好象瑞星杀毒软件以及防火墙,还有上网助手等等都不能在机子启动时自动启动了(选了也没用),还有有关上网助手之类的网站修复页面也不能打开,上网时老弹出一个网站WWW.677977.COM这个网站.郁闷-_-

Logfile of HijackThis v1.99.1
Scan saved at 18:24:15, on 2006-01-08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\rising\Rav\Ravmond.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\rising\Rav\RavStub.exe
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\strongly\SVOH0ST.EXE
D:\Program Files\rising\Rav\RavTask.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\NIW.exe
D:\WINDOWS\System32\rundll32.exe
D:\Documents and Settings\mafuguo\桌面\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - D:\WINDOWS\System32\ThunderBHO_v07.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - g:\电缱子油图际书樵阅睦览榔器鱘\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SVOH0ST] D:\Program Files\strongly\SVOH0ST.EXE un
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NIW] D:\WINDOWS\NIW.exe
O8 - Extra context menu item: &使用迅雷下载 - G:\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.76_20051110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C071A6A5-6D5E-4418-A82E-4B3AD59D11DA}: NameServer = 202.100.128.68 202.100.128.102
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\Ravmond.exe

O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
彻底的无用流氓软件

谢谢楼上的

问题解决了一部分,是D:\WINDOWS\NIW.exe这个东西搞怪,在WINDOWS目录下伪装成一个图片文件,结束进程并删除NIW这个文件后,可以打开上网助手之类的网站了,注册表里没搜索到NIW相关的键值.等会我再重起试一下

晕,自己注册的名字忘了,新注册了一下,怎么再登陆昵称恢复到以前的了-_-

靠,没清除干净,重新启动还有,我又删除了衣遍,在注册表里找到启动项里有,页删除了,载试

搞定
结束进程
删除源文件
删除注册表键值
启动项里页改一下,清一下,基本上好了

如果是D:\WINDOWS\NIW.exe
应该还有一个D:\WINDOWS\System32\impai.exe 修改了您的TXT文件关联，请楼主检查一下

斑竹英明啊,真的有这个东西哦

刚清了

请问斑竹,这是什么病毒哦

症状为在QQ上向好友发送
http://xxxx.com/zhufu/新年快乐.htm
只要一点击就中病毒！还会锁定定你的浏览器指向病毒网站！
这个不用杀毒软件，手动删除！
处理方法：
0，请先下载一个超级兔子，解除浏览器被锁定！
1，重新启动电脑
2，F8进入安全模式
3，ctrl+alt+delete进入任务管理器
4，把这个nie.exe停止
5，进入运行运行msconfig 把启动选项niw.exe的勾勾去掉，表示开机不自动运行，确定就行
6，搜索niw.exe,会发现他在从c：\Windows\NIW.exe,删除他
7，搜索impai.exe，发现它在c:\system\impai.exe,删除它
8，进入注册表编辑器regedit.exe，查找niw.exe，把它删除
9，同样查找impai.exe，把它删除
10，最后，重新起动机算计就OK

刚才搜到了别人的解决办法

补充一下,删除完后,需要将TXT文件关联重新定一下