[PID: 908 / SYSTEM][C:\Program Files\National Instruments\MAX\nimxs.exe]  [National Instruments Corporation, 2.1.0f0]
    [C:\Program Files\National Instruments\MAX\mxssvr.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\mxsutils.dll]  [National Instruments, 4.0.0.3011]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\National Instruments\MAX\nimxsimp.dll]  [National Instruments, 4.0.0.3011]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
    [C:\WINDOWS\system32\nismslu.dll]  [National Instruments Corporation, 1.3.2f0]
    [C:\Program Files\National Instruments\MAX\mxsin.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\mxsdb.dll]  [Neo Logic, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\Experts\niGPIBe.mxe]  [National Instruments Corporation, 02.02.00.3210]
    [C:\WINDOWS\system32\gpibconf.dll]  [National Instruments Corporation, 02.04.00.3055]
    [C:\Program Files\National Instruments\MAX\Experts\niDAQe.mxe]  [National Instruments Corporation, 7.4.1f4]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nidaqcfg.dll]  [National Instruments Corporation, 7.4.1f4]
    [C:\WINDOWS\system32\nicfq32.dll]  [National Instruments Corporation, 7.4.1f4]
    [C:\WINDOWS\system32\nipsm.dll]  [National Instruments Corporation, 7.4.1f4]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\mxsdd.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niVXIdd.dll]  [National Instruments, 3.0.1f1 (compver 3.0.0.63)]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\NIMCDD.dll]  [National Instruments, 7.0.1.3001 ]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niVISAdd.dll]  [National Instruments Corporation, 3.4.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niDAQdd.dll]  [National Instruments, 7.0.0.1000]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niPXIdd.dll]  [National Instruments Corporation, 1.5.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niswdd.dll]  [National Instruments, 4.0.0.3010]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\TgrDD.dll]  [National Instruments, 4.0.0.2248]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niRemoteDD.dll]  [National Instruments, 4.0.0.3010]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\NISWCHDD.dll]  [National Instruments Corporation, 1.6.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\NIHWDBDD.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\nisddd.dll]  [National Instruments Corporation, 1.5.0f1]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\NISCXIDD.dll]  [National Instruments Corporation, 1.5.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niesdd.dll]  [National Instruments Corporation, 1.7.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niwfdd.dll]  [National Instruments Corporation, 1.7.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\nissdd.dll]  [National Instruments Corporation, 1.7.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\niemdd.dll]  [National Instruments Corporation, 1.7.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\nixsdd.dll]  [National Instruments Corporation, 1.7.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\nitiodd.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\NIDSADD.dll]  [National Instruments Corporation, 1.5.0f0]
    [C:\Program Files\National Instruments\MAX\Data Dictionaries\NISFTDD.dll]  [National Instruments Corporation, 1.5.0f0]
    [C:\Program Files\National Instruments\MAX\Experts\niPXIe.mxe]  [National Instruments Corporation, 1.5.0f0]
    [C:\Program Files\National Instruments\MAX\Experts\nimrexu.mxe]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\niorbu.dll]  [National Instruments Corporation, 1.3.0f2]
    [C:\WINDOWS\system32\nidimu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\nimstsu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimdbgu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\nimxdfu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimhwcfu.dll]  [National Instruments Corporation, 1.4.0f0]
[PID: 1012 / SYSTEM][C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe]  [National Instruments, Inc., 1.1.0.1046]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\LKSOCK.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\LKSEC.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\LKDYNAM.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll]  [National Instruments, Inc., 1.1.0.1046]

[PID: 1276 / SYSTEM][C:\WINDOWS\system32\RTProxy.exe]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_trace.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_sb_rtx.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_sshell.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_sb_7030.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_cl_smem.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_sb_7041.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\RTProxy_cl_smem7041.dll]  [National Instruments, 8.0.0.10664]
    [C:\WINDOWS\system32\niidaqlv.dll]  [N/A, ]
    [C:\WINDOWS\system32\nicfq32.dll]  [National Instruments Corporation, 7.4.1f4]
    [C:\WINDOWS\system32\nipsm.dll]  [National Instruments Corporation, 7.4.1f4]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\niembrt.dll]  [National Instruments, 1.0.1f0]
[PID: 1388 / SYSTEM][C:\WINDOWS\system32\nisvcloc.exe]  [National Instruments Corp., 8, 0, 0, 3]
    [C:\WINDOWS\system32\nisvcloc.dll]  [National Instruments Corp., 8, 0, 0, 3]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1704 / SYSTEM][C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe]  [National Instruments, Inc., 1.1.0.1036]
    [C:\WINDOWS\system32\LKSTIME.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\LKSOCK.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\LKSEC.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\LKDYNAM.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll]  [National Instruments, Inc., 1.1.0.1046]
    [C:\Program Files\National Instruments\MAX\mxs.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\mxsutils.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\mxsout.dll]  [National Instruments, 4.0.0.3011]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
    [C:\WINDOWS\system32\nismslu.dll]  [National Instruments Corporation, 1.3.2f0]
    [C:\Program Files\National Instruments\Shared\Tagger\tag.mnd]  [National Instruments, Inc., 1.1.0.1036]
    [C:\Program Files\National Instruments\Shared\Tagger\daqmx.mnd]  [National Instruments Corporation, 1.0.0f0]
    [C:\WINDOWS\system32\nisrvru.dll]  [National Instruments Corporation, 1.0.0f0]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\niorbu.dll]  [National Instruments Corporation, 1.3.0f2]
    [C:\WINDOWS\system32\nimdbgu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\nimstsu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimxdfu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimhwcfu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nidmxfu.dll]  [National Instruments Corporation, 1.4.0f4]
    [C:\WINDOWS\system32\nimru2u.dll]  [National Instruments Corporation, 2.4.0f0]
    [C:\WINDOWS\system32\nidimu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\nimxpu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimercu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\Program Files\National Instruments\Shared\Tagger\ni_tagger_plugin_LogosRTServer.dll]  [National Instruments, Inc., 1.1.0.1036]
    [C:\WINDOWS\system32\LKPROC.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\LKOBENV.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\WINDOWS\system32\lkrealt.dll]  [National Instruments, Inc., 4.6.0.1046]
    [C:\Program Files\National Instruments\Shared\Tagger\ni_tagger_plugin_LogosRTClient.dll]  [National Instruments, Inc., 1.1.0.1036]
    [C:\Program Files\National Instruments\Shared\Tagger\ni_tagger_plugin_OPCServer.dll]  [National Instruments, Inc., 1.1.0.1036]
[PID: 1808 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.6172]
[PID: 1876 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2080 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\progra~1\common~1\symant~1\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 1.4.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071227.002\ccEraser.dll]  [Symantec Corporation, 107.3.4.3]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071227.002\ecmsvr32.dll]  [Symantec Corporation, 71.3.0.25]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071227.002\NAVEX32a.DLL]  [Symantec Corporation, 20071.3.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071227.002\NAVENG32.DLL]  [Symantec Corporation, 20071.3.1.10]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\vpmsece3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 1,5,1,3]

[PID: 2148 / Administrator][D:\Program Files\ahnunic\aaa\eFlow_c.exe]  [N/A, ]
    [C:\WINDOWS\system32\WPCAP.DLL]  [CACE Technologies, 4.0.0.755]
    [C:\WINDOWS\system32\packet.dll]  [CACE Technologies, 4.0.0.755]
    [C:\WINDOWS\system32\WanPacket.dll]  [CACE Technologies, 4.0.0.755]
    [D:\Program Files\木马杀客\FTCMon.dll]  [木马清道夫监控模块, 3.0.0.0]
[PID: 2164 / SYSTEM][C:\WINDOWS\system32\nipalsm.exe]  [National Instruments Corporation, 2.1.0f0]
    [C:\WINDOWS\system32\nipxirmu.dll]  [National Instruments Corporation, 1.5.1f0]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\Program Files\National Instruments\MAX\mxs.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\mxsutils.dll]  [National Instruments, 4.0.0.3011]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\National Instruments\MAX\mxsout.dll]  [National Instruments, 4.0.0.3011]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
[PID: 2212 / SYSTEM][C:\WINDOWS\system32\nipalsm.exe]  [National Instruments Corporation, 2.1.0f0]
    [C:\WINDOWS\system32\nidevldu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\niorbu.dll]  [National Instruments Corporation, 1.3.0f2]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
    [C:\WINDOWS\system32\nimstsu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimdbgu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\nimxdfu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nimhwcfu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\WINDOWS\system32\nidmxfu.dll]  [National Instruments Corporation, 1.4.0f4]
    [C:\WINDOWS\system32\nimru2u.dll]  [National Instruments Corporation, 2.4.0f0]
    [C:\WINDOWS\system32\nidimu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\nimxpu.dll]  [National Instruments Corporation, 1.4.0f0]
[PID: 2232 / SYSTEM][C:\WINDOWS\system32\nipalsm.exe]  [National Instruments Corporation, 2.1.0f0]
    [C:\WINDOWS\system32\nimcdldu.dll]  [National Instruments Corporation, 1.0.1f1]
    [C:\WINDOWS\system32\nimcdbu.dll]  [National Instruments Corporation, 1.0.1f1]
    [C:\WINDOWS\system32\niorbu.dll]  [National Instruments Corporation, 1.3.0f2]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
    [C:\WINDOWS\system32\nimdbgu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\NIMCInit.dll]  [National Instruments, 7.0.1.3001 ]
    [C:\WINDOWS\system32\nimxdfu.dll]  [National Instruments Corporation, 1.4.0f0]
    [C:\Program Files\National Instruments\MAX\mxsout.dll]  [National Instruments, 4.0.0.3011]
    [C:\Program Files\National Instruments\MAX\mxsutils.dll]  [National Instruments, 4.0.0.3011]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 2244 / SYSTEM][C:\WINDOWS\system32\nipalsm.exe]  [National Instruments Corporation, 2.1.0f0]
    [C:\WINDOWS\system32\nimcrpcsu.dll]  [National Instruments Corporation, 1.0.1f1]
    [C:\WINDOWS\system32\nirpc.dll]  [National Instruments Corporation, 3.2.1f0]
    [C:\WINDOWS\system32\nimdbgu.dll]  [National Instruments Corporation, 1.3.0f0]
    [C:\WINDOWS\system32\NIPALU.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\nipalut.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\NIPAL32.dll]  [National Instruments Corporation, 1.10.0f0]
    [C:\WINDOWS\system32\niorbu.dll]  [National Instruments Corporation, 1.3.0f2]
    [C:\WINDOWS\system32\NIMCInit.dll]  [National Instruments, 7.0.1.3001 ]
[PID: 2640 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\木马杀客\FTCMon.dll]  [木马清道夫监控模块, 3.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  [Adobe Systems Incorporated, 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\PROGRA~1\OCINS\ieaux.dll]  [中国互联网络信息中心(CNNIC), 2, 6, 0, 9]
    [C:\PROGRA~1\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 4]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 0, 3, 1011]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
[PID: 2756 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4092 / Administrator][F:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\Program Files\木马杀客\FTCMon.dll]  [木马清道夫监控模块, 3.0.0.0]
    [F:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 172, C:\PROGRAM FILES\NATIONAL INSTRUMENTS\NI-DAQ\HWCONFIG\NIDEVMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 172, C:\PROGRAM FILES\NATIONAL INSTRUMENTS\NI-DAQ\HWCONFIG\NIDEVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 172, C:\PROGRAM FILES\NATIONAL INSTRUMENTS\NI-DAQ\HWCONFIG\NIDEVMON.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 400, D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 400, D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 400, D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 908, C:\PROGRAM FILES\NATIONAL INSTRUMENTS\MAX\NIMXS.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2148, D:\PROGRAM FILES\AHNUNIC\AAA\EFLOW_C.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2148, D:\PROGRAM FILES\AHNUNIC\AAA\EFLOW_C.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2148, D:\PROGRAM FILES\AHNUNIC\AAA\EFLOW_C.EXE]

==================================
API HOOK
入口点错误：FreeLibrary (危险等级: 高,  被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
    [565] D:\Program Files\木马杀客\Trojanwall.exe

前面没复制全，后面重新复制的