RegScanner is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria,and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item. You can also export the found Registry values into a .reg file that can be used in RegEdit.
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
其实普通用户没多大用,可以记录进程的所有动作
[attach]101276[/attach]
⑤Process Explorer
[attach]101309[/attach]
可代替系统任务管理器,以进程树形式显示
[attach]101310[/attach]
⑥DTaskManager
[attach]101275[/attach]
DTaskManager is, obviously, a Task Manager. It has been designed specifically to furnish a series of advanced functionalities above those provided by the Windows Task Manager, while providing all of the functionality of the Windows Task Manager. It also maintains a similar look and feel.
虚拟内存显示的数据有点问题,可代替系统任务管理器,杀进程功能很强大,分多个级别结束进程
ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in comprehensive way. Information like installed drivers and applications, network connections or important registry entries can help you to investigate suspicious system behavior be it due to software or hardware incompatibility or malware infection.
日志超级详细,可惜只能看,不能用他来修改设置
感谢卡饭的汉化作者
[attach]101283[/attach]
㈤ 反黑利器
① RootkitRevealer
[attach]101281[/attach]
Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive (a hive file is the Registry's on-disk storage format). Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures.