Ntsd.exeԼntsd.exeɱ-gdkjhh-Ѻ ¼|ע뿪| |  ģӮʱд 
loading...
Ժ...
gdkjhh ־  Ƶ   gdkjhhҳ 
Ѻ > gdkjhh > ־ > 簲ȫ &laquo; һƪ | һƪ &raquo;2008-09-15 | Ntsd.exeԼntsd.exeɱ 
 ǩ windows  ntsd    process  program  
Ntsd.exẹ2000ʼϵͳԴû̬Թߡ(attach)Ľ̻һ˳Կֹ̡ʹntsdԶͻdebugȨޣӶɱ󲿷ֵĽ(ֻSystemSMSS.EXECSRSS.EXE̲ܽ,ǰǴں̬ģǸWin32ϵͳntsdҪ)

Ntsd.exe÷:

ntsd -c q -p PID

ntsd -c q pn ImageName

 - cǱʾִdebugqʾִн˳(quit),-p ʾҪĽ̶ӦPID,-pn 
ʾҪĽprocess_name.exe 磺QQ.exe,explorer.exe 
ȵȣֵעǺ׺.exeǲʡԵģϵͳ㡰ִ֧˽ӿڡ

鿴pid,ǿ,,Ҳʹtasklist.

ҪpidΪ3212Ľmaxthon.exe
ôǿʾ:
ntsd -c q -p 3212

ntsd -c q -pn maxthon.exe
ntsd.exe
һ "Сľ"cf (Win32.Troj.Small.cf) в𣺡 

òӲ̷ʼдƻӲ̣ӲݱƻԵõָкϵͳĿ¼ͷţ%documents and 
settings%%user%lsass.exeȶļڷϵͳautorun.inf⣬tskill.exentsd.exeн̣kvmonxp.kxpshstat.exeravmon.exeavp.exeܸȾĵҪָҪݣӦרҵݻָҪͼлָɲصʧ 


桱jq (Worm.Warezov.jq) в𣺡Worm.WuKill.a 

òܸͨȾϵЧʼַȺʼдһ᳢²֡кͷŲļ%SystemRoot%system32fzhtjvbhbv.exe), 
²ֵصִַغͰװͷţ%SystemRoot%tpup.exe%SystemRoot%tpup.datȶ²ļ޸עʵֿԶСtrojan.dl.vb.dzeɱ 
worm.wukill.a 
ntsd.exe
:
ʷ:ÿοʱNTSD.EXE˴󣬻ᱻWINDOWSرաҪ ڴ־
һ4󴰿ڡֻеȷ
Ѿɱˣôأ

ע: 

ҵϱ:
λ֣
ǳлϵͳϱ棬Сʮ𼱵ȴİ
ϱ360ȫʿṩ http://www.360safe.com
ʱ: 2008-03-21 20:05:32
ƽ̨: Microsoft Windows 2000 Service Pack 4
IE汾: Internet Explorer V6.0.2800.1106 Build:62800.1106 
ڴ:511.48MB - ǰڴ:367.20MB

100 - δ֪ - Process: stormliv.exe [Ӱý] - C:Program 
FilesStormIIstormliv.exe
O2 - δ֪ - BHO: (ThunderAtOnce Class) - [Ѹ߼֧ģ] - - C:Program 
FilesThunderComDllsTDAtOnce_Now.dll
O8 - δ֪ - Extra context menu item: ʹѸ - C:Program 
FilesThunderProgramgeturl.htm
O8 - δ֪ - Extra context menu item: ʹѸȫ - C:Program 
FilesThunderProgramgetallurl.htm
O16 - δ֪ - DPF: (Windows Genuine Advantage Validation Tool) - 
http://go.microsoft.com/fwlink/?linkid=39204
O16 - δ֪ - DPF: (iTrusPTA) - https://img.alipay.com/download/1101/aliedit.cab
O23 - δ֪ - Service: ccosm [Contrl Center of Storm Media] - C:Program 
FilesStormIIstormliv.exe /asservice - (running)
O23 - δ֪ - Service: SLService [SmartLinkService] - slserv.exe - (running)

=======================================

100 - ȫ - Process: smss.exe 
[ýΪỰϵͳԳʼϵͳms-doslpt1Լcomwin32ϵͳwindows½̡] - 
C:WINNTSystem32smss.exe
100 - ȫ - Process: csrss.exe [ͻ˷ϵͳԿwindowsͼϵͳ] - 
C:WINNTsystem32csrss.exe ObjectDirectory=Windows SharedSection=1024,3072,512,512 
Windows=On SubSystemType=Windows ServerDll=ba
100 - ȫ - Process: winlogon.exe [windows ntû½] - 
C:WINNTsystem32winlogon.exe
100 - ȫ - Process: services.exe [ڹwindowsϵͳ̡] - 
C:WINNTsystem32services.exe
100 - ȫ - Process: lsass.exe [ذȫȨ޷windowsȫơ] - 
C:WINNTsystem32lsass.exe
100 - ȫ - Process: svchost.exe [service host processһ׼Ķ̬ӿ] - 
C:WINNTsystem32svchost -k rpcss
  |   (0) |  Ķ (6)  |  ̶ |   (簲ȫ) |   14:13 
ʾ̶ӡΪʾƪµĹ̶ӣл
ӵַhttp://gdkjhh.blog.sohu.com/99880069.html ƴ˵ַ

     һʱɳôѺܰʾ販թƭ Ѻ͹ԱȷַΪhttp://admin.blog.sohu.com 
ðơѺ͹ٷҪμӻĸλѽκεáԡенϢҪİ绰İʻƭʶƭ 
鿴顣
ֻ¼ûſɶԴۡ¼

ͷ԰ | ͷ | ͷ | 24Сʱͷ:010-58511234(˹8:00-24:00) | ߿ͷ | ٱϢ 
Copyright &copy; 2009 Sohu.com Inc. All rights reserved. Ѻ˾ Ȩ 
  >