svchost第一个是rpcss第二个是termsvcs第三个是NetworkService第四个是LocalService第五个是netsvcs
CommandLine: 'C:\WINDOWS\system32\svchost -k rpcss'
CommandLine: 'C:\WINDOWS\System32\svchost.exe -k termsvcs'
CommandLine: 'C:\WINDOWS\system32\svchost.exe -k NetworkService'
CommandLine: 'C:\WINDOWS\system32\svchost.exe -k LocalService'
CommandLine: 'C:\WINDOWS\System32\svchost.exe -k netsvcs'
PROCESS 89593758 SessionId: 0 Cid: 01f4 Peb: 7ffdf000 ParentCid: 01c8
DirBase: 7a0cc000 ObjectTable: e141e7f0 HandleCount: 308.
Image: services.exe
PROCESS 8950d020 SessionId: 0 Cid: 0200 Peb: 7ffdf000 ParentCid: 01c8
DirBase: 79f94000 ObjectTable: e1430ee0 HandleCount: 392.
Image: lsass.exe
PROCESS 89460d88 SessionId: 0 Cid: 02c0 Peb: 7ffdf000 ParentCid: 01f4
DirBase: 79cc5000 ObjectTable: e143d9f0 HandleCount: 195.
Image: svchost.exe
PROCESS 898ac478 SessionId: 0 Cid: 02e8 Peb: 7ffdf000 ParentCid: 01f4
DirBase: 79a1c000 ObjectTable: e143fc08 HandleCount: 195.
Image: svchost.exe
PROCESS 897ad8c0 SessionId: 0 Cid: 037c Peb: 7ffdf000 ParentCid: 01f4
DirBase: 793ad000 ObjectTable: e1754458 HandleCount: 128.
Image: svchost.exe
PROCESS 896a0598 SessionId: 0 Cid: 03b0 Peb: 7ffdf000 ParentCid: 01f4
DirBase: 793f2000 ObjectTable: e17f4c08 HandleCount: 79.
Image: svchost.exe
PROCESS 8940f8d0 SessionId: 0 Cid: 03bc Peb: 7ffdf000 ParentCid: 01f4
DirBase: 792b8000 ObjectTable: e17c66d8 HandleCount: 919.
Image: svchost.exe
PROCESS 897b7d88 SessionId: 0 Cid: 0498 Peb: 7ffdf000 ParentCid: 01f4
DirBase: 7994a000 ObjectTable: e17c30a8 HandleCount: 130.
Image: spoolsv.exe
PROCESS 89831d88 SessionId: 0 Cid: 04b4 Peb: 7ffdf000 ParentCid: 01f4
DirBase: 78f51000 ObjectTable: e1813f48 HandleCount: 165.
Image: msdtc.exe
第一个:CommandLine: 'C:\WINDOWS\system32\svchost -k rpcss'
0: kd> !peb
PEB at 7ffdf000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: No
ImageBaseAddress: 01000000
NtGlobalFlag: 440000
NtGlobalFlag2: 0
Ldr 77fba600
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 00182508 . 00182d40
Ldr.InLoadOrderModuleList: 001824a0 . 00182fb8
Ldr.InMemoryOrderModuleList: 001824a8 . 00182fc0
Base TimeStamp Module
1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\system32\svchost.exe
77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
74f10000 66e651cf Sep 15 11:17:35 2024 c:\windows\system32\rpcss.dll
77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
70440000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\system32\mswsock.dll
70400000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\wshtcpip.dll
76c80000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\system32\CLBCatQ.DLL
76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
76d20000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\system32\COMRes.dll
77af0000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\VERSION.dll
SubSystemData: 00000000
ProcessHeap: 00080000
ProcessParameters: 00020000
CurrentDirectory: 'C:\WINDOWS\system32\'
WindowTitle: 'C:\WINDOWS\system32\svchost.exe'
ImageFile: 'C:\WINDOWS\system32\svchost.exe'
CommandLine: 'C:\WINDOWS\system32\svchost -k rpcss'
第二个是:CommandLine: 'C:\WINDOWS\System32\svchost.exe -k termsvcs'
0: kd> !peb
PEB at 7ffdf000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: No
ImageBaseAddress: 01000000
NtGlobalFlag: 440000
NtGlobalFlag2: 0
Ldr 77fba600
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 00182508 . 00183bb8
Ldr.InLoadOrderModuleList: 001824a0 . 00183c50
Ldr.InMemoryOrderModuleList: 001824a8 . 00183c58
Base TimeStamp Module
1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\System32\svchost.exe
77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
768a0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\NTMARTA.DLL
77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\System32\SAMLIB.dll
76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
74870000 66e651d2 Sep 15 11:17:38 2024 c:\windows\system32\termsrv.dll
74460000 66e651d5 Sep 15 11:17:41 2024 c:\windows\system32\ICAAPI.dll
76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
76880000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\AUTHZ.dll
74660000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\mstlsapi.dll
76a80000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\ACTIVEDS.dll
76a50000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\adsldpc.dll
705a0000 66e651ec Sep 15 11:18:04 2024 c:\windows\system32\NETAPI32.dll
76850000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\imagehlp.dll
767b0000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\credui.dll
77200000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\SHELL32.dll
770c0000 66e651c2 Sep 15 11:17:22 2024 C:\WINDOWS\system32\SHLWAPI.dll
76690000 3e801277 Mar 25 16:25:27 2003 c:\windows\system32\ATL.DLL
75c10000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\CRYPT32.dll
75bf0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\MSASN1.dll
6f610000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\comctl32.dll
76740000 66e651c6 Sep 15 11:17:26 2024 C:\WINDOWS\System32\REGAPI.dll
ffd0000 3e801389 Mar 25 16:30:01 2003 C:\WINDOWS\System32\rsaenh.dll
767a0000 66e651c6 Sep 15 11:17:26 2024 C:\WINDOWS\System32\PSAPI.DLL
77af0000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\VERSION.dll
751c0000 66e651ce Sep 15 11:17:34 2024 C:\WINDOWS\system32\USERENV.dll
70fb0000 66e657c4 Sep 15 11:43:00 2024 C:\WINDOWS\System32\rdpwsx.dll
71d70000 66e651e4 Sep 15 11:17:56 2024 C:\WINDOWS\System32\WINSPOOL.DRV
SubSystemData: 00000000
ProcessHeap: 00080000
ProcessParameters: 00020000
CurrentDirectory: 'C:\WINDOWS\system32\'
WindowTitle: 'C:\WINDOWS\System32\svchost.exe'
ImageFile: 'C:\WINDOWS\System32\svchost.exe'
CommandLine: 'C:\WINDOWS\System32\svchost.exe -k termsvcs'
DllPath: 'C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem'
Environment: 00010000
ALLUSERSPROFILE=C:\Documents and Settings\All Users
ClusterLog=C:\WINDOWS\Cluster\cluster.log
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NTDEV-QQTQSNLDX
ComSpec=C:\WINDOWS\system32\cmd.exe
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0503
ProgramFiles=C:\Program Files
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
USERPROFILE=C:\WINDOWS\system32\config\systemprofile
windir=C:\WINDOWS
第三个:CommandLine: 'C:\WINDOWS\system32\svchost.exe -k NetworkService'
0: kd> !peb
PEB at 7ffdf000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: No
ImageBaseAddress: 01000000
NtGlobalFlag: 440000
NtGlobalFlag2: 0
Ldr 77fba600
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 00182508 . 00184180
Ldr.InLoadOrderModuleList: 001824a0 . 00184170
Ldr.InMemoryOrderModuleList: 001824a8 . 00184178
Base TimeStamp Module
1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\system32\svchost.exe
77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
76960000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\dhcpcsvc.dll
77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
76b80000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\DNSAPI.dll
70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
76940000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\iphlpapi.dll
77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
761b0000 66e651c8 Sep 15 11:17:28 2024 c:\windows\system32\dnsrslvr.dll
70440000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\system32\mswsock.dll
70400000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\wshtcpip.dll
769f0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\netman.dll
76920000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\MPRAPI.dll
76a80000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\ACTIVEDS.dll
76a50000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\adsldpc.dll
705a0000 66e651ec Sep 15 11:18:04 2024 C:\WINDOWS\system32\NETAPI32.dll
76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
76850000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\imagehlp.dll
767b0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\credui.dll
77200000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\SHELL32.dll
770c0000 66e651c2 Sep 15 11:17:22 2024 C:\WINDOWS\system32\SHLWAPI.dll
76690000 3e801277 Mar 25 16:25:27 2003 C:\WINDOWS\system32\ATL.DLL
76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
76ac0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\rtutils.dll
59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\system32\SAMLIB.dll
76070000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\system32\SETUPAPI.dll
76b30000 66e651c4 Sep 15 11:17:24 2024 C:\WINDOWS\system32\RASAPI32.dll
76ad0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\rasman.dll
76af0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\TAPI32.dll
766b0000 66e651c7 Sep 15 11:17:27 2024 C:\WINDOWS\system32\WINMM.dll
75c10000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\CRYPT32.dll
75bf0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\MSASN1.dll
76990000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\WZCSvc.DLL
76910000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\WMI.dll
76bd0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WTSAPI32.dll
75cd0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\WINSTA.dll
67440000 66e6524a Sep 15 11:19:38 2024 C:\WINDOWS\system32\ESENT.dll
71da0000 66e651e4 Sep 15 11:17:56 2024 C:\WINDOWS\system32\WZCSAPI.DLL
6f610000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\comctl32.dll
SubSystemData: 00000000
ProcessHeap: 00080000
ProcessParameters: 00020000
CurrentDirectory: 'C:\WINDOWS\system32\'
WindowTitle: 'C:\WINDOWS\system32\svchost.exe'
ImageFile: 'C:\WINDOWS\system32\svchost.exe'
CommandLine: 'C:\WINDOWS\system32\svchost.exe -k NetworkService'
第四个:CommandLine: 'C:\WINDOWS\system32\svchost.exe -k LocalService'
0: kd> !peb
PEB at 7ffdf000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: No
ImageBaseAddress: 01000000
NtGlobalFlag: 440000
NtGlobalFlag2: 0
Ldr 77fba600
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 00182508 . 00182bf8
Ldr.InLoadOrderModuleList: 001824a0 . 00182dd0
Ldr.InMemoryOrderModuleList: 001824a8 . 00182dd8
Base TimeStamp Module
1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\system32\svchost.exe
77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
768a0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\NTMARTA.DLL
77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\system32\SAMLIB.dll
76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
73fa0000 66e651d7 Sep 15 11:17:43 2024 c:\windows\system32\lmhsvc.dll
76940000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\iphlpapi.dll
70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
SubSystemData: 00000000
ProcessHeap: 00080000
ProcessParameters: 00020000
CurrentDirectory: 'C:\WINDOWS\system32\'
WindowTitle: 'C:\WINDOWS\system32\svchost.exe'
ImageFile: 'C:\WINDOWS\system32\svchost.exe'
CommandLine: 'C:\WINDOWS\system32\svchost.exe -k LocalService'
DllPath: 'C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem'
Environment: 00010000
ALLUSERSPROFILE=C:\Documents and Settings\All Users
ClusterLog=C:\WINDOWS\Cluster\cluster.log
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NTDEV-QQTQSNLDX
ComSpec=C:\WINDOWS\system32\cmd.exe
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0503
ProgramFiles=C:\Program Files
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp
USERDOMAIN=NT AUTHORITY
USERNAME=LOCAL SERVICE
USERPROFILE=C:\Documents and Settings\LocalService
windir=C:\WINDOWS
第五个: CommandLine: 'C:\WINDOWS\System32\svchost.exe -k netsvcs'
0: kd> !peb
PEB at 7ffdf000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: No
ImageBaseAddress: 01000000
NtGlobalFlag: 440000
NtGlobalFlag2: 0
Ldr 77fba600
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 00182508 . 00186bc0
Ldr.InLoadOrderModuleList: 001824a0 . 00186c50
Ldr.InMemoryOrderModuleList: 001824a8 . 00186c58
Base TimeStamp Module
1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\System32\svchost.exe
77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
768a0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\NTMARTA.DLL
77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\System32\SAMLIB.dll
76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
76990000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\wzcsvc.dll
76ac0000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\rtutils.dll
76910000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\WMI.dll
76960000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\DHCPCSVC.DLL
76b80000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\DNSAPI.dll
70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
76940000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\iphlpapi.dll
76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
75c10000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\CRYPT32.dll
75bf0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\MSASN1.dll
76bd0000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\WTSAPI32.dll
75cd0000 66e651ca Sep 15 11:17:30 2024 c:\windows\system32\WINSTA.dll
705a0000 66e651ec Sep 15 11:18:04 2024 c:\windows\system32\NETAPI32.dll
770c0000 66e651c2 Sep 15 11:17:22 2024 C:\WINDOWS\system32\SHLWAPI.dll
67440000 66e6524a Sep 15 11:19:38 2024 c:\windows\system32\ESENT.dll
743c0000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\System32\rastls.dll
76690000 3e801277 Mar 25 16:25:27 2003 C:\WINDOWS\System32\ATL.DLL
74ad0000 66e651d0 Sep 15 11:17:36 2024 C:\WINDOWS\System32\CRYPTUI.dll
767f0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\WINTRUST.dll
76850000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\imagehlp.dll
761f0000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\System32\NTDSAPI.dll
76920000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\MPRAPI.dll
76a80000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\ACTIVEDS.dll
76a50000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\adsldpc.dll
767b0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\credui.dll
77200000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\SHELL32.dll
76070000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\System32\SETUPAPI.dll
76b30000 66e651c4 Sep 15 11:17:24 2024 C:\WINDOWS\System32\RASAPI32.dll
76ad0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\rasman.dll
76af0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\TAPI32.dll
766b0000 66e651c7 Sep 15 11:17:27 2024 C:\WINDOWS\System32\WINMM.dll
76260000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\System32\SCHANNEL.dll
751c0000 66e651ce Sep 15 11:17:34 2024 C:\WINDOWS\system32\USERENV.dll
70f10000 66e651e8 Sep 15 11:18:00 2024 C:\WINDOWS\System32\WinSCard.dll
6f730000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.0.0_x-ww_8A69BA05\COMCTL32.dll
6f610000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\Comctl32.dll
743f0000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\System32\raschap.dll
76760000 66e651c6 Sep 15 11:17:26 2024 c:\windows\system32\shsvcs.dll
76c80000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\System32\CLBCatQ.DLL
76d20000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\System32\COMRes.dll
77af0000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\VERSION.dll
74740000 66e651d2 Sep 15 11:17:38 2024 c:\windows\system32\schedsvc.dll
76880000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\AUTHZ.dll
70440000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\mswsock.dll
70400000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\wshtcpip.dll
74430000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\System32\MSIDLE.DLL
6f120000 66e65204 Sep 15 11:18:28 2024 c:\windows\system32\audiosrv.dll
746c0000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\wkssvc.dll
564a0000 66e655a5 Sep 15 11:33:57 2024 C:\WINDOWS\System32\wiarpc.dll
74490000 66e651d4 Sep 15 11:17:40 2024 c:\windows\system32\cryptsvc.dll
74910000 66e651d1 Sep 15 11:17:37 2024 c:\windows\system32\certcli.dll
767a0000 66e651c6 Sep 15 11:17:26 2024 c:\windows\system32\PSAPI.DLL
58130000 66e65582 Sep 15 11:33:22 2024 c:\windows\system32\VSSAPI.DLL
76730000 66e651c7 Sep 15 11:17:27 2024 c:\windows\system32\sfc.dll
76820000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\sfc_os.dll
74480000 66e651d5 Sep 15 11:17:41 2024 c:\windows\system32\dmserver.dll
766f0000 3e801277 Mar 25 16:25:27 2003 c:\windows\system32\es.dll
74410000 66e651d5 Sep 15 11:17:41 2024 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
745d0000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\srvsvc.dll
72b50000 66e651de Sep 15 11:17:50 2024 c:\windows\system32\seclogon.dll
70db0000 66e651e9 Sep 15 11:18:01 2024 c:\windows\system32\sens.dll
745a0000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\trkwks.dll
76210000 66e651c8 Sep 15 11:17:28 2024 c:\windows\system32\w32time.dll
780c0000 3cf54155 May 30 05:00:05 2002 c:\windows\system32\MSVCP60.dll
54f90000 66e655af Sep 15 11:34:07 2024 c:\windows\system32\wbem\wmisvc.dll
74370000 66e651d6 Sep 15 11:17:42 2024 c:\windows\system32\wuauserv.dll
744f0000 66e651d4 Sep 15 11:17:40 2024 C:\WINDOWS\System32\wuaueng.dll
74800000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\System32\ADVPACK.dll
75b30000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\WININET.dll
76c50000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\System32\winrnr.dll
744d0000 66e651d4 Sep 15 11:17:40 2024 c:\windows\system32\browser.dll
756d0000 66e651cc Sep 15 11:17:32 2024 C:\WINDOWS\System32\SXS.DLL
74db0000 3e801284 Mar 25 16:25:40 2003 C:\WINDOWS\System32\comsvcs.dll
74a50000 66e651d1 Sep 15 11:17:37 2024 C:\WINDOWS\System32\Wbem\wbemcore.dll
748d0000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\System32\Wbem\esscli.dll
74830000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\System32\Wbem\wbemcomn.dll
74d30000 66e651cf Sep 15 11:17:35 2024 C:\WINDOWS\System32\Wbem\FastProx.dll
74380000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\system32\wbem\wbemsvc.dll
74540000 66e651d4 Sep 15 11:17:40 2024 C:\WINDOWS\system32\wbem\wmiutils.dll
74790000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\system32\wbem\repdrvfs.dll
54ff0000 66e655ac Sep 15 11:34:04 2024 C:\WINDOWS\system32\wbem\wmiprvsd.dll
5c830000 66e65578 Sep 15 11:33:12 2024 C:\WINDOWS\system32\NCObjAPI.DLL
74970000 66e651d1 Sep 15 11:17:37 2024 C:\WINDOWS\system32\wbem\wbemess.dll
ffd0000 3e801389 Mar 25 16:30:01 2003 C:\WINDOWS\System32\rsaenh.dll
70690000 66e651ec Sep 15 11:18:04 2024 C:\WINDOWS\system32\actxprxy.dll
769f0000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\netman.dll
71da0000 66e651e4 Sep 15 11:17:56 2024 c:\windows\system32\WZCSAPI.DLL
754a0000 66e651cd Sep 15 11:17:33 2024 C:\WINDOWS\system32\NETSHELL.dll
744b0000 66e651d4 Sep 15 11:17:40 2024 C:\WINDOWS\system32\CLUSAPI.dll
74c00000 66e651d0 Sep 15 11:17:36 2024 C:\WINDOWS\system32\netcfgx.dll
730e0000 66e651dc Sep 15 11:17:48 2024 C:\WINDOWS\system32\WINIPSEC.DLL
65f50000 66e6522c Sep 15 11:19:08 2024 C:\WINDOWS\system32\hnetcfg.dll
74390000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\system32\wbem\wbemprox.dll
74b50000 66e651d0 Sep 15 11:17:36 2024 C:\WINDOWS\System32\RASDLG.dll
76c70000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\System32\rasadhlp.dll
6f7f0000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.0.0_x-ww_E0651936\winhttp.dll
6ba20000 66e65213 Sep 15 11:18:43 2024 C:\WINDOWS\System32\dbghelp.dll
SubSystemData: 00000000
ProcessHeap: 00080000
ProcessParameters: 00020000
CurrentDirectory: 'C:\WINDOWS\system32\'
WindowTitle: 'C:\WINDOWS\System32\svchost.exe'
ImageFile: 'C:\WINDOWS\System32\svchost.exe'
CommandLine: 'C:\WINDOWS\System32\svchost.exe -k netsvcs'
DllPath: 'C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem'
Environment: 00010000
ALLUSERSPROFILE=C:\Documents and Settings\All Users
ClusterLog=C:\WINDOWS\Cluster\cluster.log
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NTDEV-QQTQSNLDX
ComSpec=C:\WINDOWS\system32\cmd.exe
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0503
ProgramFiles=C:\Program Files
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
USERPROFILE=C:\Documents and Settings\LocalService
windir=C:\WINDOWS