瑞星卡卡安全论坛

12月7日我安装了迅雷相关软件:雷之源,运行之（没有打开其他窗口）,并在雷之源上下载动画片时SSM监控显示有程序要运行,我以为是雷之源的程序,没细看,选择了仅在本次允许操作,反复三次后,瑞星监控显示有进程要修改IE主页为www.U88.cn，我阻止了操作，发现在桌面上多了U88图标：

附件: 6031052005127195837.png

开始菜单上多了U88图标:

附件: 6031052005127195934.png

在IE工具栏上多了：

附件: 6031052005127200029.png

在IE浏览器—查看---工具栏上多了“U88连锁加盟网”工具栏。
右键右击文件夹的右键菜单上多了：

附件: 6031052005127200349.png

建议您下载并使用HijackThis1.99.1

HijackThis下载地址请参考：
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

该程序在c:\program Files\Internet Explorer\创建了2052文件夹，其内是它的U88.exe等文件：

附件: 6031052005127200633.png

您可以先删除2052这个文件夹，然后打开注册表搜索U88.exe的项目删除！

问题仍在请参考4楼的意见！

它没有自身卸载程序，只好用完美卸载v2006的智能卸载分析U88.exe文件并将其卸载，但IE浏览器—查看---工具栏的U88连锁加盟网，和IE工具栏的“财”，右键菜单的项目仍在，再用卡卡助手IE修复清理后，仍遗留右键菜单项无法清除。
这是我将其卸载后的HijackThis_815汉化版扫描日志 V1.99.1日志：请版主及高手们帮助，谢谢！（我将其卸载后又卸载了雷之源，重新安装雷之源，并试下载刚才的动画片后又一切正常，不知U88是怎么来的？）
HijackThis_815汉化版扫描日志 V1.99.1
保存于      3:36:21, 日期 2005-12-07
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\暴风影音５．０７\安装文件\Storm Downloader\StormDownloader.exe
C:\WINDOWS\system32\ctfmon.exe
E:\暴风影音５．０７\安装文件\Storm Downloader\TDUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\ssm监控\System Safety Monitor\SYSSAFE.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\svchost.exe
E:\迅雷\安装文件\Thunder.exe
E:\HijackThis1.99.1  扫描工具\汉化版\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItBHO.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\kugoo(MP3)\安装文件\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\金鹕山娇快靱~1\金鹕山娇快靱~1\IEBand.dll (file missing)
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\PROGRA~1\YiSou\yisou.dll
O3 - IE工具栏增项: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItIEAddin.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - 启动项HKLM\\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] E:\超级兔子\超级兔~1\MAGICSET\SRRest.exe /autosave
O4 - 启动项HKLM\\Run: [DVDLauncher] ; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - 启动项HKLM\\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "E:\暴风影音５．０７\安装文件\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [MINI_BFYY] E:\暴风影音５．０７\安装文件\Storm Downloader\StormDownloader.exe
O4 - 启动项HKLM\\Run: [Thunder] "E:\迅雷\安装文件\ThunderShell.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - IE右键菜单中的新增项目:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - E:\暴风影音５．０７\安装文件\Storm Downloader\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\迅雷\安装文件\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\迅雷\安装文件\getallurl.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - E:\kugoo(MP3)\安装文件\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\原装文件\腾讯\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\原装文件\腾讯\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\原装文件\腾讯\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - E:\比特精灵\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\游戏\下载游戏\浩方\浩方对战平台\GameClient.exe (file missing)
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\原装文件\腾讯\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\原装文件\腾讯\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: System Safety Monitor (SSM) - System Safety - E:\ssm监控\System Safety Monitor\SYSSAFE.EXE

刚才忙着发图，谢谢飞跃迷离版主。

这是网址：http://www.u88.cn/?friendlink=u88shortcut

附件: 6031052005127201618.png

关于“MMSAssist” “Winstdup”楼主可以先尝试从开始-->设置-->控制面板-->添加删除程序, 卸载

重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O8 - IE右键菜单中的新增项目: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：(如果有的话)
删除文件夹C:\PROGRA~1\MMSASS~1

问题仍在请用System Repair Engineer 扫个日志上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

另外建议您重装下您的浏览器！

MMSAssist是我使用着的插件，Winstdup原来用兔子卸载过（不知道它是什么插件，请指教）没有卸载干净吗？
右键菜单项无法清除...(3楼图）怎么解决？

似乎卸载干净了，和MMSAssist是一路的彩信广告程序！

打开注册表搜索U88.exe的项目删除！

版主，请您看看，是不是这项：

附件: 6031052005127205005.png

是的

2005-12-07,20:52:57

System Repair Engineer 1.1.0.269
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <DLBTCATS><rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTimer><C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavMon><C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Super Rabbit SRRestore><E:\超级兔子\超级兔~1\MAGICSET\SRRest.exe /autosave>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <StormCodec_Helper><"E:\暴风影音５．０７\安装文件\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <MINI_BFYY><E:\暴风影音５．０７\安装文件\Storm Downloader\StormDownloader.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Thunder><"E:\迅雷\安装文件\ThunderShell.exe" /s>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Antiy live update / Alive Auto-Update Service]
  <><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><N/A>
[dlbt_device / dlbt_device]
  <C:\WINDOWS\system32\dlbtcoms.exe -service><Dell>
[KXAgent Service / KXAgentService]
  <><N/A>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
  <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
  <C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>
[System Safety Monitor / SSM]
  <E:\ssm监控\System Safety Monitor\SYSSAFE.EXE><System Safety>

==================================
浏览器加载项
[ThunderIEHelper Class]
  <C:\WINDOWS\system32\xunleibho_v8.dll>
[HelperObject Class]
  <E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItBHO.dll>
[QQBrowserHelperObject Class]
  <D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll>
[DriveLetterAccess]
  <C:\WINDOWS\system32\dla\tfswshx.dll>
[MMSAssist BHO]
  <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll>
[]
  <E:\kugoo(MP3)\安装文件\KuGoo3\KuGoo3DownXControl.ocx>
[DragSearch BHO]
  <C:\PROGRA~1\YiSou\yisoub.dll>
[浩方对战平台]
  <D:\游戏\下载游戏\浩方\浩方对战平台\GameClient.exe>
[MMSAssistMenu]
  <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll>
[QQ]
  <D:\原装文件\腾讯\Tencent\QQ\QQ.EXE>
[QQIEFloatBarCfgCmd Class]
  <D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll>
[Messenger]
  <C:\Program Files\Messenger\msmsgs.exe>
[金山快译(&K)]
  <E:\金鹕山娇快靱~1\金鹕山娇快靱~1\IEBand.dll>
[一搜工具条]
  <C:\PROGRA~1\YiSou\yisou.dll>
[SnagIt]
  <E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItIEAddin.dll>
[卡卡上网安全助手]
  <C:\WINDOWS\system32\KakaTool.dll>
[SysProWmi Class]
  <C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx>
[Shockwave Flash Object]
  <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx>
[ThunderIEHelper Class]
  <C:\WINDOWS\system32\xunleibho_v8.dll>
[HelperObject Class]
  <E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItBHO.dll>
[SysProWmi Class]
  <C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx>
[Shockwave Flash BrowserHelpObject]
  <C:\WINDOWS\system32\FlashHlp.dll>
[一搜工具条]
  <C:\PROGRA~1\YiSou\yisou.dll>
[Windows Media Player]
  <C:\WINDOWS\system32\wmpdxm.dll>
[HTML Document]
  <%SystemRoot%\system32\mshtml.dll>
[DHTML Edit Control Safe for Scripting for IE5]
  <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx>
[Wbho Class]
  <C:\WINDOWS\system32\Ipripw.dll>
[QQBrowserHelperObject Class]
  <D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll>
[Shell Name Space]
  <%SystemRoot%\system32\shdocvw.dll>
[DriveLetterAccess]
  <C:\WINDOWS\system32\dla\tfswshx.dll>
[Router Layer]
  <C:\WINDOWS\System32\aclayer.dll>
[MMSAssist BHO]
  <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll>
[Windows Media Player]
  <C:\WINDOWS\system32\wmp.dll>
[金山快译(&K)]
  <E:\金鹕山娇快靱~1\金鹕山娇快靱~1\IEBand.dll>
[Microsoft Web 浏览器]
  <C:\WINDOWS\system32\shdocvw.dll>
[SnagIt]
  <E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItIEAddin.dll>
[]
  <E:\kugoo(MP3)\安装文件\KuGoo3\KuGoo3DownXControl.ocx>
[Microsoft Scriptlet Component]
  <C:\WINDOWS\system32\mshtml.dll>
[卡卡上网安全助手]
  <C:\WINDOWS\system32\KakaTool.dll>
[SearchAssistantOC]
  <%SystemRoot%\system32\shdocvw.dll>
[Microsoft DirectAnimation Control]
  <C:\WINDOWS\system32\danim.dll>
[RealPlayer G2 Control]
  <C:\WINDOWS\system32\rmoc3260.dll>
[Shockwave Flash Object]
  <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx>
[卡卡上网安全助手]
  <C:\WINDOWS\system32\KakaTool.dll>
[DragSearch BHO]
  <C:\PROGRA~1\YiSou\yisoub.dll>
[  >> 彩信发送 <<]
  <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm>
[&使用暴风下载器下载]
  <E:\暴风影音５．０７\安装文件\Storm Downloader\geturl.htm>
[&使用迅雷下载]
  <E:\迅雷\安装文件\geturl.htm>
[&使用迅雷下载全部链接]
  <E:\迅雷\安装文件\getallurl.htm>
[使用KuGoo3下载(&K)]
  <E:\kugoo(MP3)\安装文件\KuGoo3\KuGoo3DownX.htm>
[添加到QQ自定义面板]
  <D:\原装文件\腾讯\Tencent\QQ\AddPanel.htm>
[添加到QQ表情]
  <D:\原装文件\腾讯\Tencent\QQ\AddEmotion.htm>
[用QQ彩信发送该图片]
  <D:\原装文件\腾讯\Tencent\QQ\SendMMS.htm>
[用比特精灵下载(&B)]
  <E:\比特精灵\BitSpirit\bsurl.htm>

正在运行的进程
[PID: 600][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 656][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 680][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 736][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4114>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 944][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1208][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1268][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Corporation Limited><3, 2, 0, 0>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
    [c:\program files\rising\rfw\rfwrule.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 1440][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\dlbtlmpm.DLL]  <Dell><1.27.33.0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll]  <N/A><1.64.96.0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1760][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [E:\雅虎助手\反间谍专家文件\ske\contmenu.dll]  <N/A><N/A>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItShellExt.dll]  <TechSmith 公司><1.0.0.1>
    [C:\WINDOWS\system32\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 8>
[PID: 1828][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 19>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [c:\program files\rising\rfw\PngDll.dll]  <Rising><17, 0, 0, 2>
[PID: 1848][C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 39>
    [C:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
[PID: 1856][C:\PROGRA~1\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 37>
    [C:\PROGRA~1\RISING\RAV\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [C:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRA~1\RISING\RAV\PngDll.dll]  <Rising><17, 0, 0, 2>
    [C:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 1868][C:\WINDOWS\system32\dla\tfswctrl.exe]  <Sonic Solutions><1.04.08a>
    [C:\WINDOWS\system32\tfswapi.dll]  <Sonic Solutions><1.04.08a>
    [C:\WINDOWS\system32\dla\tfswcres.dll]  <Sonic Solutions><1.04.08a>
[PID: 1884][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  <InstallShield Software Corporation><3, 10, 100, 1155>
[PID: 1900][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
[PID: 1956][E:\暴风影音５．０７\安装文件\Storm Downloader\StormDownloader.exe]  <深圳市三代科技开发有限公司><1, 1, 0, 4>
    [E:\暴风影音５．０７\安装文件\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
[PID: 2044][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 404][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 1968][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <rising><17, 0, 0, 1>
[PID: 1604][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 57>
    [C:\PROGRAM FILES\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\Rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [C:\PROGRAM FILES\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [C:\Program Files\Rising\Rav\engine.dll]  <rising><17, 0, 0, 40>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Rising><17, 0, 0, 27>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Rising><17, 0, 0, 33>
    [C:\PROGRAM FILES\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Rising><17, 0, 0, 21>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <瑞星><17, 0, 0, 13>
    [C:\PROGRAM FILES\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <rising><17, 0, 0, 19>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <rising><17, 0, 0, 31>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <N/A><17, 0, 0, 21>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <rising><17, 0, 0, 19>
    [C:\PROGRAM FILES\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <rising><17, 0, 0, 21>
[PID: 2040][E:\ssm监控\System Safety Monitor\SYSSAFE.EXE]  <System Safety><2.0.0.553>
    [E:\ssm监控\System Safety Monitor\ssmutil.dll]  <System Safety><2.0.0.553>
    [E:\ssm监控\System Safety Monitor\Locales\syssafe.CHS]  <System Safety><2.0.0.553>
[PID: 532][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 27>

[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 1136][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1676][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2292][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll]  <N/A><1.0.15.4>
    [C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll]  <N/A><N/A>
    [C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll]  <N/A><1.0.15.4>
    [C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll]  <N/A><1.0.15.4>
    [C:\Program Files\Dell Photo AIO Printer 922\LTDIS13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Dell Photo AIO Printer 922\LTKRN13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Dell Photo AIO Printer 922\LTFIL13N.DLL]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Dell Photo AIO Printer 922\LTIMG13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Dell Photo AIO Printer 922\LTEFX13N.dll]  <LEAD Technologies, Inc.><13.0.0.078>
    [C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll]  <N/A><1.0.15.4>
    [C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll]  <N/A><1.0.15.4>
    [C:\Program Files\Dell Photo AIO Printer 922\pdflib.dll]  <PDFlib GmbH><4.0.0>
    [C:\WINDOWS\system32\dsnpstd3.dll]  <N/A><1, 1, 0, 1>
[PID: 2704][C:\Program Files\ADSL拨号王\HNMainUI.exe]  <N/A><2, 3, 0, 1>
    [C:\Program Files\ADSL拨号王\HNKernel.dll]  <HelloNet><2.2.0.1>
    [C:\Program Files\ADSL拨号王\HNUtils.dll]  <N/A><2, 2, 0, 1>
    [C:\Program Files\ADSL拨号王\HNRes_0804.dll]  <N/A><2, 2, 0, 1>
    [C:\Program Files\ADSL拨号王\plugins\Diagnose.dll]  <HelloNet><2.2.0.1>
[PID: 3892][E:\迅雷\安装文件\Thunder.exe]  <Thunder Networking Technologies,LTD><5.0.6.98>
    [E:\迅雷\安装文件\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 1>
    [E:\迅雷\安装文件\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 1>
    [E:\迅雷\安装文件\log4cplus.dll]  <N/A><1, 0, 2, 1>
    [E:\迅雷\安装文件\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [E:\迅雷\安装文件\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 73>
    [E:\迅雷\安装文件\iThunder.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 30>
    [E:\迅雷\安装文件\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 5124][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 32>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItIEAddin.dll]  <TechSmith Corporation><1.0.6>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItIEAddinRes.dll]  <TechSmith 公司><1.0.6>
    [C:\WINDOWS\system32\xunleibho_v8.dll]  <N/A><4, 5, 1, 33>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItBHO.dll]  <TechSmith Corporation><1.0.1>
    [D:\原装文件\腾讯\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\WINDOWS\system32\dla\tfswshx.dll]  <Sonic Solutions><1.04.08a>
    [C:\WINDOWS\system32\tfswapi.dll]  <Sonic Solutions><1.04.08a>
    [C:\WINDOWS\system32\dla\tfswcres.dll]  <Sonic Solutions><1.04.08a>
    [C:\PROGRA~1\MMSASS~1\Mmsass~1.dll]  <N/A><1, 1, 0, 8>
    [E:\kugoo(MP3)\安装文件\KuGoo3\KuGoo3DownXControl.ocx]  <N/A><N/A>
    [C:\PROGRA~1\YiSou\yisoub.dll]  <N/A><1, 1, 2, 4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINDOWS\system32\FOURI_M3.IME]  <北京紫光华宇软件股份有限公司><4.0.0.5027>
[PID: 5276][E:\System Repair Engineer\SREng.exe]  <Smallfrogs Studio><1.1.0.269>
[PID: 5548][E:\SnagIt 7.2.5抓图软件\SnagIt\SnagIt32.exe]  <TechSmith Corporation><7.2.5.0>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\LTFIL12n.DLL]  <LEAD Technologies, Inc.><12.1.0.061>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\LTKRN12n.dll]  <LEAD Technologies, Inc.><12.1.0.061>
    [E:\SnagIt 7.2.5抓图软件\SnagIt\SnagItres.dll]  <TechSmith 公司><7.2.5.0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTUI5C.DLL]  <N/A><1.64.96.0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTSTRN.DLL]  <N/A><1.64.96.0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTPRP.DLL]  <N/A><1.48.115.0>
    [C:\WINDOWS\system32\DLBTutil.dll]  <N/A><1.48.115.0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbtprpr.dll]  <N/A><1.48.115.0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTDR5C.DLL]  <N/A><0,3,0,0 >
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTPCFG.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTcfg.dll]  <Lexmark International><1, 0, 0, 1>
[PID: 3580][E:\SnagIt 7.2.5抓图软件\SnagIt\TSCHelp.exe]  <TechSmith Corporation><1.0.0>

==================================
文件关联
.TXT  OK. [C:\WINDOWS\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\System32\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\System32\NOTEPAD.EXE %1]

版主：删除注册表项重新启动电脑后，右键菜单项没解决!在右击文件的该项单击，显示：

附件: 6031052005127211624.png

我的IE浏览器需要重装吗？重装后能解决右键菜单问题吗？
另外，用系统还原能解决右键菜单问题吗？
谢谢版主！

在右击文件的该项单击——————

看不明白，您是怎么修改注册表的？

引用:

【魔法学徒的贴子】在右击文件的该项单击—————— 看不明白，您是怎么修改注册表的？ ...........................

右键右击文件夹，在显示的右键菜单中（3楼的图）单击选中“U88连锁加盟网”后显示18楼的图标（在我来求助前就这样显示）
删除注册表：13楼图中的红色标记项。

HKEY_CURRENT_USER＼Software＼Microsoft＼Internet Explorer＼MenuExt
HKEY_CLASSES_ROOT＼*＼shellex＼ContextMenuHandlers
HKEY_CLASSES_ROOT＼Directory＼shell
HKEY_CLASSES_ROOT＼Directory＼shellex＼ContextMenuHandlers
HKEY_CLASSES_ROOT＼Folder＼shell
HKEY_CLASSES_ROOT＼Folder＼shellex＼ContextMenuHandlers
下是否有u88的项目，找到后将他们删除即可。

万分感激魔法学徒版主！已经删除干净了。
HKEY_CLASSES_ROOT＼*＼shell\u88...
HKEY_CLASSES_ROOT＼Folder＼shell\u88...
两个键有。
再次感谢两位版主！永远支持您们的版块！