M] c:\program files\rising\antispyware\msvcp71.dll
15. [A ] c:\program files\rising\rav\hooksys.sys
87. [ M] d:\软件程序\thunder network\thunder\plugins\bhoadv\bho_adv.dll
48. [A ] c:\program files\rising\rav\ravtask.exe
65. [ M] d:\软件程序\thunder network\thunder\program\download_interface.dll
8. [A ] c:\windows\system32\drivers\atl02_xp.sys
75. [ M] d:\软件程序\thunder network\thunder\components\search\xlsearch.dll
53. [A ] c:\windows\alcwzrd.exe
105. [ M] c:\program files\rising\rfw\pngdll.dll
89. [ M] c:\program files\common files\microsoft shared\vs7debug\2052\mdmui.dll
67. [ M] d:\软件程序\thunder network\thunder\program\asyn_dns.dll
17. [A ] c:\windows\system32\drivers\rtkhdaud.sys
99. [ M] c:\program files\rising\rav\rscommx.dll
86. [ M] d:\软件程序\thunder network\thunder\plugins\tingting\tingting.dll
55. [A ] c:\windows\system32\bsmain.exe
80. [ M] d:\软件程序\thunder network\thunder\components\tips\tipsclient.dll
36. [A ] c:\windows\system32\hticons.dll
31. [AM] c:\program files\cnnic\cdn\cdnforie.dll
62. [ M] c:\program files\cnnic\cdn\imaoe.dll
46. [A ] c:\program files\common files\microsoft shared\ime\imsc40a\imscmig.exe
56. [A ] d:\软件程序\microsoft office\office11\msohtmed.exe
112. [ M] c:\windows\system32\unispim6.ime
32. [A ] d:\软件程序\thunder network\thunder\thunder.exe
22. [A ] c:\program files\rising\rfw\rsfwdrv.sys
95. [ M] d:\软件程序\thunder network\thunder\components\resworker\mediaworker.dll
10. [A ] c:\windows\system32\drivers\cdnprot.sys
52. [A ] c:\windows\soundman.exe
83. [ M] d:\软件程序\thunder network\thunder\components\resworker\dsxlcom.dll
14. [A ] c:\program files\rising\rav\hookreg.sys
49. [AM] c:\program files\rising\rfw\rfwmain.exe
43. [AM] c:\windows\system32\shlhook.dll
113. [ M] c:\windows\system32\nvrszhc.dll
93. [ M] d:\软件程序\thunder network\thunder\components\resworker\dataprocessor.dll
88. [ M] c:\program files\common files\microsoft shared\vs7debug\pdm.dll
47. [AM] c:\program files\cnnic\cdn\cdnup.exe
16. [A ] c:\program files\rising\rfw\hookurl.sys

不好意思哈 刷了好长！！
怕有的朋友不方便下载，我就全复制出来了！