这是我系统日志，请高手帮忙看日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 11:48:36, on 2007-07-11
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常

正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTowNet\信城通桌面安全套件 V2.5.13\eKeyDaemon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\ha_hijackthisv2_pp\HA_HijackThisv2_PP\HiJackThis_v2.exe

O2 - BHO: ThunderBHO - {761497BA-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (未命名) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll
O3 - 工具栏: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [eKeyDaemon] "C:\Program Files\iTowNet\信城通桌面安全套件 V2.5.13\eKeyDaemon.exe"
O4 - HKLM\..\Run: [mhsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhso.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [wlsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlso.exe
O4 - HKLM\..\Run: [wgsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe
O4 - HKLM\..\Run: [wmsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmso.exe
O4 - HKLM\..\Run: [fysa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyso.exe
O4 - HKLM\..\Run: [qjsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe
O4 - HKLM\..\Run: [rxsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxso.exe
O4 - HKLM\..\Run: [wdsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe
O4 - HKLM\..\Run: [tlsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso.exe
O4 - HKLM\..\Run: [dasa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\daso.exe
O4 - HKLM\..\Run: [zxsa] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zxso.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [USBautoinput] E:\Program Files\汇信软件\USBautoinput.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = D:\Program Files\Tencent\QQGame\Accel.exe
O8 - 扩展右键菜单项: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (未命名) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.icinfo.com.cn
O15 - Trusted Zone: cus.icinfo.com.cn
O15 - Trusted Zone: hzaic.icinfo.com.cn
O15 - Trusted Zone: ssl.icinfo.com.cn
O15 - Trusted Zone: tseal.icinfo.com.cn
O15 - Trusted Zone: tseal2.icinfo.com.cn
O15 - Trusted Zone: www.tseal.com.cn
O15 - Trusted Zone: zjaic.icinfo.com.cn
O15 - Trusted Zone: www.huaic.gov.cn
O15 - Trusted Zone: www.hzaic.gov.cn
O15 - Trusted Zone: www.zjaic.gov.cn
O15 - Trusted Zone: yw.huaic.gov.cn
O15 - Trusted Zone: www.tseal.cn
O15 - Trusted IP range: 61.130.4.68
O15 - Trusted IP range: 61.153.27.242
O15 - Trusted IP range: 218.75.109.245
O15 - Trusted IP range: 61.130.8.188
O15 - Trusted IP range: 218.75.109.242
O15 - Trusted IP range: 202.75.221.19
O15 - Trusted IP range: *.icinfo.com.cn
O15 - Trusted IP range: 202.75.221.24
O15 - Trusted IP range: 211.140.95.28
O15 - Trusted IP range: 61.175.223.171
O15 - Trusted IP range: 61.153.209.126
O15 - Trusted IP range: 61.153.144.21
O15 - Trusted IP range: 61.130.53.3
O15 - Trusted IP range: 218.75.54.90
O15 - Trusted IP range: 61.175.211.169
O15 - Trusted IP range: 218.75.119.173
O15 - Trusted IP range: 61.153.64.194
O15 - Trusted IP range: 61.153.64.196
O15 - Trusted IP range: 61.153.144.20
O15 - Trusted IP range: 61.241.86.4
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0C40B727-A893-4A14-8F76-5A4BB6911490} (HXEdit Control) - https://www.hua-xiabank.com/pbank/HXEdit.cab
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://www.0577.tv/plugin/PowerPlr.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {DD713965-ECD7-407B-A886-FCF999BB6765} (SnSubmitControl Class) - http://jf.sdo.com/sndasec.cab
O16 - DPF: {F2088E62-6680-11D4-A851-00E0987686C2} (csii.printClient) - http://ebank1.gdb.com.cn:8080/newcombank/csii_prtClient.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.95_signed.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (无 CLSID) - (没有文件)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (无 CLSID) - (没有文件)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

--
文件结束 - 11229 字节
一下

怎么没帮忙啊

http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描＝》导出信息，导成txt格式（也可以是htm格式方便自己看，不过论坛不能上传htm格式）
5 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分次发上来）
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm

只要中了这个病毒，都能从从瑞星或者其他的杀毒软件的文件夹里找到ws2_32.dll这个文件夹，但是他将自己掩盖成系统文件，是不能直接删除的。所以中了这个毒以后，人会很郁闷。

那我现在就来介绍一下这个病毒，这是一个叫做romdriver的病毒,中文罗姆

该病毒的症状是在安全防护软件,杀毒软件的目录下建立ws2_32.dll的一个文件夹,导致安全卫士卡巴斯基等杀毒软件不能启动.

因为windows很多程序,都要调用ws2_32.dll这个文件,在windows/system32下,不过windows调用的时候,是优先寻找改程序所在文件夹下是否有这个文件,如果没有,所搜windows文件夹,如果还没有,就搜索windows/system32.而由于windows文件管理的原因,病毒建立的这个文件夹就让windows以为是调用的dll,但是他又没有那个功能,所以不能启动程序。

我从网上找过很多清除它的办法，本人是个菜鸟级别的，所以很多大侠写的东西，小弟看起来觉得很复杂，所以就没有试过。我个人觉得如果有专杀工具不就好了，点两下就OK的傻瓜模式，谁都会用。所以找了一会，还被我找到了。现在把网址贴上来。希望对大家有帮助（绝对不是病毒！要不，我天打五雷轰，不得好死！）够毒了吧！
http://hi.baidu.com/peaset/blog/item/b18d90351578ce1091ef39f2.html

有个罗母专杀！使用方法，打开清除完毕以后它会提示你重新启动，重启以后再打开一次。就会提示你完全清除了。我那个高兴啊。快乐一起分享！