看了版主baohe的贴
才知道电脑是中了病毒
进程里有DRIVER.EXE跟WUAUCLL.EXE
还有一个RUNDLLFROMWIN2,怪怪的不知道是什么

启动后桌面不显示,就说有ERROR,正在创建日志什么的
任务管理器中用新任务可以打开文件
另外老弹出来什么**电影的网站
超级烦人

照BAOHE的做了一遍
CMD.COM跟SVCHOST.COM这两个文件没找到
所以没删成
结果是老样子
桌面还是不出来

怎么办啊?
哪位帮忙看看.....?

去下载SRENG,扫描日志发上来吧.SRENG的下载地址和使用说明置顶中有

扫个日志好点,爱莫能助

http://www.kztechs.com/sreng/.zip 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
注意:在扫描的时候别运行其他程序
如果sreng不能运行，就把拓展名改成com、scr
嘻嘻

谢谢两位
也许除了WUAUCLL.EXE
还有其他病毒
那我扫一个日志上来吧

在新任务中输入EXPLORER.EXE
桌面出来了
不过还是有很多莫名其妙的进程
日志哪位帮忙分析下?
[CODE]

2007-02-26,14:33:17

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <9bebulc0stir><C:\WINNT\rundl13a.exe>  [N/A]
    <wc0ldm><C:\WINNT\Servera.exe>  [N/A]
    <svc><C:\DOCUME~1\xishuai1\LOCALS~1\Temp\sysonling.exe>  [Microsoft Corporation]
    <jiy46ift><C:\WINNT\iexpl0re.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <JobHisInit><C:\Program Files\RMClient\JobHisInit.exe>  [N/A]
    <MplSetUp><C:\Program Files\RMClient\MplSetUp.exe>  [RICOH CO.,LTD.]
    <mppds><C:\WINNT\mppds.exe>  [N/A]
    <msccrt><C:\WINNT\msccrt.exe>  [N/A]
    <wsttrs><C:\WINNT\wsttrs.exe>  [N/A]
    <cmdbcs><C:\WINNT\cmdbcs.exe>  [N/A]
    <wWinlogin><C:\DOCUME~1\xishuai1\LOCALS~1\Temp\wkernel33.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINNT\system32\ctfnom.exe>  [N/A]
    <main><rundll32.exe "C:\program files\internet explorer\use17.dll" mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  [N/A]
    <{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.tdm>  [N/A]
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  [N/A]
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  [N/A]
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  [N/A]
    <{4DEC9B29-F08F-4cbc-B179-592B9283FAC9}><c:\program files\rising\rav\puifefkj.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\System32\scrnsave.scr>  [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Office ｽﾀｰﾄｱｯﾌﾟ]
  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Office ｽﾀｰﾄｱｯﾌﾟ.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA.EXE [N/A]><N>
[Microsoft Office ｼｮｰﾄｶｯﾄ ﾊﾞｰ]
  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Microsoft Office ｼｮｰﾄｶｯﾄ ﾊﾞｰ.lnk --> C:\PROGRA~1\MICROS~2\Office\MSOFFICE.EXE [Microsoft Corporation]><N>
[Microsoft Find Fast]
  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Microsoft Find Fast.lnk --> C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE [Microsoft Corporation]><N>
[SmartNetMonitor for Client]
  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\SmartNetMonitor for Client.lnk --> C:\PROGRA~1\RMClient\PMClient.exe [RICOH COMPANY,LTD.]><N>
[YamasaClock]
  <C:\Documents and Settings\xishuai1\スタート メニュー\プログラム\スタートアップ\YamasaClock.lnk --> D:\デスク~1\Clock.exe [N/A]><N>

==================================
Services
[20A3C0A7 / 20A3C0A7][Stopped/Auto Start]
  <C:\WINNT\system32\20A3C0A7.EXE -service><Microsoft Corporation>
[8D3C2EE6 / 8D3C2EE6][Stopped/Auto Start]
  <C:\WINNT\system32\8D3C2EE6.EXE -service><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[System Event Logger / MouTALS][Running/Auto Start]
  <C:\WINNT\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINNT\SYSTEM32\WBEM\YMYVC.DLL,Export 1087><Microsoft Corporation>
[Remote Procedure Call System(RPCS) / RpcS][Running/Auto Start]
  <C:\WINNT\system32\RpcS.exe><Microsoft Corporation>
[Remote Procedure Call System(RPCSA) / RpcSA][Running/Auto Start]
  <C:\WINNT\system32\Rpcsa.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Clipboard / Trial][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\bmcez.dll><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINNT\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
Drivers
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINNT\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINNT\System32\cdcd.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[論理ディスク マネージャ ドライバ / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[i81x / i81x][Running/Manual Start]
  <System32\DRIVERS\i81xnt5.sys><Intel Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINNT\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星?件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rrsx / rrsxv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\rrsxv.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
  <System32\DRIVERS\RTL8029.SYS><REALTEK Semiconductor Corp.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

==================================
Browser Add-ons
[IdnHelperObj Class]
  {118CE65F-5D86-4AEA-A9BD-94F92B89119F} <C:\WINNT\DOWNLO~1\CnsMinIdn.dll, JWord Inc.>
[ｿｨｿｨﾉﾏﾍｲﾈｫﾖ摠ﾖ]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINNT\System32\kakatool.dll, N/A>
[JWord (日本語キーワード)]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://www.jword.jp/intro/?partner=AP&type=lk&frm=iebutton, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[ラジオ(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[ｿｨｿｨﾉﾏﾍｲﾈｫﾖ摠ﾖ]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\System32\kakatool.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[JWordでウェブ検索(&J)]
  <res://C:\WINNT\DOWNLO~1\CnsMin.dll/203, N/A>

==================================
Running Processes
[PID: 140][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 168][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [c:\program files\rising\rav\puifefkj.dll]  [, 1, 0, 0, 11]
[PID: 220][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 232][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 392][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 380][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 480][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINNT\system32\HPBMMON.DLL]  [Hewlett-Packard, 10.00.15]
    [C:\WINNT\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINNT\system32\HPBHealr.dll]  [N/A, N/A]
    [C:\WINNT\system32\RPNV2MON.DLL]  [RICOH, 1, 0, 1, 17]
    [C:\WINNT\system32\rpnv2EN.dll]  [RICOH COMPANY, LTD., 1,0,0,10]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINNT\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINNT\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINNT\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
[PID: 548][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [c:\winnt\system32\bmcez.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 568][C:\WINNT\system32\hidserv.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\20A3C0A7.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 724][C:\WINNT\SYSTEM32\RUNDLLFROMWIN2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\SYSTEM32\WBEM\YMYVC.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 784][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 740][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 988][C:\WINNT\system32\RpcS.exe]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1008][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 1028][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\DOWNLO~1\CnsMinIdn.dll]  [JWord Inc., 2, 0, 3, 2]
[PID: 1404][C:\WINNT\system32\imejpmgr.exe]  [Microsoft Corporation, 7.0.1.4326]
[PID: 1336][C:\WINNT\system32\taskmgr.exe]  [Microsoft Corporation, 5.00.2195.6620]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 512][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1304][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1044][D:\My Documents\111\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1      localhost
127.0.0.1    test.nicemm.cn
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    www.djdj110.com
127.0.0.1    www.gaodumm.com
127.0.0.1    www.88cc8.com
127.0.0.1    wg770.com
127.0.0.1    www.y988.com
127.0.0.1    ads.9168a.com
127.0.0.1    www.flashsky.com

==================================
API HOOK
N/A

==================================


[/CODE]

我去..
重新安装C盘...重装好以后不要动其他的盘..装瑞星升级到最新版本全盘扫描

你去干嘛?
帮忙分析?

说明白点行吗?
都是些什么病毒啊?
无可救药了?