电脑打开网页后，网页会自动的跳出来，而且是很多很多，关也关不完，不知道是中了什么病毒。

请下载论坛总置顶帖子中的SREng或HijackThis.exe，扫描并保存报告帖上来。
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 21:56:08, on 2006-4-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Risin*g\Rav\RavStub.exe
C:\WINDOWS.0\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS.0\System32\nvsvc32.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~2\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~2\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS.0\System32\ctfmon.exe
C:\Program Files\广州城市热点资讯有限公司\Dr.COM 客户端软件\ishare_user.exe
C:\Documents and Settings\quamtunlo.BILLGATES\桌面\HijackThis.exe
C:\WINDOWS.0\System32\wuauclt.exe
C:\WINDOWS.0\System32\wuauclt.exe

R3 - URLSearchHook:
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS.0\System32\wmpdrm.dll
O2 - BHO:
O2 - BHO: (no name) - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - (no file)
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS.0\Downloaded Program Files\barhelp24.0.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~2\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ins3DT] G:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MS-4011 Memory Patch] E:\
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [bdupdate] C:\WINDOWS.0\System32\pqtt02.exe
O4 - HKLM\..\Run: [KUCO] D:\
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS.0\System32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~2\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~2\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: gsview32.ini
O4 - Startup: Maple9.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3168A833-078C-4914-83EA-FF1232787D2E}: NameServer = 202.96.104.17,210.33.16.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3168A833-078C-4914-83EA-FF1232787D2E}: NameServer = 202.96.104.17,210.33.16.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{3168A833-078C-4914-83EA-FF1232787D2E}: NameServer = 202.96.104.17,210.33.16.2
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 21:56:08, on 2006-4-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Risin*g\Rav\RavStub.exe
C:\WINDOWS.0\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS.0\System32\nvsvc32.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~2\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~2\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS.0\System32\ctfmon.exe
C:\Program Files\广州城市热点资讯有限公司\Dr.COM 客户端软件\ishare_user.exe
C:\Documents and Settings\quamtunlo.BILLGATES\桌面\HijackThis.exe
C:\WINDOWS.0\System32\wuauclt.exe
C:\WINDOWS.0\System32\wuauclt.exe

R3 - URLSearchHook:
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS.0\System32\wmpdrm.dll
O2 - BHO:
O2 - BHO: (no name) - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - (no file)
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS.0\Downloaded Program Files\barhelp24.0.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~2\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ins3DT] G:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MS-4011 Memory Patch] E:\
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [bdupdate] C:\WINDOWS.0\System32\pqtt02.exe
O4 - HKLM\..\Run: [KUCO] D:\
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS.0\System32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~2\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~2\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: gsview32.ini
O4 - Startup: Maple9.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3168A833-078C-4914-83EA-FF1232787D2E}: NameServer = 202.96.104.17,210.33.16.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3168A833-078C-4914-83EA-FF1232787D2E}: NameServer = 202.96.104.17,210.33.16.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{3168A833-078C-4914-83EA-FF1232787D2E}: NameServer = 202.96.104.17,210.33.16.2
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll

HijackThis.exe的版本太低，你应该下载1.99版的。

O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS.0\System32\wmpdrm.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS.0\Downloaded Program Files\barhelp24.0.dll
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS.0\System32\spoolsv\spoolsv.exe -printer
以上几项要修复
这项O4 - HKLM\..\Run: [bdupdate] C:\WINDOWS.0\System32\pqtt02.exe很可疑，如果你也不知道，建议修复。
以下乱七八糟的东东，不是你刻意弄的吧，觉得要修复。


O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: gsview32.ini
O4 - Startup: Maple9.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG


关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked
双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--

清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
然后找到如下文件并删除（如果有的话）C:\WINDOWS.0\System32\wmpdrm.dll
C:\WINDOWS.0\Downloaded Program Files\barhelp24.0.dll
C:\WINDOWS.0\System32\spoolsv\spoolsv.exe

O4 - HKLM\..\Run: [bdupdate] C:\WINDOWS.0\System32\pqtt02.exe（建议在修复前用RAR打包上报给瑞星或twtxk@126.com）
最后建议尽快上传报告上来。

谢谢，自己先搞一下，如果还不行，就把报告上传。

【回复“龙十一”的帖子】
最好还是上传新版的报告。曾经见过老版报告出现那些比较怪异的04项，但再用新版的扫了一下就没有了。