多谢.....
http://forum.ikaka.com/topic.asp?board=28&artid=8247930
我也有问题可是现在还没有人去帮忙
帮我看看好吗??上面是我帖子的地址

删除启动项
<{08315c1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp> [N/A]
<{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\rising\rav\gyciulfb.dll> [N/A]
删除服务项
[4AF3DC8F / 4AF3DC8F][Stopped/Auto Start]
<C:\WINDOWS\system32\4AF3DC8F.EXE -service><N/A>
[89634F56 / 89634F56][Stopped/Auto Start]
<C:\WINDOWS\system32\89634F56.EXE -service><N/A>
[WebClient XML / WebClient XML][Stopped/Auto Start]
<C:\WINDOWS\system32\webcxml.exe><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

重启进入安全模式
显示隐藏文件和隐藏系统文件的勾去掉
C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp
c:\program files\rising\rav\gyciulfb.dll
C:\WINDOWS\system32\4AF3DC8F.EXE
C:\WINDOWS\system32\89634F56.EXE
C:\WINDOWS\system32\webcxml.exe
C:\Program Files\WinPcap\rpcapd.ini
运行regedit打开注册表搜索rpcapd应该还有一个文件项把整个删除.网速恢复正常

引用:

【安全防卫的贴子】删除启动项 <{08315c1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp> [N/A] <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\rising\rav\gyciulfb.dll> [N/A] 删除服务项 [4AF3DC8F / 4AF3DC8F][Stopped/Auto Start] <C:\WINDOWS\system32\4AF3DC8F.EXE -service><N/A> [89634F56 / 89634F56][Stopped/Auto Start] <C:\WINDOWS\system32\89634F56.EXE -service><N/A> [WebClient XML / WebClient XML][Stopped/Auto Start] <C:\WINDOWS\system32\webcxml.exe><N/A> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A> 重启进入安全模式 显示隐藏文件和隐藏系统文件的勾去掉 C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp c:\program files\rising\rav\gyciulfb.dll C:\WINDOWS\system32\4AF3DC8F.EXE C:\WINDOWS\system32\89634F56.EXE C:\WINDOWS\system32\webcxml.exe C:\Program Files\WinPcap\rpcapd.ini 运行regedit打开注册表搜索rpcapd应该还有一个文件项把整个删除.网速恢复正常 ………………

看错贴了

???
忘了一件事修复一下关联文件.

怎么知道这个是病毒文件?
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

按照“安全防卫”的说法做了一遍，没有效果，不过还是谢谢！

下面我重新把新的扫描日志贴一下

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Nt_Admin / Nt_Admin][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\Nt_Admin.exe><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Pml Driver OEM12 / Pml Driver OEM12][Stopped/Manual Start]
  <C:\WINDOWS\system32\OEMipm12.exe><HP>
[Rising Proxy  Service / RfwProxySrv][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS><Macrovision Europe Ltd>
[DriverLINX Port I/O Driver / DLPortIO][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS><N/A>
[DS USB Infrared Miniport Adapter / DSIR620][Stopped/Manual Start]
  <system32\DRIVERS\DSIR620.sys><DonShine Electronics CO LTD.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[giveio / giveio][Stopped/Manual Start]
  <\??\C:\Documents and Settings\gold\桌面\progisp162\giveio.sys><N/A>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HPFXBULK / HPFXBULK][Running/Manual Start]
  <system32\drivers\hpfxbulk.sys><Hewlett Packard>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\TM\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[USB to IEEE-1284.4 Translation Driver OEMius12 / OEMius12][Stopped/Manual Start]
  <system32\DRIVERS\OEMius12.sys><HP>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <System32\DRIVERS\tcpip.sys><Microsoft Corporation>
[USB to Serial Bridge Controller / usb2vcom][Stopped/Manual Start]
  <System32\Drivers\usb2vcom.sys><N/A>
[Virtual PC Application Services / VPCAppSv][Running/Auto Start]
  <system32\DRIVERS\VPCAppSv.sys><Connectix Corporation>
[Virtual PC Emulated Ethernet Switch Driver / VPCNetS2][Running/Manual Start]
  <system32\DRIVERS\VPCNetS2.sys><Connectix Corporation>
[WinDriver6 / WinDriver6][Running/Manual Start]
  <system32\drivers\windrvr6.sys><Jungo>

==================================
浏览器加载项
[Flashget Catch Url Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, www.flashget.com>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\FlashGet\getflash.dll, >
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FLASHGET\flashget.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[Flashget Catch Url Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, www.flashget.com>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\FlashGet\getflash.dll, >
[&使用快车(FlashGet)下载]
  <D:\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\FlashGet\jc_all.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>