Logfile of HijackThis v1.99.1
Scan saved at 20:35:42, on 2006-6-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
E:\SysTrayX\SYSTRAYX.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Program Files\Rising\Rfw\RfwMain.exe
d:\program files\rising\rfw\rfwsrv.exe
E:\Program Files\Maxthon\Thundermini\ThunderMini.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\eMule\eMule.exe
D:\Program Files\Thunder Network\ThunderMini\program\ThunderMini.exe
D:\WINDOWS\system32\mmc.exe
E:\Program Files\Maxthon\Max.exe
D:\WINDOWS\system32\IEXPLORER.EXE
D:\WINDOWS\system32\conime.exe
L:\TDdownload\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\atom.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - D:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4619.dll
O2 - BHO: (no name) - {45A26E38-F931-4C6F-8106-FBB8534FB0AF} - D:\WINDOWS\ODBINT.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - D:\WINDOWS\system32\MSHLP.DLL (file missing)
O2 - BHO: ThunderMiniBHO - {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} - D:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_002.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\Program Files\FlashGet\JCCatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Flash 8 ocx  - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\system32\flash8.dll
O2 - BHO: IEHlprObj Class - {BA623AA0-9A82-4d0c-944C-0228CEA17780} - C:\Progra~1\Messenger\netshow.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - D:\WINDOWS\system32\aperferer.dll
O2 - BHO: google bar - {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} - D:\WINDOWS\vwwreg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [thunder_mini] E:\Program Files\Maxthon\Thundermini\ThunderMini.exe
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [StormCodec_Helper] "E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [] D:\WINDOWS\system32\atom.exe
O4 - HKLM\..\Run: [Babylon Client] G:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ThunderMini] D:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe
O4 - HKLM\..\Run: [rundll31] D:\WINDOWS\system32\IEXPLORER.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [spoolsv] D:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [rundll32] D:\WINDOWS\system32\IEXPLORER.EXE
O4 - HKLM\..\RunOnce: [SYSTRAYX] E:\SysTrayX\RUNSTX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\eMule.exe -AutoStart
O8 - Extra context menu item: &使用迷你迅雷下载 - E:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: ATOK偱儁乕僕撪偺扨岅傪妛廗偡傞(&L) - res://D:\WINDOWS\system32\atokexif.dll/AtokRegTextWords.htm
O8 - Extra context menu item: ATOK傊徣擖椡岓曗傪捛壛偡傞(&S) - res://D:\WINDOWS\system32\atokexif.dll/AtokRegisterAbbrevData.htm
O8 - Extra context menu item: ATOK傊扨岅傪搊榐偡傞(&J) - res://D:\WINDOWS\system32\atokexif.dll/AtokRegWord.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用Gigaget下载 - e:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: 使用Gigaget下载全部链接 - e:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 黄河&Flash播放器 - D:\Program Files\黄河Flash播放器\geturl.htm
O9 - Extra button: 铃声 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://huanghetv.sms.163.com (file missing)
O9 - Extra button: TOL24 - {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} - http://www.TOL24.com (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151644297609
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AED7682-BE40-4674-BA0A-B38FF991B4EE}: NameServer = 202.103.224.68,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AED7682-BE40-4674-BA0A-B38FF991B4EE}: NameServer = 202.103.224.68,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AED7682-BE40-4674-BA0A-B38FF991B4EE}: NameServer = 202.103.224.68,0.0.0.0
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe

病毒名称                        处理结果    发现日期          扫描方式            路径                                                                                                                    文件                                                                                                                    病毒来源                                                   
Dropper.Agent.coj              删除成功    2006-06-30 19:48  手动扫描            D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper                                                RssInstaller.exe                                                                                                        本机                                                       
Trojan.DL.Scamps.c              删除成功    2006-06-30 19:49  手动扫描            D:\Documents and Settings\MRG                                                                                          DIYNETSetupUni.exe                                                                                                      本机                                                       
Dropper.Agent.wd                删除成功    2006-06-30 19:50  手动扫描            D:\Documents and Settings\MRG\Local Settings\Temporary Internet Files\Content.IE5\ZC87VTF9                              2225ask03[1].exe                                                                                                        本机                                                       

结束进程D:\WINDOWS\system32\IEXPLORER.EXE

修复：
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\atom.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4619.dll
O2 - BHO: (no name) - {45A26E38-F931-4C6F-8106-FBB8534FB0AF} - D:\WINDOWS\ODBINT.dll
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - D:\WINDOWS\system32\MSHLP.DLL (file missing)
O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\system32\flash8.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - D:\WINDOWS\system32\aperferer.dll
O2 - BHO: google bar - {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} - D:\WINDOWS\vwwreg.dll
O4 - HKLM\..\Run: [] D:\WINDOWS\system32\atom.exe
O4 - HKLM\..\Run: [rundll31] D:\WINDOWS\system32\IEXPLORER.exe
O4 - HKLM\..\Run: [spoolsv] D:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [rundll32] D:\WINDOWS\system32\IEXPLORER.EXE
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

卸载
C:\Progra~1\DoDoorRSSFinder\  （除非你知道它是什么）

删除：
D:\WINDOWS\system32\atom.exe
D:\WINDOWS\system32\WPDShServiceObj.dll
D:\WINDOWS\system32\IEXPLORER.exe
D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4619.dll
D:\WINDOWS\ODBINT.dll
D:\WINDOWS\system32\flash8.dll
D:\WINDOWS\system32\aperferer.dll
D:\WINDOWS\vwwreg.dll

O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll
O4 - HKLM\..\Run: [spoolsv] D:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
这两项的处理则参考http://forum.ikaka.com/topic.asp?board=28&artid=7948848