[PID: 3036][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [D:\PROGRA~1\FLASHGET\getflash.dll]  [N/A, 1, 0, 0, 1]
[PID: 3260][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [D:\PROGRA~1\FLASHGET\getflash.dll]  [N/A, 1, 0, 0, 1]
[PID: 3436][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [D:\PROGRA~1\FLASHGET\getflash.dll]  [N/A, 1, 0, 0, 1]
[PID: 3540][C:\Program Files\VnetClient1.6\VnetClient.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1252][C:\DOCUME~1\m\LOCALS~1\Temp\conime.exe]  [N/A, N/A]
    [C:\DOCUME~1\m\LOCALS~1\Temp\wlzs.dll]  [N/A, N/A]
[PID: 2256][D:\Program Files\Microsoft Office\Office10\WINWORD.EXE]  [Microsoft Corporation, 10.0.2627]
    [C:\Program Files\Rising\Rav\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [D:\PROGRA~1\Kingsoft\POWERW~1\PWOFFI~1.DLL]  [Kingsoft Co, Ltd., 6, 0, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm308.dll]  [HP, 2,223,0,0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku08.dll]  [HP, 2,223,0,0]
[PID: 2652][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [D:\PROGRA~1\FLASHGET\getflash.dll]  [N/A, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3604][D:\Program Files\FlashGet\flashget.exe]  [FlashGet.com, 1, 7, 3, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
[PID: 3800][c:\program files\rising\rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [c:\program files\rising\rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
[PID: 2088][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
[PID: 2628][F:\工具\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [F:\Program Files\jdssoftware\wabdc8\gwjdsengdll.dll]  [N/A, N/A]
    [F:\工具\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1 www.trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 www.f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 www.sophos.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com

==================================
API HOOK
N/A

==================================


[/CODE]

【回复“乖MOMO”的帖子】
<rxzs><C:\DOCUME~1\m\LOCALS~1\Temp\svchost.exe> [N/A]
<wlzs><C:\DOCUME~1\m\LOCALS~1\Temp\conime.exe> [N/A]
<mhs2><C:\DOCUME~1\m\LOCALS~1\Temp\mhs2.exe> [N/A]
<NiceMSoft><C:\WINDOWS\system32\retemp.exe> [N/A]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DCOM Server 3339><C:\WINDOWS\system32\3339_27.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{2C1CD3D7-86AC-4068-93BC-A02304BB3339}><C:\WINDOWS\system32\3339_27.dll> [N/A]
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[C:\WINDOWS\system32\CmdLineExt03.dll] [N/A, N/A]

HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 www.f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 www.sophos.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com

終生學習 :谢谢你我回复。但这么多的专业术语里面，我不懂目前还同有看懂你给我的这堆不含中文的东西。能不能帮我用中文说一下，然后给个傻瓜步骤让我清除病毒呢？
    小的不胜感激

运行System Repair Engineer 在启动项目，注册表里删除
<rxzs><C:\DOCUME~1\m\LOCALS~1\Temp\svchost.exe> [N/A]
<wlzs><C:\DOCUME~1\m\LOCALS~1\Temp\conime.exe> [N/A]
<mhs2><C:\DOCUME~1\m\LOCALS~1\Temp\mhs2.exe> [N/A]
<NiceMSoft><C:\WINDOWS\system32\retemp.exe> [N/A]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DCOM Server 3339><C:\WINDOWS\system32\3339_27.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{2C1CD3D7-86AC-4068-93BC-A02304BB3339}><C:\WINDOWS\system32\3339_27.dll> [N/A]
在启动项目删除

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
再到安全模式下删除相应文件
清理HOSTS 文件

烧香的熊猫,谢谢你的回复,真是热心的大虾.请教如下问题:
1\再到安全模式下删除相应文件:指哪些文件呀
2\清理HOSTS 文件:如何清理,去哪里清理呀

System Repair Engineer 系统修复里清理HOSTS
相应文件是以上那些病毒文件

System Repair Engineer :注册表里无删除以下几项，一删除就马上再次出现。
<rxzs><C:\DOCUME~1\m\LOCALS~1\Temp\svchost.exe> [N/A]
<wlzs><C:\DOCUME~1\m\LOCALS~1\Temp\conime.exe> [N/A]
<mhs2><C:\DOCUME~1\m\LOCALS~1\Temp\mhs2.exe> [N/A]

在启动项目删除————没有这两项东东的出现。

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

下一步我应如何处理？

服务，win32应用程序，钩选隐藏以验证的微软服务删除
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

然后去安全模式删除相应文件，如果找不到的话运行winrar找

1\此操作已完成:

服务，win32应用程序，钩选隐藏以验证的微软服务删除
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

2\HOSTS下的文件,被我在非安全模式下干掉了.到了安全模式HOSTS看不到任保文件了.

病毒没有抓住,但目前和正常电脑的速度差不多,不会你以前那样不停的发作.
    谢谢你,我让俺家的小猫猫给你叩了三个"咚咚咚"的响头,以感谢你的仗义之举.