求助 - 騎著木馬的人

2007-04-23, 11:37 PM

我是新手, 請問有沒有大大可以幫忙? 多多指教

1)若以modem power on 的狀態啟動電腦, 老鼠反應就會很慢; 相反power off 則不會.
2)連線後, 打開IE卻需 "花長時間來打開"/"不能打開" 網頁.
2)電腦間歇性不能正常啟動.
3)運作時自動當機.
4)關機很慢.
5)一向都裝了AVAST4.7, 最近加增了Registry Cleaner, WinPatrol, Spyware Terminator...但都搞不定唷~

以下是HIJACKTHIS log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:24:59, on 23/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
X:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
X:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
X:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
X:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
X:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\devldr32.exe
X:\Program Files\Speed Startup\speedstartup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - X:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] X:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [SpeedStartup] X:\Program Files\Speed Startup\speedstartup.exe runonce
O4 - HKCU\..\Run: [SpeedStartup] X:\Program Files\Speed Startup\speedstartup.exe bootup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Convert for CLI - x:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Convert for CLIE - X:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://X:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Program Files\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B63680-1BBF-4811-8F8B-3E8C53A24594}: NameServer = 218.102.62.71 205.252.144.126
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - X:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - X:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - X:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - X:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7434 bytes
有得救嗎?

mini · 2007-04-25, 03:46 PM

病毒的可能不無
按 Delete+Alt+Ctrl
選處理程序
按一下影像名稱
向下找到 svchost.exe 看看有幾個
XP超過 5個就可能有問題

至於第一個問題
沒有必要當然就不要開啟 modem power on
會使滑鼠便慢可能是共享IRQ不當所致
(不過一般來講滑鼠的IRQ是獨享的，這點真正問題在網路上不容易判讀...)

至於上網問題病毒/木馬是有可能拖累

開啟Windows 檔案總管 -> 工具 -> 資料夾選項 -> 檢視
"顯示所有檔案及資料夾" 取消 "隱藏保護的作業系統檔案"
再請到
C:\Documents and Settings\<你的帳號名稱>\Local Settings\Temp
看有無隱藏的檔案

隱藏的檔案字體顏色會呈現淡色的

不管是否有問題按 Ctrl+A 全選
一般來講此時防毒軟體會偵測是否有木馬或病毒檔
(.....先講到這裡)

不飛 · 2007-04-25, 03:58 PM

請問您是否安裝兩套以上防毒軟體而且是開機時就啟動 ?

luciferboy · 2007-04-25, 04:40 PM

引用:

作者: mini

病毒的可能不無
按 Delete+Alt+Ctrl
選處理程序
按一下影像名稱
向下找到 svchost.exe 看看有幾個
XP超過 5個就可能有問題

至於第一個問題
沒有必要當然就不要開啟 modem power on
會使滑鼠便慢可能是共享IRQ不當所致
(不過一般來講滑鼠的IRQ是獨享的，這點真正問題在網路上不容易判讀...)

至於上網問題病毒/木馬是有可能拖累

開啟Windows 檔案總管 -> 工具 -> 資料夾選項 -> 檢視
"顯示所有檔案及資料夾" 取消 "隱藏保護的作業系統檔案"
再請到
C:\Documents and Settings\<你的帳號名稱>\Local Settings\Temp
看有無隱藏的檔案

隱藏的檔案字體顏色會呈現淡色的

不管是否有問題按 Ctrl+A 全選
一般來講此時防毒軟體會偵測是否有木馬或病毒檔
(.....先講到這裡)

經版主這麼一講我就去察看看我的svchost.exe 有幾個再跑
結果好死不死有六各多你說的一個= =
敢問這東西是幹麻的@@?
又問聽你的語氣只是可能並不代表一定中毒??

plunderer · 2007-04-25, 04:55 PM

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

"Crawler" 很有問題, 上面這些要勾選並選擇修復
然後把
C:\Program Files\Common Files\Microsoft Shared\Web Folders\
C:\Program Files\Crawler\
這兩個目錄及裡面所有檔案刪除或卸載

O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: ipp - (no CLSID) - (no file)
這兩行檔案已不在了, 也可修復

還有, SpySweeper.exe, Spyware Terminator, winpatrol.exe 這三個同質性太高了, 最好別同時用(何況你還有裝防毒軟體)

plunderer · 2007-04-25, 05:09 PM

引用:

作者: luciferboy

經版主這麼一講我就去察看看我的svchost.exe 有幾個再跑
結果好死不死有六各多你說的一個= =
敢問這東西是幹麻的@@?
又問聽你的語氣只是可能並不代表一定中毒??

有些系統服務是以 svchost.exe 啟動的, 所以服務啟用多, svchost.exe 執行程序自然就多

再者, svchost.exe 若不是在 c:\windows\system32 目錄內, 那肯定有問題
還有要注意是否是 "變形" 檔名, 例如 "svch0st.exe"

mini · 2007-04-25, 07:15 PM

因為剛好今天查到自己中X了
並自行解除
(用最新版的F-secure只能治標不能治本，超級兔子也無用...)

所以特別提出 svchost.exe 之問題
其實搜尋引擎找一下有很多解釋文
有沒有毒請將以下文字存成find.bat檔 (執行後會開啟記事本，請將內容貼出來)

regedit /e search1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
type search1.txt >> look.txt
del search*.txt
start notepad look.txt

=================

svchost.exe 的作用就是同 .dll檔一樣 "節約"
有無毒透過與
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
下的資料值解釋 + google
可以大概判讀是否有問題

shizuka0223 · 2007-04-26, 10:09 AM

最近覺得我電腦怪怪的....煩請看一下是否有問題......

ps:我有開滿多服務的....ex. maild,ftpd,掛通訊軟體等....但是還滿注意使用安全的....

-----------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,\
00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,75,00,70,00,6e,00,70,00,\
68,00,6f,00,73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,\
00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,\
00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,\
70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,48,00,69,\
00,64,00,53,00,65,00,72,00,76,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,\
72,00,69,00,70,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4c,00,61,00,6e,\
00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,4c,00,61,00,\
6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,00,65,00,\
63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,\
00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,\
53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,\
00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,\
54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,32,00,54,00,69,00,6d,\
00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6d,00,69,00,\
00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,77,00,69,00,6e,\
00,6d,00,67,00,6d,00,74,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,\
00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,\
00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,\
65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,\
00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

poss · 2007-04-26, 11:31 AM

這是我的網路使用,應該沒有多餘的服務,我使用上是很小心的
<?xml version="1.0" ?>
- <rss version="0.91">
- <channel>
<title>NirSoft - Freeware Utilities</title>
<link>http://www.nirsoft.net</link>
<description>Freeware system utilities and password recovery tools for Windows</description>
<language>en-us</language>
- <item>
<title>Update: MessenPass v1.10</title>
<link>http://www.nirsoft.net/utils/mspass.html</link>
<description>MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: MSN Messenger, Windows Messenger (In Windows XP), Windows Live Messenger (In Windows XP And Vista), Yahoo Messenger (Version 5.x/6.x), ICQ Lite 4.x/2003, AOL Instant Messenger, AOL Instant Messenger/Netscape 7, Trillian, Miranda, and GAIM.</description>
</item>
- <item>
<title>Update: Beta version of Volumouse v1.50</title>
<link>http://www.nirsoft.net/utils/volumouse_beta.html</link>
<description>Beta version of Volumouse v1.50 that fully supports Windows Vista is now available to download.</description>
</item>
- <item>
<title>Update: Network Password Recovery v1.10</title>
<link>http://www.nirsoft.net/utils/network_password_recovery.html</link>
<description>When you connect to a network share on your LAN or to your .NET Passport/Messenger account, Windows XP/Vista allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user.</description>
</item>
- <item>
<title>Update: WirelessKeyView v1.10</title>
<link>http://www.nirsoft.net/utils/wireless_key.html</link>
<description>WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.</description>
</item>
- <item>
<title>Update: DLL Export Viewer v1.10</title>
<link>http://www.nirsoft.net/utils/dll_export_viewer.html</link>
<description>This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memoery address. When this function is called, the debugger will stop in the beginning of this function.</description>
</item>
- <item>
<title>Update: Mail PassView v1.38</title>
<link>http://www.nirsoft.net/utils/mailpv.html</link>
<description>Recovers the passwords and other email accounts information of the following email applications: Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free, and Web-based email accounts.</description>
</item>
- <item>
<title>Update: IE PassView v1.04</title>
<link>http://www.nirsoft.net/utils/internet_explorer_password.html</link>
<description>IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0</description>
</item>
- <item>
<title>New: NK2View v1.00</title>
<link>http://www.nirsoft.net/utils/outlook_nk2_autocomplete.html</link>
<description>This utility reads the AutoComplete file of Outlook (with .NK2 extension), displays all email records stored in it, and allows you to easily export these records into text/html/xml file.</description>
</item>
- <item>
<title>Update: FavoritesView v1.10</title>
<link>http://www.nirsoft.net/utils/faview.html</link>
<description>FavoritesView displays the list of all your Favorties (of Internet Explorer browser) and bookmarks (of Netscape/Mozilla browsers) in a single page. Each line in the list specifies the title of the item, the URL address, the created/modified date of the bookmark item, and the folder name.</description>
</item>
- <item>
<title>Update: CurrPorts v1.11</title>
<link>http://www.nirsoft.net/utils/cports.html</link>
<description>CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.</description>
</item>
- <item>
<title>Update: NetResView v1.10</title>
<link>http://www.nirsoft.net/utils/netresview.html</link>
<description>NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares.</description>
</item>
- <item>
<title>New: Remote Dekstop PassView v1.00</title>
<link>http://www.nirsoft.net/utils/remote_desktop_password.html</link>
<description>Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop utility inside .rdp files.</description>
</item>
</channel>
</rss>

mini · 2007-04-26, 09:33 PM

引用:

作者: shizuka0223

最近覺得我電腦怪怪的....煩請看一下是否有問題......

ps:我有開滿多服務的....ex. maild,ftpd,掛通訊軟體等....但是還滿注意使用安全的....

看起來是沒問題
這還需要比對 windows 服務及啟動
才可判斷...

shizuka0223 · 2007-04-27, 12:37 PM

引用:

作者: mini

看起來是沒問題
這還需要比對 windows 服務及啟動
才可判斷...

這兩個都可以看到....沒問題....感謝您的回答...

給您送朵花!!

2007-04-23, 11:37 PM	#1
Hill 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	求助 - 騎著木馬的人我是新手, 請問有沒有大大可以幫忙? 多多指教 1)若以modem power on 的狀態啟動電腦, 老鼠反應就會很慢; 相反power off 則不會. 2)連線後, 打開IE卻需 "花長時間來打開"/"不能打開" 網頁. 2)電腦間歇性不能正常啟動. 3)運作時自動當機. 4)關機很慢. 5)一向都裝了AVAST4.7, 最近加增了Registry Cleaner, WinPatrol, Spyware Terminator...但都搞不定唷~ 以下是HIJACKTHIS log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:24:59, on 23/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe X:\Program Files\Alwil Software\Avast4\aswUpdSv.exe X:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\MsPMSPSv.exe X:\Program Files\Alwil Software\Avast4\ashMaiSv.exe X:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE X:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\devldr32.exe X:\Program Files\Speed Startup\speedstartup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - X:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [avast!] X:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\RunOnce: [SpeedStartup] X:\Program Files\Speed Startup\speedstartup.exe runonce O4 - HKCU\..\Run: [SpeedStartup] X:\Program Files\Speed Startup\speedstartup.exe bootup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O8 - Extra context menu item: Convert for CLI - x:\Program Files\Sony\Image Converter\menu.htm O8 - Extra context menu item: Convert for CLIE - X:\Program Files\Sony\Image Converter\menu.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://X:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Program Files\ICQLite\ICQLite.exe O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{63B63680-1BBF-4811-8F8B-3E8C53A24594}: NameServer = 218.102.62.71 205.252.144.126 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - X:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - X:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - X:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - X:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 7434 bytes 有得救嗎?
Hill 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-04-25, 03:46 PM	#2 (permalink)
mini 管理版主榮譽勳章勳章總數17 UID - 4144 在線等級: 註冊日期: 2002-12-07 文章: 13341 精華: 0 現金: 26444 金幣資產: 3024304 金幣	病毒的可能不無按 Delete+Alt+Ctrl 選處理程序按一下影像名稱向下找到 svchost.exe 看看有幾個 XP超過 5個就可能有問題至於第一個問題沒有必要當然就不要開啟 modem power on 會使滑鼠便慢可能是共享IRQ不當所致 (不過一般來講滑鼠的IRQ是獨享的，這點真正問題在網路上不容易判讀...) 至於上網問題病毒/木馬是有可能拖累開啟Windows 檔案總管 -> 工具 -> 資料夾選項 -> 檢視 "顯示所有檔案及資料夾" 取消 "隱藏保護的作業系統檔案" 再請到 C:\Documents and Settings\<你的帳號名稱>\Local Settings\Temp 看有無隱藏的檔案隱藏的檔案字體顏色會呈現淡色的不管是否有問題按 Ctrl+A 全選一般來講此時防毒軟體會偵測是否有木馬或病毒檔 (.....先講到這裡)

	送花文章: 2013, 收花文章: 8001 篇, 收花: 26805 次

2007-04-25, 03:58 PM	#3 (permalink)
不飛論壇主管榮譽勳章勳章總數19 UID - 236817 在線等級: 註冊日期: 2002-12-05 VIP期限: 無限期住址: 鄭燮之板橋文章: 14345 精華: 5 現金: 13161 金幣資產: 2914062 金幣	請問您是否安裝兩套以上防毒軟體而且是開機時就啟動 ?
	__________________ 不飛的不飛 ... 因為曾經端座在雲霄之上 ... 所以不飛，因為期待您能與不飛抬頭共列翱翔天昊 ... 所以更是不飛 ! 不飛不想飛 ... 畢竟殘破雙翼在苔階沾濕 ... 所以低頭，只好安靜地蹲在這練習 ... 學習要如何才能飛的更高更遠 ! 不飛不曾飛 ... 終於知道青澀期代表蒼狗 ... 所以情殤，一甲子的意境等於六十年的期盼的凝固 ... 所以就此棲巢 !
	送花文章: 959, 收花文章: 7607 篇, 收花: 53000 次

2007-04-25, 04:55 PM	#5 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll "Crawler" 很有問題, 上面這些要勾選並選擇修復然後把 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ C:\Program Files\Crawler\ 這兩個目錄及裡面所有檔案刪除或卸載 O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: ipp - (no CLSID) - (no file) 這兩行檔案已不在了, 也可修復還有, SpySweeper.exe, Spyware Terminator, winpatrol.exe 這三個同質性太高了, 最好別同時用(何況你還有裝防毒軟體)
	__________________ 刑天舞干戚
	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-04-25, 07:15 PM	#7 (permalink)
mini 管理版主榮譽勳章勳章總數17 UID - 4144 在線等級: 註冊日期: 2002-12-07 文章: 13341 精華: 0 現金: 26444 金幣資產: 3024304 金幣	因為剛好今天查到自己中X了並自行解除 (用最新版的F-secure只能治標不能治本，超級兔子也無用...) 所以特別提出 svchost.exe 之問題其實搜尋引擎找一下有很多解釋文有沒有毒請將以下文字存成find.bat檔 (執行後會開啟記事本，請將內容貼出來) regedit /e search1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" type search1.txt >> look.txt del search*.txt start notepad look.txt ================= svchost.exe 的作用就是同 .dll檔一樣 "節約" 有無毒透過與 "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" 下的資料值解釋 + google 可以大概判讀是否有問題

	送花文章: 2013, 收花文章: 8001 篇, 收花: 26805 次

2007-04-26, 10:09 AM	#8 (permalink)
shizuka0223 註冊會員榮譽勳章勳章總數2 UID - 205589 在線等級: 註冊日期: 2005-08-17 VIP期限: 2008-10 文章: 156 精華: 0 現金: 5569 金幣資產: 5569 金幣	最近覺得我電腦怪怪的....煩請看一下是否有問題...... ps:我有開滿多服務的....ex. maild,ftpd,掛通訊軟體等....但是還滿注意使用安全的.... ----------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] "HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\ 00,00,00,00,00 "LocalService"=hex(7):57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,\ 00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,75,00,70,00,6e,00,70,00,\ 68,00,6f,00,73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,\ 00,00,00 "NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\ 00,00 "netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\ 6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\ 00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\ 53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,44,00,48,00,43,00,50,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,\ 00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,\ 70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,48,00,69,\ 00,64,00,53,00,65,00,72,00,76,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,\ 72,00,69,00,70,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4c,00,61,00,6e,\ 00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,4c,00,61,00,\ 6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\ 00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,4e,00,6c,00,\ 61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\ 00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\ 4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\ 00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\ 00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\ 00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,00,65,00,\ 63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,\ 00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,\ 53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,\ 00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,\ 54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,32,00,54,00,69,00,6d,\ 00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6d,00,69,00,\ 00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,77,00,69,00,6e,\ 00,6d,00,67,00,6d,00,74,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,\ 00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,\ 00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,\ 65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,\ 00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00 "DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\ 00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\ 00,00,00,00 "rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00 "termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\ 65,00,00,00,00,00 "WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\ 00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch] "CoInitializeSecurityParam"=dword:00000001 "DefaultRpcStackSize"=dword:00000008 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter] "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService] "CoInitializeSecurityParam"=dword:00000001 "AuthenticationCapabilities"=dword:00002000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs] "CoInitializeSecurityParam"=dword:00000001 "AuthenticationCapabilities"=dword:00003020 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth] "CoInitializeSecurityParam"=dword:00000002 "AuthenticationCapabilities"=dword:00000040 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs] "CoInitializeSecurityParam"=dword:00000001 "DefaultRpcStackSize"=dword:00000008

	送花文章: 22, 收花文章: 4 篇, 收花: 7 次

2007-04-26, 11:31 AM	#9 (permalink)
poss 長老會員榮譽勳章勳章總數9 UID - 42666 在線等級: 註冊日期: 2003-02-25 住址: 台北縣文章: 1164 精華: 1 現金: 10080 金幣資產: 26936 金幣	這是我的網路使用,應該沒有多餘的服務,我使用上是很小心的 <?xml version="1.0" ?> - <rss version="0.91"> - <channel> <title>NirSoft - Freeware Utilities</title> <link>http://www.nirsoft.net</link> <description>Freeware system utilities and password recovery tools for Windows</description> <language>en-us</language> - <item> <title>Update: MessenPass v1.10</title> <link>http://www.nirsoft.net/utils/mspass.html</link> <description>MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: MSN Messenger, Windows Messenger (In Windows XP), Windows Live Messenger (In Windows XP And Vista), Yahoo Messenger (Version 5.x/6.x), ICQ Lite 4.x/2003, AOL Instant Messenger, AOL Instant Messenger/Netscape 7, Trillian, Miranda, and GAIM.</description> </item> - <item> <title>Update: Beta version of Volumouse v1.50</title> <link>http://www.nirsoft.net/utils/volumouse_beta.html</link> <description>Beta version of Volumouse v1.50 that fully supports Windows Vista is now available to download.</description> </item> - <item> <title>Update: Network Password Recovery v1.10</title> <link>http://www.nirsoft.net/utils/network_password_recovery.html</link> <description>When you connect to a network share on your LAN or to your .NET Passport/Messenger account, Windows XP/Vista allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user.</description> </item> - <item> <title>Update: WirelessKeyView v1.10</title> <link>http://www.nirsoft.net/utils/wireless_key.html</link> <description>WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.</description> </item> - <item> <title>Update: DLL Export Viewer v1.10</title> <link>http://www.nirsoft.net/utils/dll_export_viewer.html</link> <description>This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memoery address. When this function is called, the debugger will stop in the beginning of this function.</description> </item> - <item> <title>Update: Mail PassView v1.38</title> <link>http://www.nirsoft.net/utils/mailpv.html</link> <description>Recovers the passwords and other email accounts information of the following email applications: Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free, and Web-based email accounts.</description> </item> - <item> <title>Update: IE PassView v1.04</title> <link>http://www.nirsoft.net/utils/internet_explorer_password.html</link> <description>IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0</description> </item> - <item> <title>New: NK2View v1.00</title> <link>http://www.nirsoft.net/utils/outlook_nk2_autocomplete.html</link> <description>This utility reads the AutoComplete file of Outlook (with .NK2 extension), displays all email records stored in it, and allows you to easily export these records into text/html/xml file.</description> </item> - <item> <title>Update: FavoritesView v1.10</title> <link>http://www.nirsoft.net/utils/faview.html</link> <description>FavoritesView displays the list of all your Favorties (of Internet Explorer browser) and bookmarks (of Netscape/Mozilla browsers) in a single page. Each line in the list specifies the title of the item, the URL address, the created/modified date of the bookmark item, and the folder name.</description> </item> - <item> <title>Update: CurrPorts v1.11</title> <link>http://www.nirsoft.net/utils/cports.html</link> <description>CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.</description> </item> - <item> <title>Update: NetResView v1.10</title> <link>http://www.nirsoft.net/utils/netresview.html</link> <description>NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares.</description> </item> - <item> <title>New: Remote Dekstop PassView v1.00</title> <link>http://www.nirsoft.net/utils/remote_desktop_password.html</link> <description>Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop utility inside .rdp files.</description> </item> </channel> </rss> 此帖於 2007-04-26 12:28 PM 被 poss 編輯.
	__________________ TCP options string: 020405a001010402 MSS: 1440 MTU: 1480 TCP Window: 46080 (multiple of MSS) RWIN Scaling: 0 Unscaled RWIN : 46080 Reccomended RWINs: 63360, 126720, 253440, 506880 BDP limit (200ms): 1843kbps (230KBytes/s) BDP limit (500ms): 737kbps (92KBytes/s)
	送花文章: 671, 收花文章: 415 篇, 收花: 4011 次

Google 提供的廣告