贴上扫描结果；请大虾帮忙分析一下，谢谢！


2006-08-31,21:06:53

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <ScanRegistry><C:\Program Files\Common Files\update\update.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <vptray><D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <Acrobat Assistant 7.0><; "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <9><C:\WINNT\system32\Ravdm.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll>  []

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk><H>
[凯屋爱眼卫士]
  <C:\Documents and Settings\Caigangshan\「开始」菜单\程序\启动\凯屋爱眼卫士.lnk><H>

==================================
服务
[BEA Products NodeManager (G_bea_weblogic90) / BEA Products NodeManager (G_bea_weblogic90)]
  <G:\bea\WEBLOG~1\server\bin\beasvc.exe><BEA Systems, Inc.>
[DefWatch / DefWatch]
  <D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[MySQL / MySQL]
  <"G:\MySQL Server\bin\mysqld-nt" --defaults-file="G:\MySQL Server\my.ini" MySQL><N/A>
[New work / New Coections]
  <><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[system files services / system files services]
  <><N/A>
[VMware Authorization Service / VMAuthdService]
  <D:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
  <C:\WINNT\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware NAT Service / VMware NAT Service]
  <C:\WINNT\system32\vmnat.exe><VMware, Inc.>
[Windows Createddos / Windows Processdos]
  <><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IExpress]
  {27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINNT\system32\iexpress.dll, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[AdSwpr]
  {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <D:\PROGRA~1\IER\Adfiltr.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[易趣购物]
  {DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[百万图库]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/star, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[&IE修复专家工具栏]
  {123249EB-F891-44C4-946F-450064F9080E} <D:\PROGRA~1\IER\IERBar.dll, N/A>
[SSReaderPlug Control]
  {3359C0B1-2363-40B3-AFCA-1ABC799AC486} <C:\WINNT\system32\SSREAD~1.OCX, CX>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
  <D:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <D:\Program Files\SSREADER36\ss_select.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 184][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 204][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
    [C:\WINNT\system32\NavLogon.dll]  <N/A><N/A>
[PID: 232][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 244][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 424][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 448][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\WINNT\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><7.0.0.00>
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  <N/A><N/A>
[PID: 480][D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 500][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 628][G:\MySQL Server\bin\mysqld-nt.exe]  <N/A><N/A>
[PID: 664][D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINNT\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060830.022\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060830.022\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.26>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  <Symantec Corporation><8.1.0.821>
[PID: 736][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 744][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><8.1.0.821>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  <Adobe Systems Inc.><7.0.0.2004121400\0>
    [C:\WINNT\system32\iexpress.dll]  <N/A><1.1.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  <Adobe Systems Inc.><7.0.0.2004121400\0>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 768][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 840][D:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 860][C:\WINNT\system32\vmnat.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 880][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 904][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 928][C:\WINNT\system32\vmnetdhcp.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 948][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1048][D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 1068][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 1540][C:\WINNT\regedit.exe]  <Microsoft Corporation><5.00.2195.6707>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 1688][D:\Software\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 1240][D:\Program Files\FlashFXP\FlashFXP.exe]  <IniCom Networks, Inc.><3.3.5.1110>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>
[PID: 1568][D:\Software\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\DONGDONG\DONGDONG.DLL]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

另外再请教
[PID: 1568][D:\Software\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\DONGDONG\DONGDONG.DLL] <N/A><N/A>
是不是sreng.exe调用了dongdong.dll？是否意味着sreng.exe被感染了？

C:\WINNT\system32\Ravdm.exe
这一项，看以下的帖子
http://forum.ikaka.com/topic.asp?board=28&artid=8156736

关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项
C:\WINNT\system32\iexpress.dll
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows Createddos，选择“删除服务”点“设置”选择“否”

请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，删除
C:\DONGDONG\DONGDONG.DLL
（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
你先试试这样，完后你重启，再扫个日志粘上来。

谢谢我无邪大虾！动作好快啊！

dongdong.dll没用killbox删，因为发帖前已经删了。不知会有什么影响？

好像还是没删干净，打开网页，还是会连到一个网站。

帖上扫描结果：
2006-08-31,22:38:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <vptray><D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <Acrobat Assistant 7.0><; "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll>  []

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk><H>
[凯屋爱眼卫士]
  <C:\Documents and Settings\Caigangshan\「开始」菜单\程序\启动\凯屋爱眼卫士.lnk><H>

==================================
服务
[BEA Products NodeManager (G_bea_weblogic90) / BEA Products NodeManager (G_bea_weblogic90)]
  <G:\bea\WEBLOG~1\server\bin\beasvc.exe><BEA Systems, Inc.>
[DefWatch / DefWatch]
  <D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[MySQL / MySQL]
  <"G:\MySQL Server\bin\mysqld-nt" --defaults-file="G:\MySQL Server\my.ini" MySQL><N/A>
[New work / New Coections]
  <><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[system files services / system files services]
  <><N/A>
[VMware Authorization Service / VMAuthdService]
  <D:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
  <C:\WINNT\system32\vmnetdhcp.exe><VMware, Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[AdSwpr]
  {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <D:\PROGRA~1\IER\Adfiltr.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[百万图库]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/star, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[&IE修复专家工具栏]
  {123249EB-F891-44C4-946F-450064F9080E} <D:\PROGRA~1\IER\IERBar.dll, N/A>
[SSReaderPlug Control]
  {3359C0B1-2363-40B3-AFCA-1ABC799AC486} <C:\WINNT\system32\SSREAD~1.OCX, CX>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
  <D:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <D:\Program Files\SSREADER36\ss_select.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 184][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 204][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
    [C:\WINNT\system32\NavLogon.dll]  <N/A><N/A>
[PID: 232][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 244][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 424][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 448][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\WINNT\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><7.0.0.00>
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  <N/A><N/A>
[PID: 480][D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 500][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 628][G:\MySQL Server\bin\mysqld-nt.exe]  <N/A><N/A>
[PID: 660][D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINNT\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060830.022\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060830.022\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.26>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
[PID: 736][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><8.1.0.821>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  <Adobe Systems Inc.><7.0.0.2004121400\0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  <Adobe Systems Inc.><7.0.0.2004121400\0>
[PID: 744][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 776][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 856][D:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 872][C:\WINNT\system32\vmnat.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 784][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 896][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 920][C:\WINNT\system32\vmnetdhcp.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 944][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1052][D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
[PID: 1060][C:\WINNT\system32\RunDll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system\cmicnfg.cpl]  <C-Media Corporation><1, 0, 0, 17>
[PID: 1068][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1020][D:\Program Files\UltraEdit\uedit32.exe]  <IDM Computer Solutions, Inc.><11.20+2>
    [D:\Program Files\UltraEdit\tidylib.dll]  <N/A><N/A>
    [D:\Program Files\UltraEdit\SftpDLL.dll]  <WeOnlyDo! COM><2, 2, 2, 17>
    [D:\Program Files\UltraEdit\ueres.dll]  <IDM Computer Solutions, Inc.><11.20+2>
[PID: 1444][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  <Adobe Systems Incorporated><7.0.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  <Adobe Systems Incorporated><7.0.0.0>
[PID: 652][D:\Software\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
[PID: 768][D:\Program Files\Tencent\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [D:\Program Files\Tencent\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [D:\Program Files\Tencent\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [D:\Program Files\Tencent\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [D:\Program Files\Tencent\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQMainFrame.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\CQQApplication.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\GroupLive.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQPlugin.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QRingMng.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQAllInOne.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\SCCore.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQCustomFace.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQAvatar.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [D:\Program Files\Tencent\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [D:\Program Files\Tencent\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [D:\Program Files\Tencent\QQ\QQSceneMng.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
    [D:\Program Files\Tencent\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [D:\Program Files\Tencent\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 6, 60>
    [D:\Program Files\Tencent\QQ\ShareFiles.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQZip.dll]  <tencent><0, 3, 2, 4>
    [C:\WINNT\system32\UNISPIM5.IME]  <北京紫光华宇软件股份有限公司><5.0.0.5076>
[PID: 540][D:\Program Files\Tencent\qq\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1504][C:\WINNT\system32\taskmgr.exe]  <Microsoft Corporation><5.00.2195.6620>
[PID: 1524][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  <Adobe Systems Incorporated><7.0.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  <Adobe Systems Incorporated><7.0.0.0>
    [C:\WINNT\system32\UNISPIM5.IME]  <北京紫光华宇软件股份有限公司><5.0.0.5076>
[PID: 1496][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  <Adobe Systems Incorporated><7.0.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  <Adobe Systems Incorporated><7.0.0.0>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

麻烦我无邪大虾和其他大虾们再分析下。谢谢！

你还有异常吗？

是另一个人的电脑，已关机了。他说还是会连到一个网站上去。要不明天再检查看一下，有问题再请教。
谢谢 我无邪大虾！