2009-01-07,22:00:05
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <DAEMON Tools Lite><"D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun>  [(Verified)DAEMON Tools Code Signing Services]
    <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
    <iKu><I:\My Music\iKu\iKu.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><d:\Program Files\360Safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <FixCamera><; C:\WINDOWS\FixCamera.exe>  [File is missing]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <snpstd3><; C:\WINDOWS\vsnpstd3.exe>  []
    <switch><; c:\windows\system32\壁纸自动换.exe>  []
    <tsnpstd3><; C:\WINDOWS\tsnpstd3.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><jelpjalp.dll,medeffkb.dll,BFD5A1ED.dll,iipnaaha.dll,nljbgicf.dll,8C7118DF.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <{01F7E3A2-070C-429B-9290-4862AD371438}><C:\WINDOWS\system32\01F7E3A2.dll>  [File is missing]
    <{211605F3-DAD9-4345-9441-961B48F8F2F1}><C:\WINDOWS\system32\ihhmglfj.dll>  [File is missing]
    <{BFD5A1ED-5B2B-4EB9-AC3D-A7729EFFD15C}><C:\WINDOWS\system32\BFD5A1ED.dll>  []
    <{3851A233-FDB5-4D1D-AFDB-8463A568B8AC}><C:\WINDOWS\system32\jolhaijj.dll>  [File is missing]
    <{A9C345DF-A74C-4E95-8992-D3FAE8D393BC}><C:\WINDOWS\system32\apcjkldf.dll>  [File is missing]
    <{5D09BB2B-D66C-4418-BF18-13F8F4C7B821}><C:\WINDOWS\system32\ldgpbbib.dll>  [File is missing]
    <{794F8D09-AD2D-49A0-9354-7D5AA6B82923}><C:\WINDOWS\system32\npkfodgp.dll>  [File is missing]
    <{101D4DC0-AB92-46CD-A4C0-1ACF07A20F91}><C:\WINDOWS\system32\hghdkdcg.dll>  [File is missing]
    <{18847B0E-EBD3-4CF3-A206-A307FC5EFF63}><C:\WINDOWS\system32\hooknbge.dll>  [File is missing]
    <{DDE8FA76-9084-4D4E-8304-4E06078AEF23}><C:\WINDOWS\system32\ddeofanm.dll>  [File is missing]
    <{0310345D-3254-49CB-A6D8-2B421C7C7A62}><C:\WINDOWS\system32\0310345D.dll>  [File is missing]
    <{185640FE-4331-4DC6-A249-078B11164EA0}><C:\WINDOWS\system32\holmkgfe.dll>  [File is missing]
    <{671842F1-94D0-4F0A-BC9F-BC1F76303854}><C:\WINDOWS\system32\671842F1.dll>  [File is missing]
    <{E80E6216-4133-4A20-B86E-D13DBDF13813}><C:\WINDOWS\system32\eogemihm.dll>  [File is missing]
    <{BF2EA484-3CA2-498F-9C0D-CAD95B2AF133}><C:\WINDOWS\system32\BF2EA484.dll>  [File is missing]
    <{2A2B1B6C-DFA0-4576-A8E4-E966AB6ACF91}><C:\WINDOWS\system32\iaibhbmc.dll>  [File is missing]
    <{18CAA594-80B1-4F38-8CE0-6C50AB3F9112}><C:\WINDOWS\system32\hocaalpk.dll>  [File is missing]
    <{056E5FD3-9058-43C4-8CC9-3CF0C37087D1}><C:\WINDOWS\system32\glmelfdj.dll>  [File is missing]
    <{39D8FC3D-5A7C-4782-A25C-BE2D0E9320E8}><C:\WINDOWS\system32\jpdofcjd.dll>  [File is missing]
    <{55BBADCC-4241-405D-8119-2C06DB5A5DFD}><C:\WINDOWS\system32\llbbadcc.dll>  [File is missing]
    <{78921BC2-EAD7-40DF-AD74-D7F5045599C8}><C:\WINDOWS\system32\nopihbci.dll>  [File is missing]
    <{189F2AE7-01C4-40C4-88AE-80B1A1BEBBB9}><C:\WINDOWS\system32\189F2AE7.dll>  [File is missing]
    <{77AC5F51-B3C2-40D4-B306-EE91119A0B10}><C:\WINDOWS\system32\nnaclflh.dll>  [File is missing]
    <{BCD0E4CE-A14D-4669-866E-B2287746E495}><C:\WINDOWS\system32\BCD0E4CE.dll>  [File is missing]
    <{2ADC6359-06C2-46DA-B413-228DCFD0EC61}><C:\WINDOWS\system32\iadcmjlp.dll>  [File is missing]
    <{CDBF8460-A991-41FD-B497-E28628C610A4}><C:\WINDOWS\system32\cdbfokmg.dll>  [File is missing]
    <{9CF6103A-56EA-4658-921D-BF031C9F4FF3}><C:\WINDOWS\system32\9CF6103A.dll>  [File is missing]
    <{66A8A773-2F9C-43A0-B116-57E20986111C}><C:\WINDOWS\system32\mmaoannj.dll>  [File is missing]
    <{2297AA1A-0FFE-437E-B604-C2A6C8D2F8EC}><C:\WINDOWS\system32\iipnaaha.dll>  []
    <{753B02CF-EEA0-4C12-873C-86E5CD067186}><C:\WINDOWS\system32\nljbgicf.dll>  []
    <{8C7118DF-7517-418D-83C8-465A21FA2302}><C:\WINDOWS\system32\8C7118DF.dll>  []
    <{3E593A59-4A82-4AC4-AD54-5D0CAB476C50}><C:\WINDOWS\system32\jelpjalp.dll>  []
    <{6EDEFF4B-62E7-4361-918E-B3ACFA668985}><C:\WINDOWS\system32\medeffkb.dll>  []
    <{07D484EC-FF36-408B-BD1C-40D5B28E3C7B}><C:\WINDOWS\system32\07D484EC.dll>  [File is missing]
    <{EFCBA376-6453-4275-B4D1-0E93323B17BC}><C:\WINDOWS\system32\EFCBA376.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <14869E6D><C:\WINDOWS\system32\14869E6D.dll>  [File is missing]
    <01F7E3A2><C:\WINDOWS\system32\01F7E3A2.dll>  [File is missing]
    <3A56FA04><C:\WINDOWS\system32\3A56FA04.dll>  [File is missing]
    <3A0BB70E><C:\WINDOWS\system32\3A0BB70E.dll>  [File is missing]
    <07D484EC><C:\WINDOWS\system32\07D484EC.dll>  [File is missing]
    <EFCBA376><C:\WINDOWS\system32\EFCBA376.dll>  [File is missing]
    <C91EE123><>  [N/A]
    <211605F3><C:\WINDOWS\system32\ihhmglfj.dll>  [File is missing]
    <3851A233><C:\WINDOWS\system32\jolhaijj.dll>  [File is missing]
    <BFD5A1ED><C:\WINDOWS\system32\BFD5A1ED.dll>  []
    <A9C345DF><C:\WINDOWS\system32\apcjkldf.dll>  [File is missing]
    <45FB53EB><>  [N/A]
    <5D09BB2B><C:\WINDOWS\system32\ldgpbbib.dll>  [File is missing]
    <794F8D09><C:\WINDOWS\system32\npkfodgp.dll>  [File is missing]
    <101D4DC0><C:\WINDOWS\system32\hghdkdcg.dll>  [File is missing]
    <18847B0E><C:\WINDOWS\system32\hooknbge.dll>  [File is missing]
    <DDE8FA76><C:\WINDOWS\system32\ddeofanm.dll>  [File is missing]
    <0310345D><C:\WINDOWS\system32\0310345D.dll>  [File is missing]
    <185640FE><C:\WINDOWS\system32\holmkgfe.dll>  [File is missing]
    <671842F1><C:\WINDOWS\system32\671842F1.dll>  [File is missing]
    <E80E6216><C:\WINDOWS\system32\eogemihm.dll>  [File is missing]
    <BF2EA484><C:\WINDOWS\system32\BF2EA484.dll>  [File is missing]
    <2A2B1B6C><C:\WINDOWS\system32\iaibhbmc.dll>  [File is missing]
    <18CAA594><C:\WINDOWS\system32\hocaalpk.dll>  [File is missing]
    <056E5FD3><C:\WINDOWS\system32\glmelfdj.dll>  [File is missing]
    <39D8FC3D><C:\WINDOWS\system32\jpdofcjd.dll>  [File is missing]
    <55BBADCC><C:\WINDOWS\system32\llbbadcc.dll>  [File is missing]
    <78921BC2><C:\WINDOWS\system32\nopihbci.dll>  [File is missing]
    <189F2AE7><C:\WINDOWS\system32\189F2AE7.dll>  [File is missing]
    <77AC5F51><C:\WINDOWS\system32\nnaclflh.dll>  [File is missing]
    <BCD0E4CE><C:\WINDOWS\system32\BCD0E4CE.dll>  [File is missing]
    <2ADC6359><C:\WINDOWS\system32\iadcmjlp.dll>  [File is missing]
    <CDBF8460><C:\WINDOWS\system32\cdbfokmg.dll>  [File is missing]
    <9CF6103A><C:\WINDOWS\system32\9CF6103A.dll>  [File is missing]
    <66A8A773><C:\WINDOWS\system32\mmaoannj.dll>  [File is missing]
    <2297AA1A><C:\WINDOWS\system32\iipnaaha.dll>  []
    <753B02CF><C:\WINDOWS\system32\nljbgicf.dll>  []
    <8C7118DF><C:\WINDOWS\system32\8C7118DF.dll>  []
    <3E593A59><C:\WINDOWS\system32\jelpjalp.dll>  []
    <6EDEFF4B><C:\WINDOWS\system32\medeffkb.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
  <d:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PnkBstrB / PnkBstrB][Stopped/Manual Start]
  <C:\WINDOWS\system32\PnkBstrB.exe><N/A>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><N/A>
[Rising RavTask Manager / RavTask][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><(File is missing)>
[Remote Procedure Call (RPC) / RpcSs][Others/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; 360SE)

驱动程序
[0005ef97 / 0005ef97][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0005ef97.sys><N/A>
[360procmon / 360procmon][Running/Manual Start]
  <\??\d:\Program Files\360Safe\safemon\360procmon.sys><>
[Mobinex Virtual Webcam - 9You, WDM Video Capture / 9you][Stopped/Auto Start]
  <system32\DRIVERS\9you.sys><Windows (R) 2000 DDK provider>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[BdGuard / BdGuard][Stopped/Disabled]
  <system32\drivers\BDGuard.SYS><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Stopped/Disabled]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[PnkBstrK / PnkBstrK][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\PnkBstrK.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Windows (R) Codename Longhorn DDK provider>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Windows (R) Codename Longhorn DDK provider>
==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, (Signed) 上海浩方在线信息技术有限公司>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, N/A>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <D:\QQ2007\Tencent\QQPhotoDraw.dll, (Signed) TENCENT>
[RavOnline Class]
  {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Information Technology Co., Ltd.>
[ScreenCapture Class]
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, >
[]
  {01443AEB-0FD1-40FD-9C87-E93D1494C233} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[PhotoDrawEx Class]
  {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <C:\Program Files\Tencent\Qzone\QQPhotoDrawEx.dll, (Signed) TENCENT>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <d:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, N/A>
[Fade]
  {16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <D:\QQ2007\Tencent\QQPhotoDraw.dll, (Signed) TENCENT>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {4836C333-208E-4BCE-B30B-00B9545B0F6E} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <d:\PROGRA~1\PPStream\110~1.264\POWERP~1.DLL, (Signed) PPStream Inc.>
[]
  {635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <d:\Program Files\StormII\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, N/A>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\Program Files\360Safe\live.dll, (Signed) 360.cn>
[]
  {8755CE6E-0BF7-4441-8751-FB728941B0B4} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[Uploader Class]
  {8B054DFE-79A3-4A6A-9F46-CD2A2F601129} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[]
  {998A88A0-A355-809B-831C-B83A80000991} <, >
[]
  {998A88A0-A355-809B-831C-B83A80000992} <, >
[Tool Class]
  {A7F05EE4-0426-454F-8013-C41E3596E9E9} <C:\PROGRA~1\baidu\bar\baidubar.dll, N/A>
[UploadFilePartition Class]
  {A877BA28-1F7E-4876-B299-50B3199A1A5D} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.2.5807.104.(758).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[ScreenCapture Class]
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll, N/A>
[QQPlayerCtrl Class]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\Program Files\QQ2007\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Agent Control 2.0]
  {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, (Signed) Microsoft Corporation>
[KuAgent2 Class]
  {D928E486-C465-4A64-976D-F3B24BBECC69} <I:\My Music\iKu\YouKuAgent.dll, N/A>
[]
  {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} <, >
[]
  {DEEE7FE9-3E06-43EE-B04D-18866CD0AD9C} <, >
[AgControl Class]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll, (Signed)  Microsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\QQ2007\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[RevealTrans]
  {E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <D:\PROGRA~1\QQ2007\Timwp.dll, (Signed) TENCENT>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.719.dll, ShenZhen Thunder Networking Technologies Ltd.>
[QvodCtrl Class]
  {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QVODPlayer\QvodInsert.dll, N/A>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5880.229.(759).dll, (Signed) Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\QQ2007\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 664][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 816][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 1052][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\System32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\System32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\System32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\System32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\System32\8C7118DF.dll]  [N/A, ]
[PID: 1092][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 1252][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 1328][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 1496][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1932][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
    [D:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll]  [Nokia, 7, 0, 103, 0]
    [D:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]  [Nokia, 7, 0, 140, 6]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 7, 0, 64, 0]
    [D:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 7, 0, 20, 0]
    [D:\Program Files\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1004]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.dll]  [Nokia., 7, 0, 13, 0]
    [C:\Program Files\PC Connectivity Solution\DAAPI.dll]  [Nokia, 7, 0, 15, 0]
    [C:\Program Files\PC Connectivity Solution\PCCS_DBAPI.DLL]  [Nokia, 7, 0, 1, 0]
    [C:\Program Files\PC Connectivity Solution\VersitConverter.dll]  [Nokia, 7, 0, 9, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 9, 1, 0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\YouKuDesktopShell.dll]  [www.youku.com, 1.2.7.1700]
    [C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 2, 9, 1, 0]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
[PID: 2004][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 2028][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 1444][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
[PID: 1456][D:\Program Files\DAEMON Tools Lite\daemon.exe]  [DT Soft Ltd, 4.30.1.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [D:\Program Files\DAEMON Tools Lite\DaemonPlugin.dll]  [DT Soft Ltd, 4.12.0.0]
    [D:\Program Files\DAEMON Tools Lite\daemon.dll]  [DT Soft Ltd., 4.30.0.0]
    [D:\Program Files\DAEMON Tools Lite\imgengine.dll]  [DT Soft Ltd., 1.17.0.0]
    [D:\Program Files\DAEMON Tools Lite\Lang\CHS.dll]  [N/A, ]
    [D:\Program Files\DAEMON Tools Lite\Lang\ENU.dll]  [N/A, ]
    [D:\Program Files\DAEMON Tools Lite\Plugins\ISOmaker.dll]  [DT Soft Ltd, 1.0.0.0]
    [D:\Program Files\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1004]
[PID: 1464][C:\Program Files\PPStream\ppsap.exe]  [PPStream Inc, 1, 0, 11, 139]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\PPStream\1.1.0.2640\vodnet.dll]  [PPStream Inc., 1, 0, 11, 179]
    [d:\Program Files\PPStream\1.1.0.2640\vodres.dll]  [PPStream Inc., 1, 0, 11, 179]
    [d:\Program Files\PPStream\1.1.0.2640\ppssg.dll]  [PPStream Inc., 1, 0, 11, 179]
    [d:\Program Files\PPStream\1.1.0.2640\fds.dll]  [PPStream Inc., 1, 0, 0, 98]
[PID: 808][C:\Documents and Settings\Administrator\桌面\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
[PID: 1760][C:\Documents and Settings\Administrator\桌面\SRE9b4eb966.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\8C7118DF.dll]  [N/A, ]
    [C:\WINDOWS\system32\nljbgicf.dll]  [N/A, ]
    [C:\WINDOWS\system32\iipnaaha.dll]  [N/A, ]
    [C:\WINDOWS\system32\BFD5A1ED.dll]  [N/A, ]
    [C:\WINDOWS\system32\medeffkb.dll]  [N/A, ]
    [C:\WINDOWS\system32\jelpjalp.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1004]
    [C:\Documents and Settings\Administrator\桌面\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 756, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 808, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

无法进入安全模式，会蓝屏。无法系统还原，无法拨号上网，软件打不开。。。。。。。。。。。

请LZ今后以附件形式上传sreng日志、、、

解压附件里的文件，将userinit.exe放在smtrpl.exe所在目录下，运行smtrpl.exe，路径里输入：C:\WINDOWS\system32\userinit.exe，点击开始替换
运行XPSP2_rpcss.exe

使用XDelBox(下载地址：http://bbs.ikaka.com/attachment.aspx?attachmentid=446806）
删除以下文件：（使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后记得勾选抑制其再生，在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备）

C:\WINDOWS\system32\jelpjalp.dll
C:\WINDOWS\system32\medeffkb.dll

C:\WINDOWS\system32\BFD5A1ED.dll
C:\WINDOWS\system32\iipnaaha.dll
C:\WINDOWS\system32\nljbgicf.dll
C:\WINDOWS\system32\8C7118DF.dll


重启后使用SREng修复下面各项：

启动项目 －－ 注册表之如下项删除：



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{01F7E3A2-070C-429B-9290-4862AD371438}><C:\WINDOWS\system32\01F7E3A2.dll>  [File is missing]
    <{211605F3-DAD9-4345-9441-961B48F8F2F1}><C:\WINDOWS\system32\ihhmglfj.dll>  [File is missing]
    <{BFD5A1ED-5B2B-4EB9-AC3D-A7729EFFD15C}><C:\WINDOWS\system32\BFD5A1ED.dll>  []
    <{3851A233-FDB5-4D1D-AFDB-8463A568B8AC}><C:\WINDOWS\system32\jolhaijj.dll>  [File is missing]
    <{A9C345DF-A74C-4E95-8992-D3FAE8D393BC}><C:\WINDOWS\system32\apcjkldf.dll>  [File is missing]
    <{5D09BB2B-D66C-4418-BF18-13F8F4C7B821}><C:\WINDOWS\system32\ldgpbbib.dll>  [File is missing]
    <{794F8D09-AD2D-49A0-9354-7D5AA6B82923}><C:\WINDOWS\system32\npkfodgp.dll>  [File is missing]
    <{101D4DC0-AB92-46CD-A4C0-1ACF07A20F91}><C:\WINDOWS\system32\hghdkdcg.dll>  [File is missing]
    <{18847B0E-EBD3-4CF3-A206-A307FC5EFF63}><C:\WINDOWS\system32\hooknbge.dll>  [File is missing]
    <{DDE8FA76-9084-4D4E-8304-4E06078AEF23}><C:\WINDOWS\system32\ddeofanm.dll>  [File is missing]
    <{0310345D-3254-49CB-A6D8-2B421C7C7A62}><C:\WINDOWS\system32\0310345D.dll>  [File is missing]
    <{185640FE-4331-4DC6-A249-078B11164EA0}><C:\WINDOWS\system32\holmkgfe.dll>  [File is missing]
    <{671842F1-94D0-4F0A-BC9F-BC1F76303854}><C:\WINDOWS\system32\671842F1.dll>  [File is missing]
    <{E80E6216-4133-4A20-B86E-D13DBDF13813}><C:\WINDOWS\system32\eogemihm.dll>  [File is missing]
    <{BF2EA484-3CA2-498F-9C0D-CAD95B2AF133}><C:\WINDOWS\system32\BF2EA484.dll>  [File is missing]
    <{2A2B1B6C-DFA0-4576-A8E4-E966AB6ACF91}><C:\WINDOWS\system32\iaibhbmc.dll>  [File is missing]
    <{18CAA594-80B1-4F38-8CE0-6C50AB3F9112}><C:\WINDOWS\system32\hocaalpk.dll>  [File is missing]
    <{056E5FD3-9058-43C4-8CC9-3CF0C37087D1}><C:\WINDOWS\system32\glmelfdj.dll>  [File is missing]
    <{39D8FC3D-5A7C-4782-A25C-BE2D0E9320E8}><C:\WINDOWS\system32\jpdofcjd.dll>  [File is missing]
    <{55BBADCC-4241-405D-8119-2C06DB5A5DFD}><C:\WINDOWS\system32\llbbadcc.dll>  [File is missing]
    <{78921BC2-EAD7-40DF-AD74-D7F5045599C8}><C:\WINDOWS\system32\nopihbci.dll>  [File is missing]
    <{189F2AE7-01C4-40C4-88AE-80B1A1BEBBB9}><C:\WINDOWS\system32\189F2AE7.dll>  [File is missing]
    <{77AC5F51-B3C2-40D4-B306-EE91119A0B10}><C:\WINDOWS\system32\nnaclflh.dll>  [File is missing]
    <{BCD0E4CE-A14D-4669-866E-B2287746E495}><C:\WINDOWS\system32\BCD0E4CE.dll>  [File is missing]
    <{2ADC6359-06C2-46DA-B413-228DCFD0EC61}><C:\WINDOWS\system32\iadcmjlp.dll>  [File is missing]
    <{CDBF8460-A991-41FD-B497-E28628C610A4}><C:\WINDOWS\system32\cdbfokmg.dll>  [File is missing]
    <{9CF6103A-56EA-4658-921D-BF031C9F4FF3}><C:\WINDOWS\system32\9CF6103A.dll>  [File is missing]
    <{66A8A773-2F9C-43A0-B116-57E20986111C}><C:\WINDOWS\system32\mmaoannj.dll>  [File is missing]
    <{2297AA1A-0FFE-437E-B604-C2A6C8D2F8EC}><C:\WINDOWS\system32\iipnaaha.dll>  []
    <{753B02CF-EEA0-4C12-873C-86E5CD067186}><C:\WINDOWS\system32\nljbgicf.dll>  []
    <{8C7118DF-7517-418D-83C8-465A21FA2302}><C:\WINDOWS\system32\8C7118DF.dll>  []
    <{3E593A59-4A82-4AC4-AD54-5D0CAB476C50}><C:\WINDOWS\system32\jelpjalp.dll>  []
    <{6EDEFF4B-62E7-4361-918E-B3ACFA668985}><C:\WINDOWS\system32\medeffkb.dll>  []
    <{07D484EC-FF36-408B-BD1C-40D5B28E3C7B}><C:\WINDOWS\system32\07D484EC.dll>  [File is missing]
    <{EFCBA376-6453-4275-B4D1-0E93323B17BC}><C:\WINDOWS\system32\EFCBA376.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<14869E6D><C:\WINDOWS\system32\14869E6D.dll>  [File is missing]
    <01F7E3A2><C:\WINDOWS\system32\01F7E3A2.dll>  [File is missing]
    <3A56FA04><C:\WINDOWS\system32\3A56FA04.dll>  [File is missing]
    <3A0BB70E><C:\WINDOWS\system32\3A0BB70E.dll>  [File is missing]
    <07D484EC><C:\WINDOWS\system32\07D484EC.dll>  [File is missing]
    <EFCBA376><C:\WINDOWS\system32\EFCBA376.dll>  [File is missing]
    <C91EE123><>  [N/A]
    <211605F3><C:\WINDOWS\system32\ihhmglfj.dll>  [File is missing]
    <3851A233><C:\WINDOWS\system32\jolhaijj.dll>  [File is missing]
    <BFD5A1ED><C:\WINDOWS\system32\BFD5A1ED.dll>  []
    <A9C345DF><C:\WINDOWS\system32\apcjkldf.dll>  [File is missing]
    <45FB53EB><>  [N/A]
    <5D09BB2B><C:\WINDOWS\system32\ldgpbbib.dll>  [File is missing]
    <794F8D09><C:\WINDOWS\system32\npkfodgp.dll>  [File is missing]
    <101D4DC0><C:\WINDOWS\system32\hghdkdcg.dll>  [File is missing]
    <18847B0E><C:\WINDOWS\system32\hooknbge.dll>  [File is missing]
    <DDE8FA76><C:\WINDOWS\system32\ddeofanm.dll>  [File is missing]
    <0310345D><C:\WINDOWS\system32\0310345D.dll>  [File is missing]
    <185640FE><C:\WINDOWS\system32\holmkgfe.dll>  [File is missing]
    <671842F1><C:\WINDOWS\system32\671842F1.dll>  [File is missing]
    <E80E6216><C:\WINDOWS\system32\eogemihm.dll>  [File is missing]
    <BF2EA484><C:\WINDOWS\system32\BF2EA484.dll>  [File is missing]
    <2A2B1B6C><C:\WINDOWS\system32\iaibhbmc.dll>  [File is missing]
    <18CAA594><C:\WINDOWS\system32\hocaalpk.dll>  [File is missing]
    <056E5FD3><C:\WINDOWS\system32\glmelfdj.dll>  [File is missing]
    <39D8FC3D><C:\WINDOWS\system32\jpdofcjd.dll>  [File is missing]
    <55BBADCC><C:\WINDOWS\system32\llbbadcc.dll>  [File is missing]
    <78921BC2><C:\WINDOWS\system32\nopihbci.dll>  [File is missing]
    <189F2AE7><C:\WINDOWS\system32\189F2AE7.dll>  [File is missing]
    <77AC5F51><C:\WINDOWS\system32\nnaclflh.dll>  [File is missing]
    <BCD0E4CE><C:\WINDOWS\system32\BCD0E4CE.dll>  [File is missing]
    <2ADC6359><C:\WINDOWS\system32\iadcmjlp.dll>  [File is missing]
    <CDBF8460><C:\WINDOWS\system32\cdbfokmg.dll>  [File is missing]
    <9CF6103A><C:\WINDOWS\system32\9CF6103A.dll>  [File is missing]
    <66A8A773><C:\WINDOWS\system32\mmaoannj.dll>  [File is missing]
    <2297AA1A><C:\WINDOWS\system32\iipnaaha.dll>  []
    <753B02CF><C:\WINDOWS\system32\nljbgicf.dll>  []
    <8C7118DF><C:\WINDOWS\system32\8C7118DF.dll>  []
    <3E593A59><C:\WINDOWS\system32\jelpjalp.dll>  []
    <6EDEFF4B><C:\WINDOWS\system32\medeffkb.dll>  []



<AppInit_DLLs><jelpjalp.dll,medeffkb.dll,BFD5A1ED.dll,iipnaaha.dll,nljbgicf.dll,8C7118DF.dll> 改为<AppInit_DLLs><>


启动项目 －－ 服务－－ 驱动程序之如下项删除:
SREng-在"启动项目->服务－>驱动程序中"选中"隐藏已认证的微软项目"然后删除下面名称的驱动程序(选中有问题的驱动后，点"删除服务"，点“设置”按钮即可。注意弹出的窗口中要点 "否NO"才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):

[0005ef97 / 0005ef97][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0005ef97.sys><N/A>
msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>


用W i n d o w s 清理助手 ，清理系统。
W i n d o w s 清理助手 下载：http://www.arswp.com/