[CODE]

2008-10-29,16:35:07

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <PPS Accelerator><F:\Program Files\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <FTSafeNetRockeyService4.0><D:\keydog\keydog\nrSvr.exe -systray>  [Feitian Technologies Co.,Ltd.]
    <360Antiarp><F:\KuGoo\360safe\antiarp\antiarp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [File is missing]
    <runeip><"F:\xxxx\kaka\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <360Safetray><F:\KuGoo\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><stobject.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINNT\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
    <EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avast.exe]
    <IFEO[avast.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe]
    <IFEO[guard.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav.exe]
    <IFEO[kav.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvMonXP.exe]
    <IFEO[KvMonXP.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVXP.exe]
    <IFEO[KVXP.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegCleaner.exe]
    <IFEO[RegCleaner.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
    <IFEO[rfwproxy.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
    <IFEO[sched.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscntfy.exe]
    <IFEO[wscntfy.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe]
    <IFEO[wuauclt.exe]><IFEOFILE>  [N/A]

==================================
启动文件夹
[hamachi]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\hamachi.lnk --> C:\PROGRA~1\Hamachi\hamachi.exe [LogMeIn Inc.]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Alerter / Alerter][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Computer Browser / Browser][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
  <C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Indexing Service / cisvc][Stopped/Disabled]
  <C:\WINNT\system32\cisvc.exe><Microsoft Corporation>
[ClipBook / ClipSrv][Stopped/Manual Start]
  <C:\WINNT\system32\clipsrv.exe><Microsoft Corporation>
[Distributed File System / Dfs][Running/Auto Start]
  <C:\WINNT\system32\Dfssvc.exe><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Logical Disk Manager / dmserver][Running/Auto Start]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[DNS Client / Dnscache][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Event Log / Eventlog][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Fax Service / Fax][Stopped/Manual Start]
  <C:\WINNT\system32\faxsvc.exe><Microsoft Corporation>
[FTSafe Net Rockey Service / FTSafeNetRockeyService4.0][Running/Auto Start]
  <D:\keydog\keydog\nrSvr.exe -dispatch><Feitian Technologies Co.,Ltd.>
[Intersite Messaging / IsmServ][Stopped/Disabled]
  <C:\WINNT\System32\ismserv.exe><Microsoft Corporation>
[Kerberos Key Distribution Center / kdc][Stopped/Disabled]
  <C:\WINNT\System32\lsass.exe><Microsoft Corporation>
[Server / lanmanserver][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[License Logging Service / LicenseService][Running/Auto Start]
  <C:\WINNT\System32\llssrv.exe><Microsoft Corporation>
[TCP/IP NetBIOS Helper Service / LmHosts][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[Messenger / Messenger][Stopped/Disabled]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <C:\WINNT\system32\mnmsrvc.exe><Microsoft Corporation>
[Distributed Transaction Coordinator / MSDTC][Running/Auto Start]
  <C:\WINNT\system32\msdtc.exe><Microsoft Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINNT\system32\msiexec.exe /V><Microsoft Corporation>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Network DDE / NetDDE][Stopped/Manual Start]
  <C:\WINNT\system32\netdde.exe><Microsoft Corporation>
[Network DDE DSDM / NetDDEdsdm][Stopped/Manual Start]
  <C:\WINNT\system32\netdde.exe><Microsoft Corporation>
[Net Logon / Netlogon][Stopped/Manual Start]
  <C:\WINNT\system32\lsass.exe><Microsoft Corporation>
[Network Connections / Netman][Running/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\netman.dll><Microsoft Corporation>
[File Replication / NtFrs][Stopped/Manual Start]
  <C:\WINNT\system32\ntfrs.exe><Microsoft Corporation>
[NT LM Security Support Provider / NtLmSsp][Running/Manual Start]
  <C:\WINNT\system32\lsass.exe><Microsoft Corporation>
[Removable Storage / NtmsSvc][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\NtmsSvc.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PeanutHull DDNS Service / Peanuthull5Core][Stopped/Manual Start]
  <F:\Program Files\Oray\PeanutHull5\PhCore.exe><上海贝锐>
[Plug and Play / PlugPlay][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[IPSEC Policy Agent / PolicyAgent][Running/Auto Start]
  <C:\WINNT\system32\lsass.exe><Microsoft Corporation>
[Protected Storage / ProtectedStorage][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Qvod Terminal / Qvod Terminal][Stopped/Manual Start]
  <F:\CorelDraw9 中文版\QvodPlayer\QvodTerminal.exe><(File is missing)>
[Remote Access Auto Connection Manager / RasAuto][Stopped/Manual Start]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasauto.dll><Microsoft Corporation>
[Routing and Remote Access / RemoteAccess][Stopped/Manual Start]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mprdim.dll><Microsoft Corporation>
[Remote Registry Service / RemoteRegistry][Stopped/Disabled]
  <C:\WINNT\system32\regsvc.exe><Microsoft Corporation>
[Remote Procedure Call (RPC) Locator / RpcLocator][Stopped/Manual Start]
  <C:\WINNT\system32\locator.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[QoS RSVP / RSVP][Stopped/Manual Start]
  <C:\WINNT\system32\rsvp.exe -s><Microsoft Corporation>
[Security Accounts Manager / SamSs][Running/Auto Start]
  <C:\WINNT\system32\lsass.exe><Microsoft Corporation>
[Sandboxie Service / SbieSvc][Running/Auto Start]
  <C:\Program Files\360safe\Shield\SbieSvc.exe><tzuk>
[Smart Card Helper / SCardDrv][Stopped/Manual Start]
  <C:\WINNT\System32\SCardSvr.exe><Microsoft Corporation>
[Smart Card / SCardSvr][Stopped/Manual Start]
  <C:\WINNT\System32\SCardSvr.exe><Microsoft Corporation>
[Task Scheduler / Schedule][Stopped/Disabled]
  <C:\WINNT\system32\MSTask.exe><Microsoft Corporation>
[RunAs Service / seclogon][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[System Event Notification / SENS][Running/Auto Start]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\sens.dll><Microsoft Corporation>
[Internet Connection Sharing / SharedAccess][Stopped/Disabled]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ipnathlp.dll><Microsoft Corporation>
[Print Spooler / Spooler][Running/Auto Start]
  <C:\WINNT\system32\spoolsv.exe><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <d:\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Still Image Service / StiSvc][Stopped/Disabled]
  <C:\WINNT\system32\stisvc.exe><Microsoft Corporation>
[Stormser / Stormser][Stopped/Disabled]
  <C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe><暴风网际>
[Performance Logs and Alerts / SysmonLog][Stopped/Manual Start]
  <C:\WINNT\system32\smlogsvc.exe><Microsoft Corporation>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINNT\System32\svchost.exe -k tapisrv-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Terminal Services / TermService][Running/Auto Start]
  <C:\WINNT\System32\termsrv.exe><Microsoft Corporation>
[Telnet / TlntSvr][Stopped/Manual Start]
  <C:\WINNT\system32\tlntsvr.exe><(File is missing)>
[Distributed Link Tracking Server / TrkSvr][Stopped/Manual Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Distributed Link Tracking Client / TrkWks][Running/Auto Start]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Windows Network Media Service / UiPlayer][Stopped/Disabled]
  <C:\Program Files\UitvDll\msrv.exe><UiTV Corporation>
[Uninterruptible Power Supply / UPS][Stopped/Manual Start]
  <C:\WINNT\System32\ups.exe><Microsoft Corporation>
[Utility Manager / UtilMan][Stopped/Manual Start]
  <C:\WINNT\System32\UtilMan.exe><Microsoft Corporation>
[Windows Time / W32Time][Stopped/Manual Start]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Windows Management Instrumentation / WinMgmt][Running/Auto Start]
  <C:\WINNT\System32\WBEM\WinMgmt.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[Windows Management Instrumentation Driver Extensions / Wmi][Running/Manual Start]
  <C:\WINNT\system32\Services.exe><Microsoft Corporation>
[System Application Manager / Wsfwq][Running/Auto Start]
  <C:\WINNT\system32\winsys.exe><N/A>
[Automatic Updates / wuauserv][Stopped/Disabled]
  <C:\WINNT\system32\svchost.exe -k wugroup-->C:\WINNT\system32\wuauserv.dll><Microsoft Corporation>
[Wireless Configuration / WZCSVC][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wzcsvc.dll><Microsoft Corporation>

==================================
驱动程序
[002d9d1f / 002d9d1f][Stopped/Manual Start]
  <\??\C:\WINNT\system32\Drivers\002d9d1f.sys><N/A>
[00b83885 / 00b83885][Stopped/Manual Start]
  <\??\C:\WINNT\system32\Drivers\00b83885.sys><N/A>
[100984 / 100984][Stopped/Manual Start]
  <\??\C:\WINNT\system32\Drivers\95703.sys><Driver>
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINNT\system32\drivers\360AntiArp.sys><360安全中心>
[Microsoft ACPI Driver / ACPI][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ACPI.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
  <system32\DRIVERS\asyncmac.sys><Microsoft Corporation>
[Standard IDE/ESDI Hard Disk Controller / atapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atapi.sys><Microsoft Corporation>
[ATM ARP Client Protocol / Atmarpc][Stopped/Manual Start]
  <system32\DRIVERS\atmarpc.sys><Microsoft Corporation>
[Audio Stub Driver / audstub][Running/Manual Start]
  <system32\DRIVERS\audstub.sys><Microsoft Corporation>
[BIOS / BIOS][Running/System Start]
  <\??\C:\WINNT\system32\drivers\BIOS.sys><BIOSTAR Group>
[CD-ROM Driver / Cdrom][Running/System Start]
  <system32\DRIVERS\cdrom.sys><Microsoft Corporation>
[DfsDriver / DfsDriver][Running/Boot Start]
  <\SystemRoot\system32\drivers\Dfs.sys><Microsoft Corporation>
[Disk Driver / Disk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\disk.sys><Microsoft Corporation>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Microsoft DirectMusic SW Synth (WDM) / DMusic][Stopped/Manual Start]
  <system32\drivers\DMusic.sys><Microsoft Corporation>
[Floppy Disk Controller Driver / Fdc][Running/Manual Start]
  <system32\DRIVERS\fdc.sys><Microsoft Corporation>
[FsVga / FsVga][Running/System Start]
  <system32\DRIVERS\fsvga.sys><Microsoft Corporation>
[Volume Manager Driver / Ftdisk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ftdisk.sys><Microsoft Corporation>
[Generic Packet Classifier / Gpc][Running/Manual Start]
  <system32\DRIVERS\msgpc.sys><Microsoft Corporation>
[Hamachi Network Interface / hamachi][Running/Manual Start]
  <system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
[Microsoft HID Class Driver / HidUsb][Stopped/Auto Start]
  <system32\DRIVERS\hidusb.sys><Microsoft Corporation>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[i8042 Keyboard and PS/2 Mouse Port Driver / i8042prt][Running/System Start]
  <system32\DRIVERS\i8042prt.sys><Microsoft Corporation>
[IP Traffic Filter Driver / IpFilterDriver][Stopped/Manual Start]
  <system32\DRIVERS\ipfltdrv.sys><Microsoft Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><Microsoft Corporation>
[IP Network Address Translator / IpNat][Stopped/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[IR Enumerator Service / IRENUM][Stopped/Manual Start]
  <System32\DRIVERS\irenum.sys><Microsoft Corporation>
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\isapnp.sys><Microsoft Corporation>
[Keyboard Class Driver / Kbdclass][Running/System Start]
  <system32\DRIVERS\kbdclass.sys><Microsoft Corporation>
[Microsoft Kernel Wave Audio Mixer / kmixer][Stopped/Manual Start]
  <system32\drivers\kmixer.sys><Microsoft Corporation>
[VSCore mferkdk / mferkdk][Stopped/System Start]
  <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><N/A>
[Mouse Class Driver / Mouclass][Running/System Start]
  <system32\DRIVERS\mouclass.sys><Microsoft Corporation>
[Microsoft Streaming Service Proxy / MSKSSRV][Stopped/Manual Start]
  <system32\drivers\MSKSSRV.sys><Microsoft Corporation>
[Microsoft Streaming Clock Proxy / MSPCLOCK][Stopped/Manual Start]
  <system32\drivers\MSPCLOCK.sys><Microsoft Corporation>
[Microsoft Streaming Quality Manager Proxy / MSPQM][Stopped/Manual Start]
  <system32\drivers\MSPQM.sys><Microsoft Corporation>
[Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start]
  <system32\DRIVERS\ndistapi.sys><Microsoft Corporation>
[NDIS 用户模式 I/O 协议 / Ndisuio][Stopped/Manual Start]
  <system32\DRIVERS\ndisuio.sys><Microsoft Corporation>
[Remote Access NDIS WAN Driver / NdisWan][Running/Manual Start]
  <system32\DRIVERS\ndiswan.sys><Microsoft Corporation>
[NetBIOS Interface / NetBIOS][Running/System Start]
  <system32\DRIVERS\netbios.sys><Microsoft Corporation>
[NetBios over Tcpip / NetBT][Running/System Start]
  <system32\DRIVERS\netbt.sys><Microsoft Corporation>
[NetDetect / NetDetect][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\netdtect.sys><Microsoft Corporation>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINNT\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINNT\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><Microsoft Corporation>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><Microsoft Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINNT\system32\drivers\oreans32.sys><N/A>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Parallel class driver / Parallel][Running/Manual Start]
  <system32\DRIVERS\parallel.sys><Microsoft Corporation>
[Parallel port driver / Parport][Running/System Start]
  <system32\DRIVERS\parport.sys><Microsoft Corporation>
[PCI Bus Driver / PCI][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pci.sys><Microsoft Corporation>
[PCIIde / PCIIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pciide.sys><Microsoft Corporation>
[WAN Miniport (PPTP) / PptpMiniport][Running/Manual Start]
  <system32\DRIVERS\raspptp.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Remote Access Auto Connection Driver / RasAcd][Running/System Start]
  <system32\DRIVERS\rasacd.sys><Microsoft Corporation>
[WAN Miniport (L2TP) / Rasl2tp][Running/Manual Start]
  <system32\DRIVERS\rasl2tp.sys><Microsoft Corporation>
[Direct Parallel / Raspti][Running/Manual Start]
  <system32\DRIVERS\raspti.sys><Microsoft Corporation>
[Microsoft Streaming Network Raw Channel Access / RCA][Stopped/Manual Start]
  <system32\drivers\RCA.sys><Microsoft Corporation>
[Digital CD Audio Playback Filter Driver / redbook][Stopped/System Start]
  <system32\DRIVERS\redbook.sys><Microsoft Corporation>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\rockeynt.sys><FeiTian Tech Co.,Ltd>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[SbieDrv / SbieDrv][Running/Manual Start]
  <\??\C:\Program Files\360safe\Shield\SbieDrv.sys><tzuk>
[Serenum Filter Driver / serenum][Running/Manual Start]
  <system32\DRIVERS\serenum.sys><Microsoft Corporation>
[Serial port driver / Serial][Running/System Start]
  <system32\DRIVERS\serial.sys><Microsoft Corporation>
[Software Bus Driver / swenum][Running/Manual Start]
  <system32\DRIVERS\swenum.sys><Microsoft Corporation>
[Microsoft Kernel GS Wavetable Synthesizer / swmidi][Stopped/Manual Start]
  <system32\drivers\swmidi.sys><Microsoft Corporation>
[Microsoft System Audio Device / sysaudio][Running/Manual Start]
  <system32\drivers\sysaudio.sys><Microsoft Corporation>
[Terminal Device Driver / TermDD][Running/Auto Start]
  <\SystemRoot\System32\drivers\termdd.sys><Microsoft Corporation>
[Microsoft USB Universal Host Controller Driver / uhcd][Running/Manual Start]
  <system32\DRIVERS\uhcd.sys><Microsoft Corporation>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[Microsoft USB 2.0 Enhanced Host Controller Miniport Driver / usbehci][Running/Manual Start]
  <system32\DRIVERS\usbehci.sys><Microsoft Corporation>
[Microsoft USB Standard Hub Driver / usbhub][Running/Manual Start]
  <system32\DRIVERS\usbhub.sys><Microsoft Corporation>
[USB 2.0 Root Hub Support / usbhub20][Running/Manual Start]
  <system32\DRIVERS\usbhub20.sys><Microsoft Corporation>
[Microsoft USB PRINTER Class / usbprint][Running/Manual Start]
  <system32\DRIVERS\usbprint.sys><Microsoft Corporation>
[USB Scanner Driver / usbscan][Stopped/Manual Start]
  <system32\DRIVERS\usbscan.sys><Microsoft Corporation>
[USB Mass Storage Driver / USBSTOR][Stopped/Manual Start]
  <system32\DRIVERS\USBSTOR.SYS><Microsoft Corporation>
[VgaSave / VgaSave][Running/System Start]
  <\SystemRoot\System32\drivers\vga.sys><Microsoft Corporation>
[Remote Access IP ARP Driver / Wanarp][Running/Manual Start]
  <system32\DRIVERS\wanarp.sys><Microsoft Corporation>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
  <system32\drivers\wdmaud.sys><Microsoft Corporation>
[yxhccoul / yxhccoul][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\cujeos.sys><N/A>

==================================
浏览器加载项
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINNT\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {AF69627B-8489-41C2-971A-B927DF7A5B0F} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\KuGoo\360safe\safemon\safemon.dll, (Signed) 360.CN>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[]
  {0000000A-9980-0010-8000-00AA00389B71} <, >
[]
  {00000055-9980-0010-8000-00AA00389B71} <, >
[]
  {00000161-9980-0010-8000-00AA00389B71} <, >
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <F:\PROGRA~1\360safe\360se\110~1.262\POWERL~1.OCX, (Signed) PPStream Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <f:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <f:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Ppd Control]
  {2F2BA87D-385E-4922-B41C-06E190B06AA9} <f:\PROGRA~1\bluesky\BLUESK~1\ppd.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <f:\PROGRA~1\bluesky\BLUESK~1\share.ocx, Bluesky Studio (http://www.bluesky.cn)>
[]
  {5910C66C-F9BA-4306-8175-C098B7F0ED62} <, >
[PP Control]
  {616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <f:\PROGRA~1\bluesky\BLUESK~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINNT\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {7005341F-8E42-47E3-987B-3DBE6288048C} <, >
[Videohelp Control]
  {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <f:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\KuGoo\360safe\live.dll, (Signed) 360.cn>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <f:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
  {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <f:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {991481A7-4669-4e15-8C24-100404E1F5CB} <f:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, Bluesky Studio (http://www.bluesky.cn)>
[Display Control]
  {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <f:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <f:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Imgsend Control]
  {AA1561BF-D290-4060-919B-499849629205} <f:\PROGRA~1\bluesky\BLUESK~1\imgsend.ocx, Bluesky Studio (http://www.bluesky.cn)>
[PPChat Control]
  {AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} <f:\PROGRA~1\bluesky\BLUESK~1\ppchat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {BA0F088C-72C1-475a-92F8-42391DEF6961} <f:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Client Control]
  {C7B0C764-5D4E-433E-A854-591F28520577} <f:\PROGRA~1\bluesky\BLUESK~1\client.ocx, BlueskyStudio(http://www.bluesky.cn)>
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <f:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 192 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\System32\sfcfiles.dll]  [Microsoft Corporation, 5.00.2195.7038]
[PID: 220 / SYSTEM][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\CSRSRV.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\basesrv.dll]  [Microsoft Corporation, 5.00.2195.7011]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
[PID: 244 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\NDdeApi.dll]  [Microsoft Corporation, 5.00.2195.6661]
    [C:\WINNT\system32\PROFMAP.dll]  [Microsoft Corporation, 5.00.2195.7000]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\sfcfiles.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\winsta.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\WINMM.dll]  [Microsoft Corporation, 5.00.2161.1]
    [C:\WINNT\system32\setupapi.dll]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\msgina.dll]  [Microsoft Corporation, 5.00.2195.7018]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\wintrust.dll]  [Microsoft Corporation, 5.131.2195.6824]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [C:\WINNT\system32\mscat32.dll]  [Microsoft Corporation, 5.131.2134.1]
    [C:\WINNT\system32\rsaenh.dll]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\cscdll.dll]  [Microsoft Corporation, 5.00.2195.6713]
    [C:\WINNT\system32\WlNotify.dll]  [Microsoft Corporation, 5.00.2195.7000]
    [C:\WINNT\system32\certcli.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9435]
    [C:\WINNT\system32\WinSCard.dll]  [Microsoft Corporation, 5.00.2195.6609]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
    [C:\WINNT\System32\wshnetbs.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [C:\WINNT\system32\cscui.dll]  [Microsoft Corporation, 5.00.2195.6705]
    [C:\WINNT\system32\wzcdlg.dll]  [Microsoft Corporation, 5.00.2195.6604]
    [C:\WINNT\system32\WZCSAPI.DLL]  [Microsoft Corporation, 5.00.2195.6604]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MSACM32.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msv1_0.dll]  [Microsoft Corporation, 5.00.2195.6926]
[PID: 272 / SYSTEM][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\SCESRV.dll]  [Microsoft Corporation, 5.00.2195.7013]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\umpnpmgr.dll]  [Microsoft Corporation, 5.00.2195.7069]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\eventlog.dll]  [Microsoft Corporation, 5.00.2195.7036]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\lmhsvc.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\rsaenh.dll]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WINSTA.DLL]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\CFGMGR32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\Srvsvc.dll]  [Microsoft Corporation, 5.00.2195.6930]
    [C:\WINNT\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\cryptdll.dll]  [Microsoft Corporation, 5.00.2195.6607]
    [C:\WINNT\system32\cryptsvc.dll]  [Microsoft Corporation, 5.00.2195.7039]
    [C:\WINNT\system32\psbase.dll]  [Microsoft Corporation, 5.00.2195.7020]
    [C:\WINNT\system32\seclogon.dll]  [Microsoft Corporation, 5.00.2195.7003]
    [C:\WINNT\system32\trkwks.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\alrsvc.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\wmicore.dll]  [Microsoft Corporation, 5.00.2195.6611]
[PID: 284 / SYSTEM][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\cryptdll.dll]  [Microsoft Corporation, 5.00.2195.6607]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\SAMSRV.dll]  [Microsoft Corporation, 5.00.2195.7009]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\msprivs.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\kerberos.dll]  [Microsoft Corporation, 5.00.2195.7053]
    [C:\WINNT\system32\msv1_0.dll]  [Microsoft Corporation, 5.00.2195.6926]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\netlogon.dll]  [Microsoft Corporation, 5.00.2195.7011]
    [C:\WINNT\system32\rsabase.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\system32\RASSFM.dll]  [Microsoft Corporation, 5.00.2195.6604]
    [C:\WINNT\system32\SFMAPI.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\KDCSVC.dll]  [Microsoft Corporation, 5.00.2195.7053]
    [C:\WINNT\system32\NTDSATQ.dll]  [Microsoft Corporation, 5.00.2195.6620]
    [C:\WINNT\system32\ESENT.dll]  [Microsoft Corporation, 6.1.3940.31]
    [C:\WINNT\system32\certcli.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9435]
    [C:\WINNT\system32\scecli.dll]  [Microsoft Corporation, 5.00.2195.7013]
    [C:\WINNT\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\rsaenh.dll]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\dssenh.dll]  [Microsoft Corporation, 5.00.2195.6612]
[PID: 384 / SYSTEM][C:\WINNT\System32\termsrv.exe]  [Microsoft Corporation, 5.00.2195.6696]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\System32\REGAPI.dll]  [Microsoft Corporation, 5.00.2195.6602]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\System32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\System32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\System32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\System32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\System32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\System32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\System32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\System32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\System32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\System32\WINSTA.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\System32\ICAAPI.dll]  [Microsoft Corporation, 5.00.2195.6654]
    [C:\WINNT\System32\mstlsapi.dll]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\System32\ntlsapi.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\System32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\System32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\System32\rsabase.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\System32\rdpwsx.dll]  [Microsoft Corporation, 5.00.2195.6697]
    [C:\WINNT\System32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
[PID: 560 / SYSTEM][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [c:\winnt\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [c:\winnt\system32\WS2_32.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [c:\winnt\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\WINSTA.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\rsaenh.dll]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\SAMLIB.DLL]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
    [C:\WINNT\system32\msv1_0.dll]  [Microsoft Corporation, 5.00.2195.6926]
[PID: 596 / SYSTEM][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\SPOOLSS.DLL]  [Microsoft Corporation, 5.00.2195.7054]
    [C:\WINNT\system32\WS2_32.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\localspl.dll]  [Microsoft Corporation, 5.00.2195.7036]
    [C:\WINNT\system32\sfcfiles.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\winspool.drv]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\cnbjmon.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\EBPMON24.DLL]  [SEIKO EPSON CORPORATION, 5, 4, 0, 0]
    [C:\WINNT\system32\pjlmon.dll]  [Microsoft Corporation, 5.00.2165.1]
    [C:\WINNT\system32\tcpmon.dll]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\usbmon.dll]  [Microsoft Corporation, 5.00.2195.6684]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\inetpp.dll]  [Microsoft Corporation, 5.00.2195.6707]
[PID: 628 / SYSTEM][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\rsaenh.dll]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [c:\winnt\system32\ntmssvc.dll]  [Microsoft Corporation, 5.00.2195.6655]
    [c:\winnt\system32\sens.dll]  [Microsoft Corporation, 5.00.2195.6627]
    [C:\WINNT\system32\WS2_32.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\rtutils.dll]  [Microsoft Corporation, 5.00.2168.1]
    [c:\winnt\system32\netcfgx.dll]  [Microsoft Corporation, 5.00.2195.7003]
    [c:\winnt\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [c:\winnt\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [c:\winnt\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [c:\winnt\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [c:\winnt\system32\RASDLG.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [c:\winnt\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [c:\winnt\system32\SAMLIB.DLL]  [Microsoft Corporation, 5.00.2195.6944]
    [c:\winnt\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [c:\winnt\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [c:\winnt\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [c:\winnt\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\rastapi.dll]  [Microsoft Corporation, 5.00.2195.6604]
    [C:\WINNT\system32\rasppp.dll]  [Microsoft Corporation, 5.00.2195.6626]
    [C:\WINNT\system32\ntlsapi.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\raschap.dll]  [Microsoft Corporation, 5.00.2195.6663]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9435]
    [C:\WINNT\System32\rastls.dll]  [Microsoft Corporation, 5.00.2195.6680]
    [C:\WINNT\system32\CRYPTUI.dll]  [Microsoft Corporation, 5.131.2195.6824]
    [C:\WINNT\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2195.6824]
    [C:\WINNT\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [C:\WINNT\system32\WinSCard.dll]  [Microsoft Corporation, 5.00.2195.6609]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ipbootp.dll]  [Microsoft Corporation, 5.00.2168.1]
    [c:\winnt\system32\netman.dll]  [Microsoft Corporation, 5.00.2195.7061]
    [C:\WINNT\system32\NETSHELL.dll]  [Microsoft Corporation, 5.00.2195.6604]
    [C:\WINNT\system32\WMI.dll]  [Microsoft Corporation, 5.00.2191.1]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\CLUSAPI.DLL]  [Microsoft Corporation, 5.00.2195.6683]
    [C:\WINNT\system32\RESUTILS.DLL]  [Microsoft Corporation, 5.00.2195.6702]
    [C:\WINNT\system32\rsabase.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\system32\NTMSDBA.dll]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 644 / SYSTEM][D:\keydog\keydog\nrSvr.exe]  [Feitian Technologies Co.,Ltd., 1, 0, 10, 2824]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 692 / SYSTEM][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\System32\ACTIVEDS.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\System32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\System32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\System32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\System32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\System32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\System32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\System32\LLSRPC.DLL]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 720 / SYSTEM][C:\Program Files\McAfee\Common Framework\FrameworkService.exe]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\Program Files\McAfee\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\McAfee\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\McAfee\Common Framework\NaiSign.DLL]  [N/A, ]
    [C:\WINNT\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\Program Files\McAfee\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\McAfee\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\Logging.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\InternetManager.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\naInet.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\UserSpace.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\Management.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\naPolicyManager.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\PsApi.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\McAfee\Common Framework\ScriptSubSys.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\UpdateSubSys.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\Scheduler.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\TCSubSys.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\Rasapi32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
[PID: 844 / SYSTEM][d:\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\MICROS~1\MSSQL\binn\opends60.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [d:\MICROS~1\MSSQL\binn\sqlsort.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\MICROS~1\MSSQL\binn\ums.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [d:\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\CLUSAPI.DLL]  [Microsoft Corporation, 5.00.2195.6683]
    [C:\WINNT\system32\RESUTILS.DLL]  [Microsoft Corporation, 5.00.2195.6702]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
    [d:\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\security.dll]  [Microsoft Corporation, 5.00.2154.1]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [d:\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\MICROS~1\MSSQL\binn\SSnmPN70.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\comdlg32.dll]  [Microsoft Corporation, 5.00.3700.6693]
    [C:\WINNT\system32\msv1_0.dll]  [Microsoft Corporation, 5.00.2195.6926]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [d:\MICROS~1\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 968 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
[PID: 996 / SYSTEM][C:\Program Files\McAfee\Common Framework\naPrdMgr.exe]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\Program Files\McAfee\Common Framework\NaiSign.DLL]  [N/A, ]
    [C:\WINNT\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\Program Files\McAfee\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\McAfee\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\McAfee\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\McAfee\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
[PID: 1084 / SYSTEM][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8195]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\POWRPROF.dll]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.dll]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1128 / SYSTEM][C:\Program Files\360safe\Shield\SbieSvc.exe]  [tzuk, 3.26.22]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2195.6824]
    [C:\WINNT\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [C:\Program Files\360safe\Shield\SbieDll.dll]  [tzuk, 3.26.22]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\WLDAP32.dll]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\pstorec.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9435]
[PID: 1188 / SYSTEM][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\System32\WBEM\wbemcomn.dll]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\wbem\wbemcore.dll]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\wbem\fastprox.dll]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\wbem\wbemess.dll]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\wbem\wbemsvc.dll]  [Microsoft Corporation, 1.50.1085.0007]
[PID: 1372 / SYSTEM][C:\WINNT\system32\msdtc.exe]  [Microsoft Corporation, 1999.9.3421.3]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WINMM.dll]  [Microsoft Corporation, 5.00.2161.1]
    [C:\WINNT\system32\MSVCP50.dll]  [Microsoft Corporation, 5.00.7051]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\CLUSAPI.DLL]  [Microsoft Corporation, 5.00.2195.6683]
    [C:\WINNT\system32\RESUTILS.DLL]  [Microsoft Corporation, 5.00.2195.6702]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\SAMLIB.DLL]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
[PID: 1396 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.9]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\security.dll]  [Microsoft Corporation, 5.00.2154.1]
    [C:\WINNT\system32\msv1_0.dll]  [Microsoft Corporation, 5.00.2195.6926]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\WINNT\system32\IPROP.dll]  [Microsoft Corporation, 5.00.2195.6692]
[PID: 1500 / SYSTEM][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\WLDAP32.dll]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\CLUSAPI.dll]  [Microsoft Corporation, 5.00.2195.6683]
    [C:\WINNT\system32\RESUTILS.dll]  [Microsoft Corporation, 5.00.2195.6702]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
[PID: 1720 / SYSTEM][d:\Microsoft SQL Server\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [d:\Microsoft SQL Server\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Microsoft SQL Server\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\comdlg32.dll]  [Microsoft Corporation, 5.00.3700.6693]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [d:\Microsoft SQL Server\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [d:\Microsoft SQL Server\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\clusapi.dll]  [Microsoft Corporation, 5.00.2195.6683]
    [C:\WINNT\system32\resutils.dll]  [Microsoft Corporation, 5.00.2195.6702]
    [C:\WINNT\system32\USERENV.dll]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\NDDEAPI.DLL]  [Microsoft Corporation, 5.00.2195.6661]
    [d:\Microsoft SQL Server\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Microsoft SQL Server\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\crypt32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\msv1_0.dll]  [Microsoft Corporation, 5.00.2195.6926]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [d:\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\binn\ATXCORE.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\binn\Resources\2052\ATXCORE.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\security.dll]  [Microsoft Corporation, 5.00.2154.1]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 1832 / Administrator][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [C:\WINNT\system32\LINKINFO.DLL]  [Microsoft Corporation, 5.00.2195.7069]
    [C:\WINNT\system32\ntshrui.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9435]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\mydocs.dll]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\System32\NETUI0.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\NETUI1.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\NETSHELL.dll]  [Microsoft Corporation, 5.00.2195.6604]
    [C:\WINNT\system32\stobject.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\BATMETER.DLL]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\POWRPROF.DLL]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\system32\WINMM.DLL]  [Microsoft Corporation, 5.00.2161.1]
    [C:\WINNT\system32\cscui.dll]  [Microsoft Corporation, 5.00.2195.6705]
    [C:\WINNT\system32\CSCDLL.DLL]  [Microsoft Corporation, 5.00.2195.6713]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MSACM32.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [F:\KuGoo\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINNT\system32\PSAPI.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\WINNT\system32\c_is2022.dll]  [Microsoft Corporation, 5.00.2195.6688]
    [C:\WINNT\system32\MSLS31.DLL]  [Microsoft Corporation, 3.10.337.0]
    [C:\WINNT\system32\webvw.dll]  [Microsoft Corporation, 5.00.3900.7069]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\docprop2.dll]  [Microsoft Corporation, 5.00.2178.1]
    [C:\WINNT\system32\MSVFW32.DLL]  [Microsoft Corporation, 5.00.2195.6612]
    [C:\WINNT\system32\AVIFIL32.DLL]  [Microsoft Corporation, 5.00.2195.6612]
    [C:\WINNT\system32\faxshell.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\thumbvw.dll]  [Microsoft Corporation, 5.00.3502.6601]
[PID: 1912 / SYSTEM][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\System32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\System32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [c:\winnt\system32\tapisrv.dll]  [Microsoft Corporation, 5.00.2195.7057]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\SETUPAPI.dll]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\System32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\System32\uniplat.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\CFGMGR32.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\NTMARTA.DLL]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\System32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\WLDAP32.dll]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\System32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\System32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\System32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\System32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
    [C:\WINNT\System32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\System32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\System32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\System32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\System32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\System32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
[PID: 1948 / Administrator][C:\WINNT\system32\UPEngine.EXE]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
[PID: 2092 / Administrator][D:\keydog\keydog\nrSvr.exe]  [Feitian Technologies Co.,Ltd., 1, 0, 10, 2824]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\MSVCRT.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
[PID: 2120 / Administrator][F:\KuGoo\360safe\antiarp\antiarp.exe]  [360安全中心, 2, 0, 0, 1008]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\comdlg32.dll]  [Microsoft Corporation, 5.00.3700.6693]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\WS2_32.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\SAMLIB.DLL]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [C:\WINNT\system32\sensapi.dll]  [Microsoft Corporation, 5.00.2195.6627]
    [C:\WINNT\system32\rsabase.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
[PID: 408 / Administrator][F:\xxxx\kaka\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [F:\xxxx\kaka\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [F:\xxxx\kaka\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [F:\xxxx\kaka\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\xxxx\kaka\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [F:\xxxx\kaka\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [F:\xxxx\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\xxxx\kaka\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [F:\xxxx\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\WINNT\system32\Wtsapi32.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\UTILDLL.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WS2_32.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\WINSTA.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\REGAPI.dll]  [Microsoft Corporation, 5.00.2195.6602]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [F:\KuGoo\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINNT\system32\PSAPI.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [F:\xxxx\kaka\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [F:\xxxx\kaka\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.40]
    [F:\xxxx\kaka\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\xxxx\kaka\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 2004 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
[PID: 1868 / Administrator][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\MSVCRT.DLL]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [C:\WINNT\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1816 / Administrator][F:\Program Files\PPStream\ppsap.exe]  [PPStream Inc, 1, 0, 11, 139]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\ADVAPI32.DLL]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\WS2_32.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [F:\Program Files\PPStream\vodnet.dll]  [PPStream Inc., 1, 0, 11, 139]
    [C:\WINNT\system32\comdlg32.dll]  [Microsoft Corporation, 5.00.3700.6693]
    [C:\WINNT\system32\WINMM.dll]  [Microsoft Corporation, 5.00.2161.1]
    [F:\Program Files\PPStream\vodres.dll]  [PPStream Inc., 1, 0, 11, 139]
    [C:\WINNT\system32\imagehlp.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [F:\Program Files\PPStream\ppssg.dll]  [PPStream Inc., 1, 0, 11, 139]
    [F:\PROGRA~1\360safe\360se\1.1.0.2621\fds.dll]  [PPStream Inc., 1, 0, 0, 82]
    [C:\WINNT\System32\wshtcpip.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\SAMLIB.DLL]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.DLL]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\RASAPI32.dll]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
    [C:\WINNT\system32\rsabase.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\system32\sensapi.dll]  [Microsoft Corporation, 5.00.2195.6627]
[PID: 2364 / Administrator][F:\xxxx\huiyuan\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
[PID: 1780 / Administrator][F:\xxxx\huiyuan\sreng2\SREa67ae64d.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINNT\system32\ntdll.dll]  [Microsoft Corporation, 5.00.2195.7006]
    [C:\WINNT\system32\comdlg32.dll]  [Microsoft Corporation, 5.00.3700.6693]
    [C:\WINNT\system32\msvcrt.dll]  [Microsoft Corporation, 6.10.9844.0]
    [C:\WINNT\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\Secur32.dll]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\VERSION.dll]  [Microsoft Corporation, 5.00.2195.6623]
    [C:\WINNT\system32\LZ32.DLL]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\MSASN1.dll]  [Microsoft Corporation, 5.00.2195.6905]
    [C:\WINNT\system32\WINMM.dll]  [Microsoft Corporation, 5.00.2161.1]
    [C:\WINNT\system32\WS2_32.dll]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WS2HELP.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\IMM32.DLL]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\LPK.DLL]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\USP10.dll]  [Microsoft Corporation, 1.0325.2195.6692]
    [C:\WINNT\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WLDAP32.dll]  [Microsoft Corporation, 5.00.2195.7017]
    [C:\WINNT\system32\SAMLIB.dll]  [Microsoft Corporation, 5.00.2195.6944]
    [C:\WINNT\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.00.2195.6666]
    [C:\WINNT\system32\WSOCK32.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\NETRAP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [F:\KuGoo\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINNT\system32\PSAPI.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\unispim.ime]  [北京清华紫光软件股份有限公司, 2.3.0.1063]
    [C:\WINNT\system32\sfcfiles.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [F:\xxxx\huiyuan\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINNT\system32\wintrust.dll]  [Microsoft Corporation, 5.131.2195.6824]
    [C:\WINNT\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.00.2195.6613]
    [C:\WINNT\system32\RASAPI32.DLL]  [Microsoft Corporation, 5.00.2195.6920]
    [C:\WINNT\system32\rasman.dll]  [Microsoft Corporation, 5.00.2195.6824]
    [C:\WINNT\system32\TAPI32.dll]  [Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\RTUTILS.DLL]  [Microsoft Corporation, 5.00.2168.1]
    [C:\WINNT\system32\sensapi.dll]  [Microsoft Corporation, 5.00.2195.6627]
    [C:\WINNT\system32\USERENV.DLL]  [Microsoft Corporation, 5.00.2195.7002]
    [C:\WINNT\system32\rsabase.dll]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\System32\rnr20.dll]  [Microsoft Corporation, 5.00.2195.6603]
    [C:\WINNT\system32\ICMP.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MPRAPI.dll]  [Microsoft Corporation, 5.00.2181.1]
    [C:\WINNT\system32\ACTIVEDS.DLL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\ADSLDPC.DLL]  [Microsoft Corporation, 5.00.2195.6993]
    [C:\WINNT\system32\SETUPAPI.DLL]  [Microsoft Corporation, 5.00.2195.6622]
    [C:\WINNT\System32\winrnr.dll]  [Microsoft Corporation, 5.00.2160.1]
    [C:\WINNT\system32\rsaenh.dll]  [Microsoft Corporation, 5.00.2195.6611]
    [C:\WINNT\system32\Winsta.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\utildll.dll]  [Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\cryptnet.dll]  [Microsoft Corporation, 5.131.2195.6926]
    [C:\WINNT\system32\WINHTTP.dll]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINNT\system32\asfsipc.dll]  [Microsoft Corporation, 1.1.00.3917]
    [C:\WINNT\system32\MSISIP.DLL]  [Microsoft Corporation, 3.1.4000.1823]
    [C:\WINNT\system32\LINKINFO.DLL]  [Microsoft Corporation, 5.00.2195.7069]
    [C:\WINNT\system32\ntshrui.dll]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9435]

==================================
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
RSVP UDP Service Provider
    C:\WINNT\system32\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
RSVP TCP Service Provider
    C:\WINNT\system32\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{783BD0D9-CE51-4B9C-9239-F46D8DF5D21B}] SEQPACKET 4
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{783BD0D9-CE51-4B9C-9239-F46D8DF5D21B}] DATAGRAM 4
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2331F5FE-1B1A-4E8A-98A5-040A43844969}] SEQPACKET 0
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2331F5FE-1B1A-4E8A-98A5-040A43844969}] DATAGRAM 0
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC6BA7E2-F130-4B32-B1C9-15BB51E99FBB}] SEQPACKET 1
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC6BA7E2-F130-4B32-B1C9-15BB51E99FBB}] DATAGRAM 1
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E969D12E-F57C-43F0-AC25-A688A62A9756}] SEQPACKET 2
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E969D12E-F57C-43F0-AC25-A688A62A9756}] DATAGRAM 2
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FF3F47CE-D4AB-40F6-9489-1AC7F5E9E4BA}] SEQPACKET 3
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FF3F47CE-D4AB-40F6-9489-1AC7F5E9E4BA}] DATAGRAM 3
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{523BBD4F-DE34-48F1-9346-5040DB9194DF}] SEQPACKET 5
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{523BBD4F-DE34-48F1-9346-5040DB9194DF}] DATAGRAM 5
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{68E4AD3E-B564-47C7-9964-9404E144C44D}] SEQPACKET 6
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{68E4AD3E-B564-47C7-9964-9404E144C44D}] DATAGRAM 6
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FCE12CD0-2B94-4EF2-B0EF-3006AD47C3D8}] SEQPACKET 7
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FCE12CD0-2B94-4EF2-B0EF-3006AD47C3D8}] DATAGRAM 7
    C:\WINNT\system32\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 244, C:\WINNT\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 272, C:\WINNT\SYSTEM32\SERVICES.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 284, C:\WINNT\SYSTEM32\LSASS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 596, C:\WINNT\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 628, C:\WINNT\SYSTEM32\SVCHOST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 644, D:\KEYDOG\KEYDOG\NRSVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 692, C:\WINNT\SYSTEM32\LLSSRV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 844, D:\MICROS~1\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1084, C:\WINNT\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1128, C:\PROGRAM FILES\360SAFE\SHIELD\SBIESVC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1188, C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1372, C:\WINNT\SYSTEM32\MSDTC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1396, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1500, C:\WINNT\SYSTEM32\DFSSVC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1720, D:\MICROSOFT SQL SERVER\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1832, C:\WINNT\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1912, C:\WINNT\SYSTEM32\SVCHOST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2092, D:\KEYDOG\KEYDOG\NRSVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1868, C:\WINNT\SYSTEM32\INTERNAT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2364, F:\XXXX\HUIYUAN\SRENG2\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: F:\KuGoo\360safe\safemon\safemon.dll)

==================================
隐藏进程
    [1204] C:\WINNT\system32\winsys.exe

==================================


[/CODE]