上网时中招，电脑现在状况如下：
1、如图，桌面项目属性被改；
2、打开IE，直接跳到该网页：http://www.d766.com/veer.php?entry=993&mac=0000215C0B22，用卡卡也改不回来。

求教怎么能改回来呀？

顶一顶 我也中了这网页，一打开遨游浏览器，就指向这个网址，但实际打开http://www.hrm.cn/index_hrmActivity.aspx这个网页，用SREng扫描，好像没看到什么，请高手指点,谢谢！

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <vptray><D:\NORTON~1.6CH\vptray.exe>  [Symantec Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <Zone Labs Client><"D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe">  [(Verified)Zone Labs, LLC]
    <SpIDerMail><"D:\Program Files\Dr.web\spiderml.exe">  [Doctor Web, Ltd.]
    <SpIDerNT><D:\PROGRA~1\Dr.web\spidernt.exe /agent>  [Doctor Web, Ltd.]
    <!AVG Anti-Spyware><"D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
    <WinlogonNotify: WRNotifier><WRLogonNTF.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <D:\Program Files\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Com+NeTwrod / Com+NeTwrod]
  <><N/A>
[Creative Service for CDROM Access / Creative Service for CDROM Access]
  <C:\WINDOWS\System32\CTsvcCDA.EXE><Creative Technology Ltd>
[DefWatch / DefWatch]
  <D:\Norton AntiVirus 7.6chs\defwatch.exe><Symantec Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Machine Debug Manager / MDM]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Norton AntiVirus 客户端 / Norton AntiVirus Server]
  <D:\Norton AntiVirus 7.6chs\rtvscan.exe><Symantec Corporation>
[SpIDer Guard for Windows NT / spidernt]
  <D:\PROGRA~1\Dr.web\SpiderNT.exe><Doctor Web, Ltd.>
[TrueVector Internet Monitor / vsmon]
  <C:\WINDOWS\system32\ZONELABS\vsmon.exe -service><Zone Labs, LLC>
[winserver / winserver]
  <><N/A>
[WMDM PMSP Service / WMDM PMSP Service]
  <C:\WINDOWS\System32\MsPMSPSv.exe><Microsoft Corporation>

驱动程序
[ati2mpaa / ati2mpaa]
  <System32\DRIVERS\ati2mpaa.sys><ATI Technologies Inc.>
[ATM ARP Client Protocol / Atmarpc]
  <System32\DRIVERS\atmarpc.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\D:\Program Files\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><N/A>
[Creative AC3 Software Decoder / ctac32k]
  <System32\drivers\ctac32k.sys><Creative Technology Ltd>
[Creative Audio Driver (WDM) / ctaud2k]
  <system32\drivers\ctaud2k.sys><Creative Technology Ltd>
[Creative SBLive! Gameport / ctljystk]
  <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Creative Proxy Driver / ctprxy2k]
  <System32\drivers\ctprxy2k.sys><Creative Technology Ltd>
[Creative SoundFont Management Device Driver / ctsfm2k]
  <System32\drivers\ctsfm2k.sys><Creative Technology Ltd>
[SpIDer Guard boot hook driver for Windows NT / drwebnet]
  <\SystemRoot\system32\drivers\drwebnet.sys><Doctor Web, Ltd.>
[Intel(R) PRO Adapter Driver / E100B]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Creative SB Live! series(WDM) / emu10k]
  <system32\drivers\emu10k1f.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1]
  <system32\drivers\ctlface.sys><Creative Technology Ltd.>
[E-mu Plug-in Architecture Driver / emupia]
  <System32\drivers\emupia2k.sys><Creative Technology Ltd>
[GMSIPCI / GMSIPCI]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[Creative Hardware Abstract Layer Driver / ha10kx2k]
  <system32\drivers\ha10kx2k.sys><Creative Technology Ltd>
[Network Fire Hydrant / HdFw_slot]
  <System32\DRIVERS\Hdfw.sys><N/A>
[NAVAP / NAVAP]
  <\??\D:\Norton AntiVirus 7.6chs\NAVAP.sys><N/A>
[NAVAPEL / NAVAPEL]
  <\??\D:\NORTON~1.6CH\NAVAPEL.SYS><N/A>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVEX15.sys><Symantec Corporation>
[Netgroup Packet Filter / NPF]
  <system32\drivers\npf.sys><Politecnico di Torino>
[Creative OS Services Driver / ossrv]
  <system32\drivers\ctoss2k.sys><Creative Technology Ltd.>
[PfModNT / PfModNT]
  <\??\C:\WINDOWS\System32\PfModNT.sys><Creative Technology Ltd.>
[Star Force copy protection driver v4 / prodrv04]
  <\SystemRoot\System32\drivers\prodrv04.sys><Protection Technology Co.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl]
  <System32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[Kingsun SF-620 USB Infrared Adapter / SF-620]
  <System32\DRIVERS\SF-620.sys><Kingsun Corporation>
[Creative SoundFont Manager Driver (WDM) / sfman]
  <system32\drivers\sfman.sys><Creative Technology Ltd.>
[SpIDer FS Monitor for Windows NT / SPIDER]
  <\??\D:\PROGRA~1\Dr.web\spider.sys><Doctor Web, Ltd.>
[srescan / srescan]
  <\SystemRoot\System32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[STIrUsb.sys USB-IrDA Adapter / STIrUsb]
  <System32\DRIVERS\irstusb.sys><SigmaTel, Inc.>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[VNN VNC Virtual Network Adapter / vnndev]
  <System32\DRIVERS\vnnvnic.sys><VNN B.J.>
[vsdatant / vsdatant]
  <System32\vsdatant.sys><Zone Labs, LLC>

浏览器加载项
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <, N/A>
[SSReaderPlug Control]
  {3359C0B1-2363-40B3-AFCA-1ABC799AC486} <C:\WINDOWS\SYSTEM\SSREAD~1.OCX, CX>
[趋势科技在线扫毒程序]
  {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[PPlayerX Control]
  {A2C271DF-91C3-11D5-9FA6-860301900128} <C:\WINDOWS\Downloaded Program Files\pplayer.ocx, Paragon Micro International>
[clienttime.client]
  {C5D0DFF5-6D39-4F98-88CD-12E8430A6300} <C:\WINDOWS\Downloaded Program Files\client.ocx, NTSC>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
  <D:\Program Files\ftp\flashget\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\ftp\flashget\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 604][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 664][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 688][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\NavLogon.dll]  [N/A, N/A]
[PID: 732][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 1172][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 1412][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 1424][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1728][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1980][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [D:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
    [D:\Program Files\winrar\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 7.60.00.926]
    [D:\Program Files\Dr.web\drwsxtn.dll]  [Doctor Web, Ltd., 4.33.0.200507180]
    [C:\Documents and Settings\Default User.WINDOWS\ddcrypt\ddcrypt.dll]  [, 2, 0, 0, 0]
    [D:\Program Files\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
[PID: 796][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 1092][C:\WINDOWS\System32\CTsvcCDA.EXE]  [Creative Technology Ltd, 1.0.1.0]
[PID: 1112][D:\Norton AntiVirus 7.6chs\defwatch.exe]  [Symantec Corporation, 7.60.00.926]
[PID: 1128][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9064.9150]
[PID: 1152][D:\Norton AntiVirus 7.6chs\rtvscan.exe]  [Symantec Corporation, 7.60.00.926]
    [D:\Norton AntiVirus 7.6chs\Dec2.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2ARJ.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2ID.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2LHA.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\SymLHA.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2LZ.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2MIME.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2Zip.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2AMG.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\SYMAMG32.DLL]  [Symantec Corporation with portions by FUJITSU DEVICES INC., 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2UUE.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2SS.dll]  [Symantec Corporation, 2.50.31.52]
    [D:\Norton AntiVirus 7.6chs\Dec2RTF.dll]  [Symantec Corporation, 2.50.31.52]
    [C:\WINDOWS\system32\CBA.DLL]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel Corporation, 6.0.201.0940 E]
    [D:\Norton AntiVirus 7.6chs\NAVLU.dll]  [Symantec Corporation, 7.60.00.926]
    [D:\Norton AntiVirus 7.6chs\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [D:\Norton AntiVirus 7.6chs\i2ldvp3.dll]  [Symantec Corporation, 7.60.00.926]
    [D:\Norton AntiVirus 7.6chs\NAVAPI32.DLL]  [Symantec Corp., 4.1.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVENG32.DLL]  [Symantec Corporation, 20071.1.0.15]
    [D:\NORTON~1.6CH\NAVAP32.DLL]  [Symantec Corporation, 5.3.1.39]
    [C:\WINDOWS\System32\amslib.dll]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\System32\loc32vc0.dll]  [Intel, 3, 0, 0, 2]
    [D:\Norton AntiVirus 7.6chs\NotesExt.dll]  [Symantec Corporation, 7.60.00.926]
    [D:\Norton AntiVirus 7.6chs\vpmsece.dll]  [Symantec Corporation, 7.60.00.926]
[PID: 1372][D:\NORTON~1.6CH\vptray.exe]  [Symantec Corporation, 7.60.00.926]
    [D:\Norton AntiVirus 7.6chs\Cliscan.dll]  [Symantec Corporation, 7.60.00.926]
    [D:\NORTON~1.6CH\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
[PID: 1404][C:\WINDOWS\System32\devldr32.exe]  [Creative Technology Ltd., 1, 0, 0, 22]
    [C:\WINDOWS\System32\DEVCON32.DLL]  [Creative Technology Ltd., 4.06.659]
    [C:\WINDOWS\System32\SFMAN32.DLL]  [Creative Technology Ltd., 4.06.3301]
[PID: 1508][D:\PROGRA~1\Dr.web\SpiderNT.exe]  [Doctor Web, Ltd., 4.33.2.04281]
[PID: 1700][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1768][D:\Program Files\Dr.web\spiderml.exe]  [Doctor Web, Ltd., 4.33.2.08290]
    [D:\Program Files\Dr.web\drwspcnt.dll]  [Doctor Web, Ltd., 4.33.2.11181]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 800][D:\PROGRA~1\Dr.web\spidernt.exe]  [Doctor Web, Ltd., 4.33.2.04281]
[PID: 1900][D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [D:\Program Files\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 1928][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 384][C:\WINDOWS\System32\MsPMSPSv.exe]  [Microsoft Corporation, 7.00.00.1954]
[PID: 212][C:\WINDOWS\System32\MsgSys.EXE]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\System32\NTS.dll]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\System32\CBA.DLL]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\System32\MsgSys.dll]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\System32\PDS.DLL]  [Intel Corporation, 6.0.201.0940 E]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]
[PID: 2352][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4056][D:\Program Files\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.2.11110]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
DrwebSP.MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrwebSP.MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrwebSP.RSVP TCP Service Provider
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrwebSP.RSVP UDP Service Provider
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

谢谢！

我也中这个招了,要怎么办哦?高手们教下哦,
万分感谢~

帮顶,经历类似!

用SREng扫描后:
[CODE]

2007-02-01,23:06:00

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ScheduleTV><C:\Program Files\Gadmei\TVR PLUS\ScheduleTV.exe>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Gadmei TV Capture / GMTW6800][Running/Manual Start]
  <system32\DRIVERS\Gm68Cap.sys><Techwell Inc>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kasbna / kasbna][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kasbna.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\I:\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[上网助手]
  {1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, N/A>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[上网助手]
  {1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上网助手]
  {1B0E7716-898E-48CC-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <D:\PROGRA~1\PPMate\PPMate\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <D:\PROGRA~1\KUGOO3\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>