ÉÏÍø×î¿Ö²ÀµÄÊÂĪ¹ýÓÚв¡¶¾³öÀ´µÄʱºò£¬¾¡¹ÜµçÄÔÉÏÎÒÃǶ¼×°Óи÷ÖÖÇ¿´óµÄɱ¶¾Èí¼þ£¬Ò²ÅäÖÃÁ˶¨Ê±×Ô¶¯¸üв¡¶¾¿â£¬µ«²¡¶¾×ÜÊÇÒªÏÈÓÚ²¡¶¾¿âµÄ¸üеģ¬ËùÒÔÖÐÕеÄÿ´Î¶¼²»»áÊÇÉÙÊý£¬ÕâÀïÁоÙһЩͨÓõÄɱ¶¾·½·¨£¬×Ô¼ºÇ××Ô¶¯ÊÖÀ´ÓÃϵͳ×Ô´øµÄ¹¤¾ß½Êɱ²¡¶¾£º
Ò»¡¢×Ô¼º¶¯ÊÖÇ°£¬ÇмÇÓб¸ÎÞ»¼¡ª¡ªÓÃTaskList±¸·Ýϵͳ½ø³Ì
  ÐÂÐͲ¡¶¾¶¼Ñ§»áÁËÓýø³ÌÀ´Òþ²Ø×Ô¼º£¬ËùÒÔÎÒÃÇ×îºÃÔÚϵͳÕý³£µÄʱºò£¬±¸·ÝһϵçÄԵĽø³ÌÁÐ±í£¬µ±È»×îºÃÔÚ¸Õ½øÈëWindowsʱ²»ÒªÔËÐÐÈκγÌÐòµÄÇé¿öϱ¸·Ý£¬ÑùÒÔºó¸Ð¾õµçÄÔÒì³£µÄʱºò¿ÉÒÔͨ¹ý±È½Ï½ø³ÌÁÐ±í£¬ÕÒ³ö¿ÉÄÜÊDz¡¶¾µÄ½ø³Ì¡£
ÔÚÃüÁîÌáʾ·ûÏÂÊäÈ룺
TaskList /fo:csv>g:zc.csv
ÉÏÊöÃüÁîµÄ×÷ÓÃÊǽ«µ±Ç°½ø³ÌÁбíÒÔcsv¸ñʽÊä³öµ½¡°zc.csv¡±ÎļþÖУ¬g:ΪÄãÒª±£´æµ½µÄÅÌ£¬¿ÉÒÔÓÃExcel´ò¿ª¸ÃÎļþ.
¶þ¡¢×Ô¼º¶¯ÊÖʱ£¬±ØÐë»ðÑ۽𾦡ª¡ªÓÃFC±È½Ï½ø³ÌÁбíÎļþ   Èç¹û¸Ð¾õµçÄÔÒì³££¬»òÕßÖªµÀ×î½üÓÐÁ÷Ðв¡¶¾£¬ÄÇô¾ÍÓбØÒª¼ì²éһϡ£
½øÈëÃüÁîÌáʾ·ûÏ£¬ÊäÈëÏÂÁÐÃüÁ
TaskList /fo:csv>g:yc.csv
Éú³ÉÒ»¸öµ±Ç°½ø³ÌµÄyc.csvÎļþÁÐ±í£¬È»ºóÊäÈ룺
FC g:\zccsv g:\yc.csy
»Ø³µºó¾Í¿ÉÒÔ¿´µ½Ç°ºóÁбíÎļþµÄ²»Í¬ÁË£¬Í¨¹ý±È½Ï·¢ÏÖ£¬µçÄÔ¶àÁËÒ»¸öÃûΪ¡°Winion0n.exe¡±(ÕâÀïÒÔÕâ¸ö½ø³ÌΪÀý)²»ÊÇ¡°Winionon.exe¡±µÄÒì³£½ø³Ì¡£
Èý¡¢½øÐÐÅжÏʱ£¬ÇмÇÖ¤¾ÝÈ·Ô䡪¡ªÓÃNetstat²é¿´¿ª·Å¶Ë¿Ú   ¶ÔÕâÑùµÄ¿ÉÒɽø³Ì£¬ÈçºÎÅжÏËüÊÇ·ñÊDz¡¶¾ÄØ£¿¸ù¾Ý´ó²¿·Ö²¡¶¾£¨ÌرðÊÇľÂí£©»áͨ¹ý¶Ë¿Ú½øÐжÔÍâÁ¬½ÓÀ´´«²¥²¡¶¾£¬¿ÉÒԲ鿴һ϶˿ÚÕ¼ÓÐÇé¿ö¡£
ÔÚÃüÁîÌáʾ·ûÏÂÊäÈ룺
Netstat -a-n-o
²ÎÊýº¬ÒåÈçÏ£º
a:ÏÔʾËùÓÐÓë¸ÃÖ÷»ú½¨Á¢Á¬½ÓµÄ¶Ë¿ÚÐÅÏ¢
n:ÏÔʾ´ò¿ª¶Ë¿Ú½ø³ÌPID´úÂë
o£ºÒÔÊý×Ö¸ñʽÏÔʾµØÖ·ºÍ¶Ë¿ÚÐÅÏ¢
»Ø³µºó¾Í¿ÉÒÔ¿´µ½ËùÓпª·Å¶Ë¿ÚºÍÍⲿÁ¬½Ó½ø³Ì£¬ÕâÀïÒ»¸öPIDΪ1756£¨ÒÔ´ËΪÀý£©µÄ½ø³Ì×îΪ¿ÉÒÉ£¬ËüµÄ״̬ÊÇ¡°ESTABLISHED¡±£¬Í¨¹ýÈÎÎñ¹ÜÀíÆ÷¿ÉÒÔÖªµÀÕâ¸ö½ø³Ì¾ÍÊÇ¡°Winion0n.exe¡±£¬Í¨¹ý²é¿´±¾»úÔËÐÐÍøÂç³ÌÐò£¬¿ÉÒÔÅжÏÕâÊÇÒ»¸ö·Ç·¨Á¬½Ó£¡
Á¬½Ó²ÎÊýº¬ÒåÈçÏ£º
LISTENINC£º±íʾ´¦ÓÚÕìÌý״̬£¬¾ÍÊÇ˵¸Ã¶Ë¿ÚÊÇ¿ª·ÅµÄ£¬µÈ´ýÁ¬½Ó£¬µ«»¹Ã»Óб»Á¬½Ó£¬Ö»ÓÐTCPЭÒéµÄ·þÎñ¶Ë¿Ú²ÅÄÜ´¦ÓÚLISTENINC״̬¡£
ESTABLISHEDµÄÒâ˼Êǽ¨Á¢Á¬½Ó¡£±íʾÁ½Ì¨»úÆ÷ÕýÔÚͨÐÅ¡£TIME-WAITÒâ˼ÊǽáÊøÁËÕâ´ÎÁ¬½Ó¡£ËµÃ÷¶Ë¿ÚÔø¾­Óйý·ÃÎÊ£¬µ«·ÃÎʽáÊøÁË£¬ÓÃÓÚÅжÏÊÇ·ñÓÐÍⲿµçÄÔÁ¬½Óµ½±¾»ú¡£
ËÄ£ºÏÂÊÖɱ¶¾Ê±£¬Ò»¶¨ÒªÐĺÝÊÖÀ±¡ª¡ªÓÃNTSDÖÕÖ¹½ø³Ì
  ËäȻ֪µÀ ¡°Winion0n.exe¡±ÊǸö·Ç·¨½ø³Ì£¬µ«ÊǺܶಡ¶¾µÄ½ø³ÌÎÞ·¨Í¨¹ýÈÎÎñ¹ÜÀíÆ÷ÖÕÖ¹£¬Ôõô°ì£¿
ÔÚÃüÁîÌáʾ·ûÏÂÊäÈëÏÂÁÐÃüÁ
ntsd ¨Cc q-p 1756
»Ø³µºó¿ÉÒÔ˳Àû½áÊø²¡¶¾½ø³Ì¡£
Ìáʾ£º¡°1756¡±Îª½ø³ÌPIDÖµ£¬Èç¹û²»ÖªµÀ½ø³ÌµÄID£¬´ò¿ªÈÎÎñ¹ÜÀíÆ÷£¬µ¥»÷¡°²é¿´¡úÑ¡ÔñÁСú¹´ÉÏPID£¨½ø³Ì±êʶ·û£©¼´¿É¡£NTSD¿ÉÒÔÇ¿ÐÐÖÕÖ¹³ýSytem,SMSS.EXE,CSRSS.EXEÍâµÄËùÓнø³Ì¡£
Îå¡¢¶Ï¶¨²¡¶¾ºó£¬¶¨ÒªÕ¶²Ý³ý¸ù¡ª¡ªËѳö²¡¶¾Ô­Îļþ   ¶ÔÓÚÒѾ­ÅжÏÊDz¡¶¾ÎļþµÄ¡°Winion0n.exe¡±Îļþ£¬Í¨¹ýËÑË÷¡°±¾µØËùÓзÖÇø¡±¡¢¡°ËÑË÷ϵͳÎļþ¼ÐºÍÒþ²ØµÄÎļþºÍÎļþ¼Ð¡±£¬ÕÒµ½¸ÃÎļþµÄ²ØÉíÖ®Ëù£¬½«Ëüɾ³ý¡£²»¹ýÕâÑùɾ³ýµÄÖ»ÊDz¡¶¾Ö÷Îļþ£¬Í¨¹ý²é¿´ËüµÄÊôÐÔ£¬ÒÀ¾ÝËüµÄÎļþ´´½¨ÈÕÆÚ¡¢´óСÔٴνøÐÐËÑË÷£¬ÕÒ³öËüµÄͬ»ï²¢É¾³ý¡£Èç¹ûÄ㲻ȷ¶¨»¹ÓÐÄÇЩÎļþÊÇËüµÄÇ×ÆÝ£¬Í¨¹ýÍøÂçËÑË÷²éÕÒ²¡¶¾ÐÅÏ¢»ñµÃ°ïÖú¡£
Áù¡¢Çå³ý²¡¶¾ºóÒ»¶¨Òª´òɨս³¡¡ª¡ªÊÖ¶¯ÐÞ¸´×¢²á±íËäÈ»°Ñ²¡¶¾Îļþɾ³ýÁË£¬µ«²¡¶¾¶¼»áÔÚ×¢²á±íÁôÏÂÀ¬»ø¼üÖµ£¬»¹ÐèÒª°ÑÕâЩÀ¬»øÇå³ý¸É¾»¡£1¡¢ÓÃreg export±¸·Ý×ÔÆô¶¯¡£ÓÉÓÚ×ÔÆô¶¯¼üÖµºÜ¶à£¬·¢ÏÖ²¡¶¾Ê±ÊÖ¶¯²éÕҺܲ»·½±ã¡£ÕâÀïÓÃreg export+Åú´¦ÀíÃüÁîÀ´±¸·Ý¡£
Æô¶¯¼Çʱ¾ÊäÈëÏÂÁÐÃüÁ
reg export HKLM\software\Microsoft\Windows\
CurrentVersion\Run fo:\hklmrun.reg
reg export HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run f:\hklcu.reg
reg export HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run hklml.reg
×¢£ºÕâÀïÖ»Áоټ¸¸ö³£¼û¼üÖµµÄ±¸·Ý£¬ÆäËü¼üÖµÇë²ÎÕÕÉÏÊö·½·¨ÖÆ×÷¡£
È»ºó½«Ëü±£´æΪziqidong.batÔÚÃüÁîÌáʾ·ûÏÂÔËÐÐËü£¬¼´¿É½«ËùÓÐ×ÔÆô¶¯¼üÖµ±¸·Ýµ½ÏàÓ¦µÄregÎļþÖУ¬½Ó×ÅÔÙÊäÈ룺
copy f:\*.reg ziqidong.txt
ÃüÁîµÄ×÷ÓÃÊǽ«ËùÓб¸·ÝµÄregÎļþÊä³öµ½¡°ziqidong.txt¡±ÖУ¬ÕâÑùÈç¹û·¢ÏÖ²¡¶¾ÐÂÔö×ÔÆô¶¯ÏͬÉϴε¼³ö×ÔÆô¶¯Öµ£¬ÀûÓÃÉÏÃæ½éÉܵÄFCÃüÁî±È½ÏÇ°ºóÁ½¸ötxtÎļþ£¬¼´¿É¿ìËÙÕÒ³öÐÂÔö×ÔÆô¶¯ÏîÄ¿¡£
2¡¢ÓÃreg deleteɾ³ýÐÂÔö×ÔÆô¶¯¼üÖµ¡£±ÈÈ磺ͨ¹ýÉÏÃæµÄ·½·¨ÔÚ[HKER_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run],ÕÒµ½Ò»¸ö¡°Logon¡±×ÔÆô¶¯ÏÆô¶¯³ÌÐòΪ¡°c:\windows\winlogon.exe¡±,ÏÖÔÚÊäÈëÏÂÁÐÃüÁî¼´¿Éɾ³ý²¡¶¾×ÔÆô¶¯¼üÖµ£º
reg delete HKLM\software\Microssoft\Windows\
CurrentVersion\Run /f
3¡¢ÓÃreg import»Ö¸´×¢²á±í¡£Reg de-leteɾ³ýÊǵÄÊÇÕû¸öRUN¼üÖµ£¬ÏÖÔÚÓñ¸·ÝºÃµÄregÎļþ»Ö¸´¼´¿É£¬ÊäÈëÏÂÁÐÃüÁî¼´¿ÉѸËÙ»¹Ô­×¢²á±í£º
reg import f:\hklmrun.reg
ÉÏÃæ½éÉÜÊÖ¶¯É±¶¾µÄ¼¸¸öϵͳÃüÁÆäʵֻҪÓúÃÕâЩÃüÁÎÒÃÇ»ù±¾¿ÉÒÔKILLµô´ó²¿·ÖµÄ²¡¶¾£¬µ±È»Æ½Ê±¾ÍÒ»¶¨Òª×öºÃ±¸·Ý¹¤×÷¡£
Ìáʾ£ºÉÏÊö²Ù×÷Ò²¿ÉÒÔÔÚ×¢²á±í±à¼­Æ÷ÀïÊÖ¶¯²Ù×÷£¬µ«ÊÇREGÃüÁîÓиöºÃ´¦£¬ÄǾÍÊǼ´Ê¹×¢²á±í±à¼­Æ÷±»²¡¶¾ÉèÖÃΪ½ûÓã¬Ò²¿ÉÒÔͨ¹ýÉÏÊöÃüÁîµ¼³ö/ɾ³ý/µ¼Èë²Ù×÷£¬¶øÇÒËٶȸü¿ì£¡
Æß¡¢À¦°óľÂí¿ËÐÇ¡ª¡ªFIND
  ÉÏÃæ½éÉÜÀûÓÃϵͳÃüÁî²éɱһ°ã²¡¶¾£¬ÏÂÃæÔÙ½éÉÜÒ»¸ö¼ì²âÀ¦°óľÂíµÄ¡°FIND¡±ÃüÁî¡£ÏàÐźܺܶàÍø³æ¶¼ÔâÓö¹ýÀ¦°óľµ¶£¬ÕâЩ¡°Åú×ÅÑòƤµÄÀÇ¡±³£³£¶ãÔÚͼƬ¡¢FLASH¡¢ÉõÖÁÒôÀÖÎļþºóÃæ¡£µ±ÎÒÃÇ´ò¿ªÕâЩÎļþµÄʱºò£¬ËäÈ»ÔÚµ±Ç°´°¿ÚÏÔʾµÄȷʵÊÇÒ»·ùͼƬ£¨»òÊDz¥·ÅµÄFLASH£©£¬µ«¿É¶ñµÄľÂíÈ´ÒѾ­ÔÚºǫ́ÇÄÇĵØÔËÐÐÁË¡£±ÈÈç½üÈÕÎÒ¾ÍÊÕµ½Ò»ÕźÃÓÑ´ÓQQ´«À´µÄ³¬Å®±ÚÖ½£¬µ«Êǵ±ÎÒ´ò¿ªÍ¼Æ¬Ê±È´·¢ÏÖ£ºÍ¼Æ¬ÒѾ­Óá°Í¼Æ¬ºÍ´«Õæ²é¿´Æ÷¡±´ò¿ªÁË£¬Ó²Å̵ÄָʾµÆÈ´Ò»Ö±ÔÚ¿ñÉÁ¡£ÏÔÈ»ÔÚÎÒ´ò¿ªÍ¼Æ¬µÄͬʱ£¬Óв»Ã÷µÄ³ÌÐòÔÚºǫ́ÔËÐС£ÏÖÔÚÓÃFINDÃüÁî¼ì²âͼƬÊÇ·ñÀ¦°óľÂí£¬ÔÚÃüÁîÌáʾ·ûÊäÈ룺
FIND /c /I¨”This program¨•g:\chaonv.jpe.exe
ÆäÖÐ:
g:\chaonv.jpe.exe±íʾÐèÒª¼ì²âµÄÎļþ
FINDÃüÁî·µ»ØµÄÌáʾÊÇ¡°___G:CHAONV.EXE: 2¡±,Õâ±íÃ÷¡°G£º¡¢CHAONV.EXE¡±È·ÊµÀ¦°óÁËÆäËüÎļþ¡£ÒòΪFINDÃüÁîµÄ¼ì²â£ºÈç¹ûÊÇEXEÎļþ£¬Õý³£Çé¿öÏ·µ»ØÖµÓ¦¸ÃΪ¡°1¡±£»Èç¹ûÊDz»¿ÉÖ´ÐÐÎļþ£¬Õý³£Çé¿öÏ·µ»ØÖµÓ¦¸ÃΪ¡°0¡±£¬ÆäËü½á¹û¾ÍҪעÒâÁË¡£
Ìáʾ£ºÆäʵºÜ¶àÀ¦°óľÂíÊÇÀûÓÃWindowsĬÈϵġ°Òþ²ØÒÑÖªÀàÐÍÎļþÀ©Õ¹Ãû¡±À´ÃÔ»óÎÒÃÇ£¬±ÈÈç±¾ÀýµÄ¡°chaonv.jpe.exe¡±£¬ÓÉÓÚÕâ¸öÎļþ²ÉÓÃÁËJPGÎļþµÄͼ±ê£¬²Åµ¼ÖÂÉϵ±¡£´ò¿ª¡°ÎҵĵçÄÔ¡±£¬µ¥»÷¡°¹¤¾ß¡úÎļþ¼ÐÑ¡Ï£¬¡°µ¥»÷¡±¡°²é¿´¡±£¬È¥³ý¡°Òþ²ØÒÑÖªÀàÐÍÎļþÀ©Õ¹Ãû¡±Ç°µÄС¹´£¬¼´¿É¿´Çå¡°ÀÇ¡±µÄÕæÃæÄ¿¡£
°Ë¡¢×ܽá×îºóÎÒÃÇÔÙÀ´×ܽáÒ»ÏÂÊÖ¶¯¶¾µÄÁ÷³Ì£º
ÓÃTSKLIST±¸·ÝºÃ½ø³ÌÁбí¡úͨ¹ýFC±È½ÏÎļþÕÒ³ö²¡¶¾¡úÓÃNETSTATÅжϽø³Ì¡úÓÃFINDÖÕÖ¹½ø³Ì¡úËÑË÷ÕÒ³ö²¡¶¾²¢É¾³ý¡úÓÃREGÃüÁîÐÞ¸´×¢²á±í¡£ÕâÑù´Ó·¢ÏÖ²¡¶¾¡¢É¾³ý²¡¶¾¡¢ÐÞ¸´×¢²á±í£¬ÕâÍê³ÉÕû¸öÊÖ¶¯²é¶¾¡¢É±¶¾¹ý³Ì¡£