完了，名堂太多了，看不过来，估计今晚没人想帮你了。

不会吧，别吓我啊！求求你们救救我的电脑吧！

http://forum.ikaka.com/topic.asp?board=28&artid=8279261
参照该贴下载专杀
问题比较严重
个人觉得处理不了
rundl132
expl0er 这些…………

的确。。。
处理好要花点时间了，现在太晚了。。。

不过还是建议你先装上360安全卫士，清理下恶意软件
部分可以清理掉。。。要升级到最新
然后再扫分日志来。。。

结束进程：[PID: 2984][C:\WINDOWS\Logo1_.exe] [, 1.0.0.0]


删除注册表中启动项：
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ravshell><C:\WINDOWS\system32\expl0rer.exe> [N/A]
<svc><C:\DOCUME~1\new\LOCALS~1\Temp\byetmr.exe> [N/A]


[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\rundl132.exe> []

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

<upxdnd><C:\DOCUME~1\new\LOCALS~1\Temp\1.exe> [N/A]

安全模式下删除上述所有涉及到路径的对应文件！

引用:

【桃子CiCi的贴子】结束进程：[PID: 2984][C:\WINDOWS\Logo1_.exe] [, 1.0.0.0] 删除注册表中启动项： [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ravshell><C:\WINDOWS\system32\expl0rer.exe> [N/A] <svc><C:\DOCUME~1\new\LOCALS~1\Temp\byetmr.exe> [N/A] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><C:\WINDOWS\rundl132.exe> [] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <upxdnd><C:\DOCUME~1\new\LOCALS~1\Temp\1.exe> [N/A] 安全模式下删除上述所有涉及到路径的对应文件！ ………………

少了几个病毒DLL文件和病毒驱动文件。。。

再看看
马上补回来
呵可
谢谢高手指点

引用:

【桃子CiCi的贴子】再看看 马上补回来 呵可 谢谢高手指点 ………………

谈不上高手，大家互相学习。。。
我睡了，困了。。。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SkyTel><; SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><; "D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><; "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <upxdnd><; C:\DOCUME~1\new\LOCALS~1\Temp\1.exe>  [N/A]
    <cmdbcs><; C:\WINDOWS\cmdbcs.exe>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [N/A]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[壁纸自动换]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\壁纸自动换.lnk --> C:\WINDOWS\system32\bgswitch.exe [N/A]><N>
[星空极速]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>
[腾讯QQ]
  <C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>