当前位置: 首页 > news >正文

svchost第一个是rpcss第二个是termsvcs第三个是NetworkService第四个是LocalService第五个是netsvcs----备忘

news 2025/10/24 8:33:18

svchost第一个是rpcss第二个是termsvcs第三个是NetworkService第四个是LocalService第五个是netsvcs


CommandLine:  'C:\WINDOWS\system32\svchost -k rpcss'
CommandLine:  'C:\WINDOWS\System32\svchost.exe -k termsvcs'
CommandLine:  'C:\WINDOWS\system32\svchost.exe -k NetworkService'
CommandLine:  'C:\WINDOWS\system32\svchost.exe -k LocalService'
CommandLine:  'C:\WINDOWS\System32\svchost.exe -k netsvcs'

PROCESS 89593758  SessionId: 0  Cid: 01f4    Peb: 7ffdf000  ParentCid: 01c8
    DirBase: 7a0cc000  ObjectTable: e141e7f0  HandleCount: 308.
    Image: services.exe

PROCESS 8950d020  SessionId: 0  Cid: 0200    Peb: 7ffdf000  ParentCid: 01c8
    DirBase: 79f94000  ObjectTable: e1430ee0  HandleCount: 392.
    Image: lsass.exe

PROCESS 89460d88  SessionId: 0  Cid: 02c0    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 79cc5000  ObjectTable: e143d9f0  HandleCount: 195.
    Image: svchost.exe

PROCESS 898ac478  SessionId: 0  Cid: 02e8    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 79a1c000  ObjectTable: e143fc08  HandleCount: 195.
    Image: svchost.exe

PROCESS 897ad8c0  SessionId: 0  Cid: 037c    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 793ad000  ObjectTable: e1754458  HandleCount: 128.
    Image: svchost.exe

PROCESS 896a0598  SessionId: 0  Cid: 03b0    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 793f2000  ObjectTable: e17f4c08  HandleCount:  79.
    Image: svchost.exe

PROCESS 8940f8d0  SessionId: 0  Cid: 03bc    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 792b8000  ObjectTable: e17c66d8  HandleCount: 919.
    Image: svchost.exe


PROCESS 897b7d88  SessionId: 0  Cid: 0498    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 7994a000  ObjectTable: e17c30a8  HandleCount: 130.
    Image: spoolsv.exe

PROCESS 89831d88  SessionId: 0  Cid: 04b4    Peb: 7ffdf000  ParentCid: 01f4
    DirBase: 78f51000  ObjectTable: e1813f48  HandleCount: 165.
    Image: msdtc.exe


第一个:CommandLine:  'C:\WINDOWS\system32\svchost -k rpcss'

0: kd> !peb
PEB at 7ffdf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01000000
    NtGlobalFlag:             440000
    NtGlobalFlag2:            0
    Ldr                       77fba600
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00182508 . 00182d40
    Ldr.InLoadOrderModuleList:           001824a0 . 00182fb8
    Ldr.InMemoryOrderModuleList:         001824a8 . 00182fc0
            Base TimeStamp                     Module
         1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\system32\svchost.exe
        77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
        77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
        77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
        77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
        74f10000 66e651cf Sep 15 11:17:35 2024 c:\windows\system32\rpcss.dll
        77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
        70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
        70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
        77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
        77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
        76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
        70440000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\system32\mswsock.dll
        70400000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\wshtcpip.dll
        76c80000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\system32\CLBCatQ.DLL
        76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
        76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
        76d20000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\system32\COMRes.dll
        77af0000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\VERSION.dll
    SubSystemData:     00000000
    ProcessHeap:       00080000
    ProcessParameters: 00020000
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost -k rpcss'

第二个是:CommandLine:  'C:\WINDOWS\System32\svchost.exe -k termsvcs'

0: kd> !peb
PEB at 7ffdf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01000000
    NtGlobalFlag:             440000
    NtGlobalFlag2:            0
    Ldr                       77fba600
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00182508 . 00183bb8
    Ldr.InLoadOrderModuleList:           001824a0 . 00183c50
    Ldr.InMemoryOrderModuleList:         001824a8 . 00183c58
            Base TimeStamp                     Module
         1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\System32\svchost.exe
        77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
        77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
        77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
        77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
        768a0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\NTMARTA.DLL
        77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
        77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
        77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
        76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
        59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\System32\SAMLIB.dll
        76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
        74870000 66e651d2 Sep 15 11:17:38 2024 c:\windows\system32\termsrv.dll
        74460000 66e651d5 Sep 15 11:17:41 2024 c:\windows\system32\ICAAPI.dll
        76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
        70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
        70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
        76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
        76880000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\AUTHZ.dll
        74660000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\mstlsapi.dll
        76a80000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\ACTIVEDS.dll
        76a50000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\adsldpc.dll
        705a0000 66e651ec Sep 15 11:18:04 2024 c:\windows\system32\NETAPI32.dll
        76850000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\imagehlp.dll
        767b0000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\credui.dll
        77200000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\SHELL32.dll
        770c0000 66e651c2 Sep 15 11:17:22 2024 C:\WINDOWS\system32\SHLWAPI.dll
        76690000 3e801277 Mar 25 16:25:27 2003 c:\windows\system32\ATL.DLL
        75c10000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\CRYPT32.dll
        75bf0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\MSASN1.dll
        6f610000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\comctl32.dll
        76740000 66e651c6 Sep 15 11:17:26 2024 C:\WINDOWS\System32\REGAPI.dll
         ffd0000 3e801389 Mar 25 16:30:01 2003 C:\WINDOWS\System32\rsaenh.dll
        767a0000 66e651c6 Sep 15 11:17:26 2024 C:\WINDOWS\System32\PSAPI.DLL
        77af0000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\VERSION.dll
        751c0000 66e651ce Sep 15 11:17:34 2024 C:\WINDOWS\system32\USERENV.dll
        70fb0000 66e657c4 Sep 15 11:43:00 2024 C:\WINDOWS\System32\rdpwsx.dll
        71d70000 66e651e4 Sep 15 11:17:56 2024 C:\WINDOWS\System32\WINSPOOL.DRV
    SubSystemData:     00000000
    ProcessHeap:       00080000
    ProcessParameters: 00020000
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\System32\svchost.exe'
    ImageFile:    'C:\WINDOWS\System32\svchost.exe'
    CommandLine:  'C:\WINDOWS\System32\svchost.exe -k termsvcs'
    DllPath:      'C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem'
    Environment:  00010000
        ALLUSERSPROFILE=C:\Documents and Settings\All Users
        ClusterLog=C:\WINDOWS\Cluster\cluster.log
        CommonProgramFiles=C:\Program Files\Common Files
        COMPUTERNAME=NTDEV-QQTQSNLDX
        ComSpec=C:\WINDOWS\system32\cmd.exe
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 3, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0503
        ProgramFiles=C:\Program Files
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


第三个:CommandLine:  'C:\WINDOWS\system32\svchost.exe -k NetworkService'

0: kd> !peb
PEB at 7ffdf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01000000
    NtGlobalFlag:             440000
    NtGlobalFlag2:            0
    Ldr                       77fba600
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00182508 . 00184180
    Ldr.InLoadOrderModuleList:           001824a0 . 00184170
    Ldr.InMemoryOrderModuleList:         001824a8 . 00184178
            Base TimeStamp                     Module
         1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\system32\svchost.exe
        77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
        77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
        77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
        77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
        76960000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\dhcpcsvc.dll
        77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
        76b80000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\DNSAPI.dll
        70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
        70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
        76940000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\iphlpapi.dll
        77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
        77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
        76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
        761b0000 66e651c8 Sep 15 11:17:28 2024 c:\windows\system32\dnsrslvr.dll
        70440000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\system32\mswsock.dll
        70400000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\wshtcpip.dll
        769f0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\netman.dll
        76920000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\MPRAPI.dll
        76a80000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\ACTIVEDS.dll
        76a50000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\adsldpc.dll
        705a0000 66e651ec Sep 15 11:18:04 2024 C:\WINDOWS\system32\NETAPI32.dll
        76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
        76850000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\imagehlp.dll
        767b0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\credui.dll
        77200000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\SHELL32.dll
        770c0000 66e651c2 Sep 15 11:17:22 2024 C:\WINDOWS\system32\SHLWAPI.dll
        76690000 3e801277 Mar 25 16:25:27 2003 C:\WINDOWS\system32\ATL.DLL
        76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
        76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
        76ac0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\rtutils.dll
        59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\system32\SAMLIB.dll
        76070000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\system32\SETUPAPI.dll
        76b30000 66e651c4 Sep 15 11:17:24 2024 C:\WINDOWS\system32\RASAPI32.dll
        76ad0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\rasman.dll
        76af0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\TAPI32.dll
        766b0000 66e651c7 Sep 15 11:17:27 2024 C:\WINDOWS\system32\WINMM.dll
        75c10000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\CRYPT32.dll
        75bf0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\MSASN1.dll
        76990000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\WZCSvc.DLL
        76910000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\WMI.dll
        76bd0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WTSAPI32.dll
        75cd0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\WINSTA.dll
        67440000 66e6524a Sep 15 11:19:38 2024 C:\WINDOWS\system32\ESENT.dll
        71da0000 66e651e4 Sep 15 11:17:56 2024 C:\WINDOWS\system32\WZCSAPI.DLL
        6f610000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\comctl32.dll
    SubSystemData:     00000000
    ProcessHeap:       00080000
    ProcessParameters: 00020000
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k NetworkService'


第四个:CommandLine:  'C:\WINDOWS\system32\svchost.exe -k LocalService'

0: kd> !peb
PEB at 7ffdf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01000000
    NtGlobalFlag:             440000
    NtGlobalFlag2:            0
    Ldr                       77fba600
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00182508 . 00182bf8
    Ldr.InLoadOrderModuleList:           001824a0 . 00182dd0
    Ldr.InMemoryOrderModuleList:         001824a8 . 00182dd8
            Base TimeStamp                     Module
         1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\system32\svchost.exe
        77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
        77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
        77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
        77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
        768a0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\NTMARTA.DLL
        77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
        77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
        77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
        76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
        59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\system32\SAMLIB.dll
        76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
        73fa0000 66e651d7 Sep 15 11:17:43 2024 c:\windows\system32\lmhsvc.dll
        76940000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\iphlpapi.dll
        70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
        70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
    SubSystemData:     00000000
    ProcessHeap:       00080000
    ProcessParameters: 00020000
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k LocalService'
    DllPath:      'C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem'
    Environment:  00010000
        ALLUSERSPROFILE=C:\Documents and Settings\All Users
        ClusterLog=C:\WINDOWS\Cluster\cluster.log
        CommonProgramFiles=C:\Program Files\Common Files
        COMPUTERNAME=NTDEV-QQTQSNLDX
        ComSpec=C:\WINDOWS\system32\cmd.exe
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 3, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0503
        ProgramFiles=C:\Program Files
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp
        TMP=C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Documents and Settings\LocalService
        windir=C:\WINDOWS


第五个: CommandLine:  'C:\WINDOWS\System32\svchost.exe -k netsvcs'

0: kd> !peb
PEB at 7ffdf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01000000
    NtGlobalFlag:             440000
    NtGlobalFlag2:            0
    Ldr                       77fba600
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00182508 . 00186bc0
    Ldr.InLoadOrderModuleList:           001824a0 . 00186c50
    Ldr.InMemoryOrderModuleList:         001824a8 . 00186c58
            Base TimeStamp                     Module
         1000000 66e5bf0e Sep 15 00:51:26 2024 C:\WINDOWS\System32\svchost.exe
        77f20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\ntdll.dll
        77e20000 66e651b9 Sep 15 11:17:13 2024 C:\WINDOWS\system32\kernel32.dll
        77d70000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\ADVAPI32.dll
        77bd0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\RPCRT4.dll
        768a0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\NTMARTA.DLL
        77b00000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\msvcrt.dll
        77ca0000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\USER32.dll
        77b60000 66e651bb Sep 15 11:17:15 2024 C:\WINDOWS\system32\GDI32.dll
        76be0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\WLDAP32.dll
        59730000 66e65595 Sep 15 11:33:41 2024 C:\WINDOWS\System32\SAMLIB.dll
        76ed0000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\system32\ole32.dll
        76990000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\wzcsvc.dll
        76ac0000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\rtutils.dll
        76910000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\WMI.dll
        76960000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\DHCPCSVC.DLL
        76b80000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\DNSAPI.dll
        70550000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2_32.dll
        70540000 66e651ed Sep 15 11:18:05 2024 c:\windows\system32\WS2HELP.dll
        76940000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\iphlpapi.dll
        76c30000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\Secur32.dll
        76df0000 3e801272 Mar 25 16:25:22 2003 C:\WINDOWS\system32\OLEAUT32.dll
        75c10000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\CRYPT32.dll
        75bf0000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\MSASN1.dll
        76bd0000 66e651c3 Sep 15 11:17:23 2024 c:\windows\system32\WTSAPI32.dll
        75cd0000 66e651ca Sep 15 11:17:30 2024 c:\windows\system32\WINSTA.dll
        705a0000 66e651ec Sep 15 11:18:04 2024 c:\windows\system32\NETAPI32.dll
        770c0000 66e651c2 Sep 15 11:17:22 2024 C:\WINDOWS\system32\SHLWAPI.dll
        67440000 66e6524a Sep 15 11:19:38 2024 c:\windows\system32\ESENT.dll
        743c0000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\System32\rastls.dll
        76690000 3e801277 Mar 25 16:25:27 2003 C:\WINDOWS\System32\ATL.DLL
        74ad0000 66e651d0 Sep 15 11:17:36 2024 C:\WINDOWS\System32\CRYPTUI.dll
        767f0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\WINTRUST.dll
        76850000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\system32\imagehlp.dll
        761f0000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\System32\NTDSAPI.dll
        76920000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\MPRAPI.dll
        76a80000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\ACTIVEDS.dll
        76a50000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\adsldpc.dll
        767b0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\credui.dll
        77200000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\SHELL32.dll
        76070000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\System32\SETUPAPI.dll
        76b30000 66e651c4 Sep 15 11:17:24 2024 C:\WINDOWS\System32\RASAPI32.dll
        76ad0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\rasman.dll
        76af0000 66e651c5 Sep 15 11:17:25 2024 C:\WINDOWS\System32\TAPI32.dll
        766b0000 66e651c7 Sep 15 11:17:27 2024 C:\WINDOWS\System32\WINMM.dll
        76260000 66e651c8 Sep 15 11:17:28 2024 C:\WINDOWS\System32\SCHANNEL.dll
        751c0000 66e651ce Sep 15 11:17:34 2024 C:\WINDOWS\system32\USERENV.dll
        70f10000 66e651e8 Sep 15 11:18:00 2024 C:\WINDOWS\System32\WinSCard.dll
        6f730000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.0.0_x-ww_8A69BA05\COMCTL32.dll
        6f610000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\Comctl32.dll
        743f0000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\System32\raschap.dll
        76760000 66e651c6 Sep 15 11:17:26 2024 c:\windows\system32\shsvcs.dll
        76c80000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\System32\CLBCatQ.DLL
        76d20000 3e801273 Mar 25 16:25:23 2003 C:\WINDOWS\System32\COMRes.dll
        77af0000 66e651bc Sep 15 11:17:16 2024 C:\WINDOWS\system32\VERSION.dll
        74740000 66e651d2 Sep 15 11:17:38 2024 c:\windows\system32\schedsvc.dll
        76880000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\AUTHZ.dll
        70440000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\mswsock.dll
        70400000 66e651ed Sep 15 11:18:05 2024 C:\WINDOWS\System32\wshtcpip.dll
        74430000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\System32\MSIDLE.DLL
        6f120000 66e65204 Sep 15 11:18:28 2024 c:\windows\system32\audiosrv.dll
        746c0000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\wkssvc.dll
        564a0000 66e655a5 Sep 15 11:33:57 2024 C:\WINDOWS\System32\wiarpc.dll
        74490000 66e651d4 Sep 15 11:17:40 2024 c:\windows\system32\cryptsvc.dll
        74910000 66e651d1 Sep 15 11:17:37 2024 c:\windows\system32\certcli.dll
        767a0000 66e651c6 Sep 15 11:17:26 2024 c:\windows\system32\PSAPI.DLL
        58130000 66e65582 Sep 15 11:33:22 2024 c:\windows\system32\VSSAPI.DLL
        76730000 66e651c7 Sep 15 11:17:27 2024 c:\windows\system32\sfc.dll
        76820000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\sfc_os.dll
        74480000 66e651d5 Sep 15 11:17:41 2024 c:\windows\system32\dmserver.dll
        766f0000 3e801277 Mar 25 16:25:27 2003 c:\windows\system32\es.dll
        74410000 66e651d5 Sep 15 11:17:41 2024 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
        745d0000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\srvsvc.dll
        72b50000 66e651de Sep 15 11:17:50 2024 c:\windows\system32\seclogon.dll
        70db0000 66e651e9 Sep 15 11:18:01 2024 c:\windows\system32\sens.dll
        745a0000 66e651d3 Sep 15 11:17:39 2024 c:\windows\system32\trkwks.dll
        76210000 66e651c8 Sep 15 11:17:28 2024 c:\windows\system32\w32time.dll
        780c0000 3cf54155 May 30 05:00:05 2002 c:\windows\system32\MSVCP60.dll
        54f90000 66e655af Sep 15 11:34:07 2024 c:\windows\system32\wbem\wmisvc.dll
        74370000 66e651d6 Sep 15 11:17:42 2024 c:\windows\system32\wuauserv.dll
        744f0000 66e651d4 Sep 15 11:17:40 2024 C:\WINDOWS\System32\wuaueng.dll
        74800000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\System32\ADVPACK.dll
        75b30000 66e651ca Sep 15 11:17:30 2024 C:\WINDOWS\system32\WININET.dll
        76c50000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\System32\winrnr.dll
        744d0000 66e651d4 Sep 15 11:17:40 2024 c:\windows\system32\browser.dll
        756d0000 66e651cc Sep 15 11:17:32 2024 C:\WINDOWS\System32\SXS.DLL
        74db0000 3e801284 Mar 25 16:25:40 2003 C:\WINDOWS\System32\comsvcs.dll
        74a50000 66e651d1 Sep 15 11:17:37 2024 C:\WINDOWS\System32\Wbem\wbemcore.dll
        748d0000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\System32\Wbem\esscli.dll
        74830000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\System32\Wbem\wbemcomn.dll
        74d30000 66e651cf Sep 15 11:17:35 2024 C:\WINDOWS\System32\Wbem\FastProx.dll
        74380000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\system32\wbem\wbemsvc.dll
        74540000 66e651d4 Sep 15 11:17:40 2024 C:\WINDOWS\system32\wbem\wmiutils.dll
        74790000 66e651d2 Sep 15 11:17:38 2024 C:\WINDOWS\system32\wbem\repdrvfs.dll
        54ff0000 66e655ac Sep 15 11:34:04 2024 C:\WINDOWS\system32\wbem\wmiprvsd.dll
        5c830000 66e65578 Sep 15 11:33:12 2024 C:\WINDOWS\system32\NCObjAPI.DLL
        74970000 66e651d1 Sep 15 11:17:37 2024 C:\WINDOWS\system32\wbem\wbemess.dll
         ffd0000 3e801389 Mar 25 16:30:01 2003 C:\WINDOWS\System32\rsaenh.dll
        70690000 66e651ec Sep 15 11:18:04 2024 C:\WINDOWS\system32\actxprxy.dll
        769f0000 66e651c5 Sep 15 11:17:25 2024 c:\windows\system32\netman.dll
        71da0000 66e651e4 Sep 15 11:17:56 2024 c:\windows\system32\WZCSAPI.DLL
        754a0000 66e651cd Sep 15 11:17:33 2024 C:\WINDOWS\system32\NETSHELL.dll
        744b0000 66e651d4 Sep 15 11:17:40 2024 C:\WINDOWS\system32\CLUSAPI.dll
        74c00000 66e651d0 Sep 15 11:17:36 2024 C:\WINDOWS\system32\netcfgx.dll
        730e0000 66e651dc Sep 15 11:17:48 2024 C:\WINDOWS\system32\WINIPSEC.DLL
        65f50000 66e6522c Sep 15 11:19:08 2024 C:\WINDOWS\system32\hnetcfg.dll
        74390000 66e651d5 Sep 15 11:17:41 2024 C:\WINDOWS\system32\wbem\wbemprox.dll
        74b50000 66e651d0 Sep 15 11:17:36 2024 C:\WINDOWS\System32\RASDLG.dll
        76c70000 66e651c3 Sep 15 11:17:23 2024 C:\WINDOWS\System32\rasadhlp.dll
        6f7f0000 66e651f2 Sep 15 11:18:10 2024 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.0.0_x-ww_E0651936\winhttp.dll
        6ba20000 66e65213 Sep 15 11:18:43 2024 C:\WINDOWS\System32\dbghelp.dll
    SubSystemData:     00000000
    ProcessHeap:       00080000
    ProcessParameters: 00020000
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\System32\svchost.exe'
    ImageFile:    'C:\WINDOWS\System32\svchost.exe'
    CommandLine:  'C:\WINDOWS\System32\svchost.exe -k netsvcs'
    DllPath:      'C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem'
    Environment:  00010000
        ALLUSERSPROFILE=C:\Documents and Settings\All Users
        ClusterLog=C:\WINDOWS\Cluster\cluster.log
        CommonProgramFiles=C:\Program Files\Common Files
        COMPUTERNAME=NTDEV-QQTQSNLDX
        ComSpec=C:\WINDOWS\system32\cmd.exe
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 3, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0503
        ProgramFiles=C:\Program Files
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERPROFILE=C:\Documents and Settings\LocalService
        windir=C:\WINDOWS

http://www.dtcms.com/a/520046.html

相关文章:

  • 餐饮网站模板免费下载jetpack wordpress
  • Hadoop High Availability 简介
  • Tier 1 供应商EDI对接:Forvia EDI需求分析
  • 2025最新策略答案引擎优化(AEO):在AI搜索引擎中获得更多曝光
  • SpringAI Redis RAG 搜索
  • 服务器和域名都有了 怎么做网站网站seo诊断分析报告
  • SpringBoot的Web开发
  • 基于springboot的大创管理系统开发与设计
  • GitHub 热榜项目 - 日榜(2025-10-23)
  • RAG:让大模型“既懂又查”的智能系统
  • cms网站建设的优缺点wordpress两个站合并
  • 数据结构——B树及其基本操作
  • java.text.MessageFormat的用法
  • 公司网站怎么做分录平面设计怎么网上接单
  • Java爬虫性能优化:以喜马拉雅音频元数据抓取为例
  • 使用 Java 对 PDF 添加水印:提升文档安全与版权保护
  • CRMEB-PHP订单改价模块详解
  • 丽水 网站建设注册163免费邮箱
  • 网站建设微信开发怎么做订阅号
  • TypeScript Array(数组)
  • E160系列全国产超外差无线射频模块技术解析与应用指南
  • 20251023在Ubuntu20.04.6上编译AIO-3576Q38开发板的Android14
  • 故障后数据备份
  • C++(23):lambda可以模版参数
  • 全平台Ansible一键安装脚本:Ubuntu/Debian/RHEL全支持
  • leetcode 23 合并K个升序链表
  • Element Plus组件v-loading在el-dialog组件上使用无效
  • 广州骏域网站阿里云可以建设多个网站
  • 青海网站建设与制作网站做多长时间才会有流量
  • 金坛建设局网站网站建设的主要功能有哪些