¡¾ÍƼö¡¿win2000/xpÍü¼ÇÃÜÂëµÄ·½·¨Ö®Èý££££ÐÞ¸ÄÃÜÂëµÄС³ÌÐò
[font=Arial]win2000/xpÍü¼ÇÃÜÂëµÄ·½·¨Ö®Èý££££ÐÞ¸ÄÃÜÂëµÄС³ÌÐò[/font][font=Arial]
Ȧ˫ http:[url]www.yqidc.com[/url]
ÏêÇëÇëÔÚÏß×Éѯ£º[color=red][size=5]QQ£º61537294[/color][/size]
MSN:yqidc-xiaoshou005@hotmail.com
ÁªÏµµç»°£º[color=red][size=5]0371-65386081[/color][/size]
ÏúÊÛ²¿ ÁªÏµÈË:ÕÔС½ã
»¹ÓÐÒ»ÖÖÏë·¨¾ÍÊÇÓÃÒ»¸öÐÞ¸ÄÃÜÂëµÄС³ÌÐòÀ´Ì滻ϵͳÆô¶¯µÄ±ØÒª³ÌÐò£¬È»ºóϵͳÆô¶¯Ê±¾Í»áÌæ»»ÃÜÂ룬Ëæºó°Ñ±»Ìæ»»µÄ³ÌÐòÔÚ»¹Ô¾ÍÐÐÁË¡£µ±È»Ê×ÏÈÄ㻹ÊÇÒªÄܹ»·ÃÎÊϵͳ·ÖÇø£¬À´Ìæ»»ËæϵͳÆô¶¯µÄ³ÌÐò¡£
Ì滻ϵͳÆô¶¯µÄ±ØÒª³ÌÐòµÄÒ»ÖÖ·½·¨ÊÇÎÒдµÄÒ»¸öÇå³ýadministratorÃÜÂëµÄС³ÌÐò(cleanpwd)£¬ËûËù×÷µÄ¾ÍÊÇ°ÑadministratorÃÜÂëÇå¿Õ¡£Ê¹Ó÷½·¨ÈçÏ£º
£¨2£©.Ó÷¨
1) ÓÃ˫ϵͳ»òÕßÆô¶¯ÅÌ»òÕß¹Òµ½±ðµÄϵͳÉÏ£¬Èç¹ûÊÇntfs·ÖÇøÆäËûϵͳ»òÆô¶¯ÅÌÒªÄܶÁдntfs·ÖÇø£¬°Ñwindows°²×°Ä¿Â¼ÏµÄsystem32\svchost.exe¸ÄÃûsvchost.bak.exe±¸·Ý,°Ñcleanpwd.exe¿½±´³Ésvchost.exe¡£
2) Æô¶¯¸Ãϵͳ£¬¾Í°ÑadministratorµÄÃÜÂëÇå¿ÕÁË£¬¿ÉÒÔÖ±½ÓµÇ½¡£
3) °Ñsvchost.bak.exe »Ö¸´¾ÍÐÐÁË¡££¨Èç¹ûʹÓÃÌæ»»µÄÊÇsvchost£¬×îºÃÔÙÆô¶¯rpc·þÎñ£©
£¨3£©.ΪʲôѡÓÃsvchost.exe¶ø²»ÊÇÆäËû³ÌÐò¡£
ÿ¸öwindows2000ϵͳ¶¼ÓÐÕ⼸¸ö½ø³Ì£¬
system(kernel executive and kernel)
smss(session manager)
csrss(win32 subsystem)
winlogon(logon process)
services(service control manager)
lsass(local security authentication server )
Èç¹ûÈκÎÒ»¸ö±»É±µô»òÕß³ö´í£¬ÏµÍ³½«ÖØÐÂÆô¶¯¡£²»¹ýÔÚlsassÆô¶¯Ö®Ç°Äã²»ÄÜÐÞ¸ÄÃÜÂ룬ËùÒÔ²»ÄÜÑ¡ÓÃÕ⼸¸ö³ÌÐò¡£
ÁíÍâϵͳÖÐÒ»°ã»¹ÓÐÒÔÏÂһЩ³ÌÐò£º
svchost.exe(remote procedure call (rpc) »¹ÓÐÆäËûһЩ·þÎñ)
wbem\winmgmt.exe(windows management umentation)
mstask.exe(task scheduler)
regsvc.exe(remote registry service)
¿ÉÄÜ»¹ÓÐÆäËû·þÎñ³ÌÐò£¬Äã¿ÉÄܽûÖ¹Á˳ýrpcÖ®ÍâµÄÆäËû·þÎñ£¬µ«²»»á½ûÖ¹rpc£¬·ñÔòϵͳ¹¤×÷¾Í²»Õý³£ÁË¡£ËùÒÔÎÒÑ¡ÔñÁËsvchost£¬Èç¹ûÄãÖªµÀÆäËû·þÎñ»á×Ô¶¯Æô¶¯£¬ÄãÒ²¿ÉÒÔÑ¡ÔñËü¡£
µ±È»Èç¹ûϵͳ°²×°ÁËɱ¶¾Èí¼þµÄ»°£¬ÄãÌ滻ɱ¶¾Èí¼þÒ²¿ÉÒÔ£¬ÒòΪһ°ãɱ¶¾Èí¼þ¶¼»áÔÚϵͳÆô¶¯ÊÇÆô¶¯É±¶¾·À»ðǽÀ´É±¶¾µÄ¡£[/font]
Ò³:
[1]