近一段时间发现我的PC只要一上网，经常有广告跳出，而且很慢。发现是个流氓软件henbang.net,叫很棒小秘书.根据其他人的经验，在safe mode下在windows目录下删除了几个.ini文件。并且删除了C:\PROGRAM FILE\hbclient\tbhelper.dll；从IE禁止了这个dll的加载。
重启后上网没有广告了，但是只要一上网就巨慢，点击一个链接半天没反映；运IE要等半分钟左右；运行其他程序也特别慢，郁闷死了。我用了几个杀毒软件，但是都查不出什么。特此附上sreng的扫描报告，请高手指教。

[CODE]

2007-03-21,10:48:59

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [(Verified)Skype Technologies SA]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TpShocks><TpShocks.exe>  [IBM Corp.]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Microsoft Windows Publisher]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <KAVRUN><C:\pz\Kingsoft\Duba6\KAVRUN.EXE>  [kingsoft]
    <SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe">  [Network Associates, Inc.]
    <QuickTime Task><"C:\Program Files\QuickTime7\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <DIRECT!><C:\Program Files\MyAccounts\direct.exe>  [Courion Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><GINASTUB.DLL>  [Courion Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{Z99999999-999-9999-9999-QCOM-SP2}]
    <><C:\WINDOWS\RunInvalidSignatures.EXE>  [Microsoft Corporation]

==================================
Startup Folders
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [Adobe Systems Inc.]><N>
[Connected TaskBar Icon]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Connected TaskBar Icon.LNK --> C:\PROGRA~1\CONNEC~1\CBSYST~1.EXE [Connected Corporation]><N>
[金山词霸 2003]
  <C:\Documents and Settings\zpeng\Start Menu\Programs\Startup\金山词霸 2003.lnk --> C:\PROGRA~1\Kingsoft\POWERW~1\Xdict.exe [Kingsoft Co, Ltd.]><N>

==================================
Services
[Connected Agent Service / AgentSrv][Running/Auto Start]
  <C:\Program Files\Connected\AgentSrv.EXE -asv><Connected Corporation>
[Access Manager Configuration Service / AMBroker][Running/Auto Start]
  <"C:\Program Files\AccessManager\Client\AMBroker.exe"><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Cisco Systems, Inc. VPN Service / CVPND][Running/Auto Start]
  <"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService][Stopped/Manual Start]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[Network Associates McShield / McShield][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\vstskmgr.exe"><Network Associates, Inc.>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[SP Software Installer / SP Software Installer][Running/Auto Start]
  <C:\Program Files\AccessManager\PMAC\sp_SWIns.exe><Smartpipes, Inc.>
[Visual Insight Dial Analysis / sp_spi_da][Stopped/Manual Start]
  <C:\Program Files\AccessManager\SMOC\spi_da.exe><Smartpipes, Inc.>
[IBM HDD APS Logging Service / TPHDEXLGSVC][Running/Auto Start]
  <System32\TPHDEXLG.EXE><N/A>
[Protector Suite Virtual Token / vtserver][Running/Auto Start]
  <"C:\Program Files\Common Files\Virtual Token\vtserver.exe"><UPEK Inc.>

没有必要分开发帖子的