史萊姆論壇 - 騎著木馬的人

史萊姆論壇 (http://forum.slime.com.tw/)

- 一般電腦疑難討論區 (http://forum.slime.com.tw/f17.html)

- - 騎著木馬的人 (http://forum.slime.com.tw/thread203692.html)

騎著木馬的人

我是新手, 請問有沒有大大可以幫忙? 多多指教:on_02:
1)若以modem power on 的狀態啟動電腦, 老鼠反應就會很慢; 相反power off 則不會.
2)連線後, 打開IE卻需 "花長時間來打開"/"不能打開" 網頁.
2)電腦間歇性不能正常啟動.
3)運作時自動當機.
4)關機很慢.
5)一向都裝了AVAST4.7, 最近加增了Registry Cleaner, WinPatrol, Spyware Terminator...但都搞不定唷~

以下是HIJACKTHIS log:on_47:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:24:59, on 23/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
X:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
X:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
X:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
X:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
X:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\devldr32.exe
X:\Program Files\Speed Startup\speedstartup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - X:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] X:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [SpeedStartup] X:\Program Files\Speed Startup\speedstartup.exe runonce
O4 - HKCU\..\Run: [SpeedStartup] X:\Program Files\Speed Startup\speedstartup.exe bootup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Convert for CLI - x:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Convert for CLIE - X:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://X:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Program Files\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B63680-1BBF-4811-8F8B-3E8C53A24594}: NameServer = 218.102.62.71 205.252.144.126
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - X:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - X:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - X:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - X:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7434 bytes
有得救嗎?

病毒的可能不無
按 Delete+Alt+Ctrl
選處理程序
按一下影像名稱
向下找到 svchost.exe 看看有幾個
XP超過 5個就可能有問題

至於第一個問題
沒有必要當然就不要開啟 modem power on
會使滑鼠便慢可能是共享IRQ不當所致
(不過一般來講滑鼠的IRQ是獨享的，這點真正問題在網路上不容易判讀...)

至於上網問題病毒/木馬是有可能拖累

開啟Windows 檔案總管 -> 工具 -> 資料夾選項 -> 檢視
"顯示所有檔案及資料夾" 取消 "隱藏保護的作業系統檔案"
再請到
C:\Documents and Settings\<你的帳號名稱>\Local Settings\Temp
看有無隱藏的檔案

隱藏的檔案字體顏色會呈現淡色的

不管是否有問題按 Ctrl+A 全選
一般來講此時防毒軟體會偵測是否有木馬或病毒檔
(.....先講到這裡)

請問您是否安裝兩套以上防毒軟體而且是開機時就啟動 ?

引用:

作者: mini (文章 1705627)

經版主這麼一講我就去察看看我的svchost.exe 有幾個再跑
結果好死不死有六各多你說的一個= =
敢問這東西是幹麻的@@?
又問聽你的語氣只是可能並不代表一定中毒??

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

"Crawler" 很有問題, 上面這些要勾選並選擇修復
然後把
C:\Program Files\Common Files\Microsoft Shared\Web Folders\
C:\Program Files\Crawler\
這兩個目錄及裡面所有檔案刪除或卸載

O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: ipp - (no CLSID) - (no file)
這兩行檔案已不在了, 也可修復

還有, SpySweeper.exe, Spyware Terminator, winpatrol.exe 這三個同質性太高了, 最好別同時用(何況你還有裝防毒軟體)

引用:

作者: luciferboy (文章 1705649)

有些系統服務是以 svchost.exe 啟動的, 所以服務啟用多, svchost.exe 執行程序自然就多

再者, svchost.exe 若不是在 c:\windows\system32 目錄內, 那肯定有問題
還有要注意是否是 "變形" 檔名, 例如 "svch0st.exe"

因為剛好今天查到自己中X了
並自行解除
(用最新版的F-secure只能治標不能治本，超級兔子也無用...)

所以特別提出 svchost.exe 之問題
其實搜尋引擎找一下有很多解釋文
有沒有毒請將以下文字存成find.bat檔 (執行後會開啟記事本，請將內容貼出來)

regedit /e search1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
type search1.txt >> look.txt
del search*.txt
start notepad look.txt

=================

svchost.exe 的作用就是同 .dll檔一樣 "節約"
有無毒透過與
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
下的資料值解釋 + google
可以大概判讀是否有問題

最近覺得我電腦怪怪的....煩請看一下是否有問題......

ps:我有開滿多服務的....ex. maild,ftpd,掛通訊軟體等....但是還滿注意使用安全的....

-----------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,\
00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,75,00,70,00,6e,00,70,00,\
68,00,6f,00,73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,\
00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,\
00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,\
70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,48,00,69,\
00,64,00,53,00,65,00,72,00,76,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,\
72,00,69,00,70,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4c,00,61,00,6e,\
00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,4c,00,61,00,\
6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,00,65,00,\
63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,\
00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,\
53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,\
00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,\
54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,32,00,54,00,69,00,6d,\
00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6d,00,69,00,\
00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,77,00,69,00,6e,\
00,6d,00,67,00,6d,00,74,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,\
00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,\
00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,\
65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,\
00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

這是我的網路使用,應該沒有多餘的服務,我使用上是很小心的
<?xml version="1.0" ?>
- <rss version="0.91">
- <channel>
<title>NirSoft - Freeware Utilities</title>
<link>http://www.nirsoft.net</link>
<description>Freeware system utilities and password recovery tools for Windows</description>
<language>en-us</language>
- <item>
<title>Update: MessenPass v1.10</title>
<link>http://www.nirsoft.net/utils/mspass.html</link>
<description>MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: MSN Messenger, Windows Messenger (In Windows XP), Windows Live Messenger (In Windows XP And Vista), Yahoo Messenger (Version 5.x/6.x), ICQ Lite 4.x/2003, AOL Instant Messenger, AOL Instant Messenger/Netscape 7, Trillian, Miranda, and GAIM.</description>
</item>
- <item>
<title>Update: Beta version of Volumouse v1.50</title>
<link>http://www.nirsoft.net/utils/volumouse_beta.html</link>
<description>Beta version of Volumouse v1.50 that fully supports Windows Vista is now available to download.</description>
</item>
- <item>
<title>Update: Network Password Recovery v1.10</title>
<link>http://www.nirsoft.net/utils/network_password_recovery.html</link>
<description>When you connect to a network share on your LAN or to your .NET Passport/Messenger account, Windows XP/Vista allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user.</description>
</item>
- <item>
<title>Update: WirelessKeyView v1.10</title>
<link>http://www.nirsoft.net/utils/wireless_key.html</link>
<description>WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.</description>
</item>
- <item>
<title>Update: DLL Export Viewer v1.10</title>
<link>http://www.nirsoft.net/utils/dll_export_viewer.html</link>
<description>This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memoery address. When this function is called, the debugger will stop in the beginning of this function.</description>
</item>
- <item>
<title>Update: Mail PassView v1.38</title>
<link>http://www.nirsoft.net/utils/mailpv.html</link>
<description>Recovers the passwords and other email accounts information of the following email applications: Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free, and Web-based email accounts.</description>
</item>
- <item>
<title>Update: IE PassView v1.04</title>
<link>http://www.nirsoft.net/utils/internet_explorer_password.html</link>
<description>IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0</description>
</item>
- <item>
<title>New: NK2View v1.00</title>
<link>http://www.nirsoft.net/utils/outlook_nk2_autocomplete.html</link>
<description>This utility reads the AutoComplete file of Outlook (with .NK2 extension), displays all email records stored in it, and allows you to easily export these records into text/html/xml file.</description>
</item>
- <item>
<title>Update: FavoritesView v1.10</title>
<link>http://www.nirsoft.net/utils/faview.html</link>
<description>FavoritesView displays the list of all your Favorties (of Internet Explorer browser) and bookmarks (of Netscape/Mozilla browsers) in a single page. Each line in the list specifies the title of the item, the URL address, the created/modified date of the bookmark item, and the folder name.</description>
</item>
- <item>
<title>Update: CurrPorts v1.11</title>
<link>http://www.nirsoft.net/utils/cports.html</link>
<description>CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.</description>
</item>
- <item>
<title>Update: NetResView v1.10</title>
<link>http://www.nirsoft.net/utils/netresview.html</link>
<description>NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares.</description>
</item>
- <item>
<title>New: Remote Dekstop PassView v1.00</title>
<link>http://www.nirsoft.net/utils/remote_desktop_password.html</link>
<description>Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop utility inside .rdp files.</description>
</item>
</channel>
</rss>

引用:

作者: shizuka0223 (文章 1706117)

最近覺得我電腦怪怪的....煩請看一下是否有問題......

ps:我有開滿多服務的....ex. maild,ftpd,掛通訊軟體等....但是還滿注意使用安全的....

看起來是沒問題
這還需要比對 windows 服務及啟動
才可判斷...

引用:

作者: mini (文章 1706501)

看起來是沒問題
這還需要比對 windows 服務及啟動
才可判斷...

這兩個都可以看到....沒問題....感謝您的回答...

給您送朵花!! :on_66: