[PID: 344][G:\☆系统工具及应用软件\QQPetNurse\QQPetNurse.exe]  [永恒E网, 2.2.0.1]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1844][D:\工具\TENCENT\qqpet\qqpet.exe]  [腾讯公司, 2, 54, 101, 7]
    [D:\工具\TENCENT\qqpet\Pnet.dll]  [N/A, ]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\TENCENT\qqpet\QQPetResDownload.dll]  [, 6, 1, 101, 1]
    [D:\工具\TENCENT\qqpet\QQPetCommunity.dll]  [, 6, 3, 103, 1]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2472][D:\工具\GoSuRF2\gsfbwsr.exe]  [mmjd.com, 2.75.611.7563]
    [D:\工具\GoSuRF2\Resources\Themes\pictures.theme]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\JJBX.IME]  [加加工作组, 4, 1, 0, 47]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Thunder\xunleibho_v13.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 48]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3868][D:\工具\PPLive\PPLive.exe]  [N/A, ]
    [D:\工具\PPLive\UI.DLL]  [, 1, 6, 0, 1]
    [D:\工具\PPLive\common.dll]  [, 1, 0, 0, 1]
    [D:\工具\PPLive\NetTools.dll]  [, 1.0.0.2]
    [D:\工具\PPLive\SYNACA~1.OCX]  [, 1, 6, 18, 0]
    [D:\工具\PPLive\ETS.DLL]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [D:\工具\PPLive\SYNACA~2.OCX]  [Synacast, 1, 6, 0, 7]
    [D:\工具\PPLive\PPK.DLL]  [N/A, ]
    [D:\工具\PPLive\FWUpnp.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 2536][D:\工具\PPLive\PPLive.exe]  [N/A, ]
    [D:\工具\PPLive\MngModule.dll]  [, 1, 0, 0, 2]
[PID: 3736][C:\Program Files\Thunder\Thunder.exe]  [Thunder Networking Technologies,LTD, 5.1.2.166]
    [C:\Program Files\Thunder\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 57]
    [C:\Program Files\Thunder\log4cplus.dll]  [, 1, 0, 2, 1]
    [C:\Program Files\Thunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\Thunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [C:\Program Files\Thunder\iEmbed.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 14]
    [C:\Program Files\Thunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 6]
    [C:\Program Files\Thunder\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 4004][G:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\TEMP\LgSy1.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Rav20.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
[PID: 1716][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll]  [BitComet, 20070207]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [D:\工具\Office2003\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2068][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 412][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll]  [BitComet, 20070207]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [D:\工具\Office2003\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [Compiled Help Module]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP UDP Service Provider
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP TCP Service Provider
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)

==================================
Autorun.inf
[D:\]
[autorun]
icon=Woa05.ico
[E:\]
[autorun]
ICON=game.ICO
[F:\]
[autorun]
ICON=FauxS-55.ico
[G:\]
[autorun]
ICON=Control_panel.ico

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

好长的日志啊...论坛里有教怎么看日志的帖子吗？在哪个版块？我自己也学着看看

顶一下.........

Trojan.PSW.CabalOnLine.r和Trojan.PSW.WoWar.ade和Trojan.PSW.OnlineGames.w紧急求助！！！！！这是病毒名称　频频发作。．我用的是个人版的瑞星．扫了一边，但不行还是老发作．．求助解决办法

和我中的是同个类型的病毒啦，先控制住它吧，等瑞星升级

都死定了。等吧。

手动修复那些.exe文件我还不会啊，它们都被感染了，很无奈....
不过至少还能干点基本的事，看看PPlive咯。

手动修复那些.exe文件我还不会啊，它们都被感染了，很无奈....
不过至少还能干点基本的事，看看PPlive咯。

天月
你怎么不跟别人分析一下啊
呵呵
我也好学习学习哇

我也是中了这个害人的东西