一个MM朋友遇到一个很奇怪的问题，语言栏突然不见了，不能打汉字，只能打字母 我尝试用以下办法解决都不可以。
1：控制面板--语言和区域选项--语言--详细信息--语言栏，打开后发现里面是灰色，无法选中。把高级文字服务关掉以后还是灰色，这中方法宣告失败；
2：winkey+R 运行ctfmon命令 没有响应，同样失败；
3：这时候有点慌了，winkey+R 运行internat,这次有反映了，不过是提示找不到文件；
另外自定义键盘组合也不行，

虽然有一台系统已经重新做了，刚刚又告诉我这个也是那样的毛病，大家一起来探讨一下。废话不多说，下面是日志
[CODE]
2008-03-31,17:52:03
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <epsng_certd_bjrcb><C:\Program Files\ngsrv\epsng_certd_bjrcb.exe -r>  [OEM]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <igzwzslm><C:\WINDOWS\gwsmhxuq.exe>  []
    <WINSvr32><C:\WINDOWS\WINSvr32.exE>  []
    <SoundMan><SoundMan.exe>  [1]
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <SHAProc><C:\WINDOWS\SHAProc.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.dll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dscef.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,rhs.dll,atehhz.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll,>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll>  []
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{D29DCEE0-457B-45A2-A92D-741B95B7723B}><C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Loader.exe]
    <IFEO[360Loader.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
    <IFEO[ctfmon.exe]><SoundMan.exe>  [1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword]
    <IFEO[IceSword]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras]
    <IFEO[ras]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep]
    <IFEO[runiep]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    <IFEO[taskmgr.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\interne.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ngSlotDaemon / ngSlotD][Running/Auto Start]
  <C:\Program Files\ngsrv\ngslotd.exe><OEM>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"F:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"F:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt][Running/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13C.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1D.tmp><N/A>
[drop / drop][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp70.tmp><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17E.tmp><N/A>
[fpids32 / fpids32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosfpids32.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD8.tmp><N/A>
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp73.tmp><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ping / ping][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8B.tmp><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[S3SavageNB / S3SavageNB][Running/Manual Start]
  <system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[xuobomj / xuobomj][Running/Boot Start]
  <\SystemRoot\system32\drivers\xuobomj.sys><>

==================================
浏览器加载项
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, Tencent>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[MaskEdit Control]
  {963050D4-5B9F-418D-A538-67A1F9B1BD5D} <C:\WINDOWS\DOWNLO~1\MaskEdit.ocx, CSII>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Iesign Control]
  {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6AA} <C:\WINDOWS\DOWNLO~1\iesign.ocx, csii>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Data Source Object]
  {550DDA30-0541-11D2-9CA9-0060B0EC3D39} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[MaskEdit Control]
  {963050D4-5B9F-418D-A538-67A1F9B1BD5D} <C:\WINDOWS\DOWNLO~1\MaskEdit.ocx, CSII>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Iesign Control]
  {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6AA} <C:\WINDOWS\DOWNLO~1\iesign.ocx, csii>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================

正在运行的进程
[PID: 540 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 676 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 920 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 1064 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\System32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\System32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\System32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\System32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\System32\msepbe.dll]  [N/A, ]
[PID: 1140 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 1304 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 1820 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 216 / SYSTEM][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe]  [Autodesk, 2.66.000]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 452 / SYSTEM][C:\WINDOWS\SoundMan.exe]  [1, 1.00]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
[PID: 992 / Administrator][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system\cmicnfg.cpl]  [C-Media Corporation, 1, 0, 41, 16]
    [C:\WINDOWS\System32\udaprop.dll]  [C-Media Corporation, 1.0.2.2]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
[PID: 1012 / Administrator][C:\Program Files\ngsrv\epsng_certd_bjrcb.exe]  [OEM, 1, 0, 7, 802]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system32\bjrcb_11.dll]  [OEM, 1, 1, 7, 802]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
[PID: 1192 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
[PID: 1108 / SYSTEM][C:\Program Files\ngsrv\ngslotd.exe]  [OEM, 1, 2, 7, 802]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\Program Files\ngsrv\slotmon\hidmon.dll]  [Feitian Technologies Co.,Ltd., 1, 0, 7, 802]
[PID: 2212 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 3820 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp243.tmp]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 352 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
[PID: 5628 / Administrator][F:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 62]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [F:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [F:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [F:\Program Files\Rising\Rav\RsCommon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [F:\Program Files\Rising\Rav\ravpagem.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 92]
    [F:\Program Files\Rising\Rav\htmllib.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.15]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [F:\Program Files\Rising\Rav\ravpagew.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 84]
    [F:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [F:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [F:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [F:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [F:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [F:\Program Files\Rising\Rav\SysMail.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [F:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [F:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [F:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 27]
    [F:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [F:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [F:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [F:\Program Files\Rising\Rav\mvengine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [F:\Program Files\Rising\Rav\posttrt.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [F:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [F:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [F:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [F:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [F:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 44]
    [F:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [F:\Program Files\Rising\Rav\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [F:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [F:\Program Files\Rising\Rav\urutils.dll]  [, 20, 0, 0, 3]
    [F:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [F:\Program Files\Rising\Rav\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [F:\Program Files\Rising\Rav\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [F:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [F:\Program Files\Rising\Rav\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
    [F:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [F:\Program Files\Rising\Rav\extole.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [F:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\rzysdhbx.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 3128 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\Program Files\TENCENT\SSPlus\SAddr1.dll]  [Tencent, 5, 0, 6, 18]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Tencent\QQToolbar\IEBar.dll]  [TENCENT, 2, 0, 21, 10]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll]  [TENCENT, 2, 0, 21, 10]
    [C:\WINDOWS\system32\SSup.dll]  [TENCENT, 5, 0, 3, 11]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [F:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
[PID: 5292 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\rzysdhbx.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 4616 / Administrator][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
    [C:\WINDOWS\system32\msosiocp.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\rzysdhbx.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
[PID: 14492 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX13.52672\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 3, 16]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX13.52672\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\rzysdhbx.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
[PID: 7232 / Administrator][C:\WINDOWS\system32\HHHCompress.dll]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
    [C:\WINDOWS\system32\xdksydiwow.dll]  [Microsoft Corporation, 5.1.2600.3099]
[PID: 6896 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2FE.tmp]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 17804 / SYSTEM][C:\WINDOWS\system32\qoq.exe]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 18384 / SYSTEM][C:\WINDOWS\system32\qoq.exe]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]
[PID: 6116 / SYSTEM][C:\WINDOWS\system32\qoq.exe]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 452, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1012, C:\PROGRAM FILES\NGSRV\EPSNG_CERTD_BJRCB.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\NGSRV\NGSLOTD.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3820, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\TMP243.TMP]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3820, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\TMP243.TMP]
特殊特权被允许： SeDebugPrivilege [PID = 5292, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5292, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 7232, C:\WINDOWS\SYSTEM32\HHHCOMPRESS.DLL]
特殊特权被允许： SeLoadDriverPrivilege [PID = 7232, C:\WINDOWS\SYSTEM32\HHHCOMPRESS.DLL]
特殊特权被允许： SeDebugPrivilege [PID = 6896, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\TMP2FE.TMP]
特殊特权被允许： SeLoadDriverPrivilege [PID = 6896, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\TMP2FE.TMP]
特殊特权被允许： SeSystemtimePrivilege [PID = 17804, C:\WINDOWS\SYSTEM32\QOQ.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 18384, C:\WINDOWS\SYSTEM32\QOQ.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 6116, C:\WINDOWS\SYSTEM32\QOQ.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

首先启动项:
igzwzslm><C:\WINDOWS\gwsmhxuq.exe>  []
    <WINSvr32><C:\WINDOWS\WINSvr32.exE>  []
    <SoundMan><SoundMan.exe>  [1]
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <SHAProc><C:\WINDOWS\SHAProc.exe>  []
木马群

驱动里面这样的东西不少:
  [cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13C.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1D.tmp><N/A>
冒似机器狗


进程中:
[C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]


PID: 6116 / SYSTEM][C:\WINDOWS\system32\qoq.exe]  [N/A, ]
    [C:\WINDOWS\system32\jwlah.dll]  [N/A, ]
    [C:\WINDOWS\system32\sehhter.dll]  [N/A, ]
    [C:\WINDOWS\system32\xgnfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzijj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xbcvxb.dll]  [N/A, ]
    [C:\WINDOWS\system32\zdbfbd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msepbe.dll]  [N/A, ]

[PID: 7232 / Administrator][C:\WINDOWS\system32\HHHCompress.dll]  [N/A, ]
.
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]

.等
.
这个报告确实有保存的价值,

值得研究了~现在有不少木马都是让输入法失灵的~甚至任务管理器和注册表都打不开~