查看積分策略說明發表回覆
Discuz! 代碼
提示插入
直接插入
說明訊息

插入粗體文本 插入斜體文本 插入下劃線 置中對齊 插入超級連結 插入信件位址 插入圖像 插入 flash 插入代碼 插入引言 插入列表
刪除線 直線分隔線 虛線分隔線
    
添加文字底框
內容 [字數檢查]:

表情符號

更多 Smilies
字型大小 |||
溫馨提示:本區開放遊客瀏覽。


文章關鍵字 : [功能說明]
(關鍵字可加強搜索準確性, 如關鍵字多於一組, 請以 , 作分隔, e.g. : 阿笨,shiuh,第一笨)

 關閉 URL 識別 | html 禁用
 關閉 表情符號 | 表情符號 可用
 關閉 Discuz! 代碼 | Discuz! 代碼 可用
使用個人簽名
接收新回覆信件通知
推薦放檔網絡空間

檔案(Torent, zip等)
  1. freedl
  2. multiupload
  3. btghost
  4. 便當狗
  5. mediafire
  6. pillowangel
圖片(JPG, GIF等)
  1. hotimg
  2. tinypic
  3. mousems2
  4. imageshack
  5. imm.io
>>>歡迎推薦好用空間


最新10篇文章回顧
Sato

 發表於 2008-8-13 03:54 PM


引用:
ken91寫到:
我電腦開了一堆svchost.exe,請問可以關一些嗎?


到底能不能停止svchost.exe這程式,我對系統也沒甚麼研究,不過透過下面的圖可以知道svchost.exe是在提供系統服務,可能由很多個svchost.exe程序組成,每個程序內包含了很多不同的服務,除非很清楚確定這個服務沒有在使用,不然隨意停止或關閉svchost.exe的話,可能會造成系統有非預期的錯誤產生。


揭開 svchost.exe 程序之謎

svchos.exe是 NT 核心系統的非常重要的程序,對於2000、XP 來說,不可或缺。很多病毒、木馬也會使用它。

        在基於 NT 核心的 Windows作業系統家族中,不同版本的 Windows系統,存在不同數量的「svchost」程序,用戶使用「工作管理員」可查看其程序數目。一般來說,win2000有兩個svchost程序,Windows XP中則有四個或四個以上的svchost程序(以後看到系統中有多個這種程序,千萬別立即判定系統有病毒了喲),而win2003 server中則更多。這些svchost程序提供很多系統服務,如:rpcss服務(remote procedure call)、dmserver服務(logical disk manager)、dhcp服務(dhcp client)等。

    如果要瞭解每個svchost程序到底提供了多少系統服務,可以在win2000的命令提示符窗口中輸入「tlist -s」命令來查看,該命令是win2000 support tools提供的。在winxp則使用「tasklist /svc」命令。

http://www.ithome.com.tw/itadm/article.php?c=45184
http://www.bbsfans.com/tcbb/view ... 1583&highlight=

註:利用軟體Process Explorer 也可以查看監看系統目前的處理程序

[Sato 在  2008-8-13 04:10 PM 作了最後編輯]


ken91

 發表於 2008-8-12 09:01 PM

我電腦開了一堆svchost.exe,請問可以關一些嗎?


deep_dream

 發表於 2008-7-31 01:07 AM

你是Sony的NB的話,好像不是直接做還原磁區,ACER的好像就是有直接做還原磁區~
不過NB的話,還原一下不會很麻煩的,只是要記得備分資料唷~
(現在的NB廠商都很懶,為了省錢,連光碟片都懶得給了,想要還原,請自己準備光碟燒吧~)

[deep_dream 在  2008-7-31 01:08 AM 作了最後編輯]


katsudon

 發表於 2008-7-29 08:10 PM

All attempt failed.  Format and Re-install Windows   . . . .


katsudon

 發表於 2008-7-26 10:27 PM

應該不是硬碟壞掉, 我用XPE開機硬碟讀寫速度就相當正常. 就按版主所說,砍掉一些常駐看看吧.
不過我認為問題的根本還是有沒清乾淨的東西. 因為症狀是中毒之後才出現的


chaeung

 發表於 2008-7-25 11:23 PM

個人獨斷的偏見:

哇哩咧... 所有能常駐的全都常駐了, 你這台是SONY的NB吧? 粗粗一看把不要的全消掉至少省個384~512MB的RAM, 資源全被吃了再中木馬當然明顯變慢...

1.工作管理員的處理程序數量, 桌機30~40, NB最好也不要超過40, 費電又耗資源.
2.在桌面[我的電腦]按右鍵選[服務], 將一些不必要的服務改成停止或手動, 優化項目請自行拜孤狗大神.
3.沒時間慢慢view
  3-1.以下能拿掉就全拿掉, NB要用無線的話可以保留Wireless有關的.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\0Util\Hard\Mouse\SetPoint\LBTWiz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\nwtray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
  3-2.正常執行的程序別拿來開玩笑
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\0Apps\Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\0Media\Real Alternative\Media Player Classic\mplayerc.exe

大致如此.

以上


katsudon

 發表於 2008-7-25 08:05 PM

多謝指點! 我試試看!


mmcatdog

 發表於 2008-7-25 07:32 PM

個人感覺 你可試試看將藍牙的設備關閉看看 有發生過的經驗
但你用vaio也真是高級 但也有可能是硬碟快壞了 送修看看
我的最新款 77 就發生過用不到2週就損毀 sony給的答案是新的雙規硬碟問題比較多


edwardfr

 發表於 2008-7-25 09:51 AM

把多餘的自啟動項關閉,
Bluetooth你有經常用嗎?
spoolsv這個是打印機進程,你平時要使用打印機嗎?不用就關了這個service。
C:\Program Files\Intel\Wireless\* //如果你要無線網路,請開啟
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
這三個都可以關掉。
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
這兩個記得是快捷鍵,無用...
C:\WINDOWS\system32\igfxsrvc.exe
好像是集顯的東西...無用...
C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe
這個不要設置成自啟...Unlocker自動加載進explorer裡的。
還有很多都是可以關閉的...

其它看不出什麼問題,看看有沒有無用的DLL加載以及Active X

呃,一下子說不完,建議清理一下OS吧。


katsudon

 發表於 2008-7-25 04:10 AM

這是Spybot 讀出來的東西:


2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-07-24 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2007-11-07 Includes\Revision.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
   file: C:\WINDOWS\ALCMTR.EXE
   size: 69632
    MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
   file: C:\Program Files\Apoint\Apoint.exe
   size: 118784
    MD5: 6FC8ECA367679C2AEBBA09A416B4C18D

Located: HK_LM:Run, AVP
command: "C:\Program Files\KIS\avp.exe"
   file: C:\Program Files\KIS\avp.exe
   size: 227856
    MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
   file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
   size: 53248
    MD5: EAF4EE7C73FB0784F2C128029C1ACE1C

Located: HK_LM:Run, Bluetooth Connection Assistant
command: LBTWIZ.EXE -silent
   file: LBTWIZ.EXE
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
   file: C:\WINDOWS\system32\hkcmd.exe
   size: 162328
    MD5: 1C930A2C9A0A268F772126F33FF346F1

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
   file: C:\WINDOWS\system32\igfxtray.exe
   size: 141848
    MD5: B680B44AFD06C6E1982F04BEFAF5CBDB

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
   file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
   size: 208952
    MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
   file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
   size: 974848
    MD5: 287C76D06B7FBAD32FA064B007F17AC1

Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
   file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
   size: 823296
    MD5: 8EB1CB906CA03ECCFBBE0217113C154A

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
   file: C:\WINDOWS\KHALMNPR.EXE
   size: 56080
    MD5: F2F64E6B1A67623E5B6C0195816B1644

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
   file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
   size: 59392
    MD5: 1B17E09C1223F6D17336D2DD7A1AF4F4

Located: HK_LM:Run, OPT Drive Power Saving
command: "C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE"
   file: C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE
   size: 1486848
    MD5: F79A4EAF1DC2F0ECD08265D7AD142984

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
   file: C:\WINDOWS\system32\igfxpers.exe
   size: 137752
    MD5: 8553A8EFB0E9FF953065029A64D747B9

Located: HK_LM:Run, PHIMETIPSYNC
command: C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
   file: C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE
   size: 95296
    MD5: B37D80E04823496C8E3B6067B9952C7D

Located: HK_LM:Run, PSQLLauncher
command: "C:\Program Files\Protector Suite QL\launcher.exe" /startup
   file: C:\Program Files\Protector Suite QL\launcher.exe
   size: 49168
    MD5: 612997BF385273BFA1219A399E2BA986

Located: HK_LM:Run, SonyPowerCfg
command: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
   file: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
   size: 217088
    MD5: 2467ED3DF40CA82D9359E215DCD57E31

Located: HK_LM:Run, UnlockerAssistant
command: "C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe" -H
   file: C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe
   size: 15360
    MD5: D0B7944F881639ACC626BDB13A436C55

Located: HK_LM:Run, VAIO Update 3
command: "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"  /Stationary
   file: C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
   size: 546936
    MD5: E55101F6657381FFAD01EDB6BBAD465A

Located: HK_LM:RunOnceEx, Title
command: UnHackMe Rootkit Check
   file: UnHackMe Rootkit Check
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
  where: .DEFAULT...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
  where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-21-1867029185-3722341773-3004090105-1008...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-18...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Bluetooth.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
   file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
   size: 572008
    MD5: 75A5A8115AE7D14BC08A17D0FB3DBEE5

Located: Startup (user), Nwtray.lnk
  where: C:\Documents and Settings\Chun - Yi Wu\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\nwtray.exe
   file: C:\WINDOWS\system32\nwtray.exe
   size: 28672
    MD5: 8EA25DB3B87BF8837F8799CDA811F719

Located: WinLogon, crypt32chain
command: crypt32.dll
   file: crypt32.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
   file: cryptnet.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
   file: cscdll.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
   file: igfxdev.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, klogon
command: C:\WINDOWS\system32\klogon.dll
   file: C:\WINDOWS\system32\klogon.dll
   size: 219664
    MD5: AC07C2075EC8AB38592782BAE884494C

Located: WinLogon, LBTWlgn
command: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
   file: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
   size: 72208
    MD5: 8AC3AB3F57922ED620C468EB62D88838

Located: WinLogon, psfus
command: C:\WINDOWS\system32\psqlpwd.dll
   file: C:\WINDOWS\system32\psqlpwd.dll
   size: 90112
    MD5: 5885CDA5A2614A917A42A38BC422131C

Located: WinLogon, ScCertProp
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
   file: sclgntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
   file: WlNotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, VESWinlogon
command: VESWinlogon.dll
   file: VESWinlogon.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

可否看出可疑之處?


本主題回覆較多,請 點擊這裡 檢閱。



所在時區為 GMT+8, 現在時間是 2024-11-26 04:51 AM
清除 Cookies - 連絡我們 - TWed2k © 2001-2046 - 純文字版 - 說明
Discuz! 0.1 | Processed in 0.016316 second(s), 6 queries , Qzip disabled