You are on page 1of 24

win2003 [,]

[ 2010-7-15

win2003 [,]
Vista,
win2003,
win2003 winxp

1.
-> ->
2.
-> -> -> ->

3.DirectX
-> -> dxdiag DirectX
DirectDraw Direct3D AGP
4.
-> -> gpedit.msc -> ->

5. CTRL+ALT+DEL
-> -> -> -> -> :
CTRL+ALT+DEL
-> -> control userpasswords2

6. XP
-> -> services.msc
"themes""""" -> ->
windows xp
7. CD
-> -> services.msc"IMAPI
CD-Burning COM Service""""" > ->
8.
-> -> services.msc"Windows
Image Acquisition (WIA)""""" > ->
9.
-> -> -> Error Reporting

10.


-> -> -> -> ->

11. Qos
-> -> gpedit.msc -> -> -> QoS

12. zip
-> -> regsvr32 /u zipfldr.dll
13.
-> -> ->
14.
-> -> -> Windows

15.
-> ->

16.
-> ->
17.
-> ->
18.
-> -> dxdiagDirectX

19.
Win2003 -> ->
->
20.
-> -> -> -> ->

21.
->
22.
-> ->

23. Internet Explorer


-> -> Windows Internet Explorer
24.IE7.0
Internet ->

Internet -> -> IE


Internet -> ->
Internet Explorer
25. Dr.Watson
-> -> drwtsn32

26.
-> -> gpedit.msc -> ->

26.
-> -> gpedit.msc -> ->
Windows Update
27.
-> -> -> ->

28.
-> -> regedit
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
MinAniMate 1
0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\PrefetchParameters
EnablePrefetcher 1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
WaitToKillServiceTimeout :1000
HKEY_CURRENT_USER\Control Panel\Desktop
MenuShowDelay 0 0

WaitToKillAppTimeout 1000 1
HungAppTimeout 200 0.5
AutoEndTasks 1

HKEY_LOCAL_MACHINE\SOFTWARE\MicROSoft\Windows\CurrentVersion\Explor
er
DWORD AlwaysUnloadDLL 1

HKEY_LOCAL_MACHINE\SOFTWARE\MicROSoft\Windows\CurrentVersion\Explor

er\MyComputer\NameSpace\DelegateFolders
DWORD AlwaysUnloadDLL 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update
UpdateMode 0
HKEY_USERS\.DEFAULT\Control Panel\Desktop
AutoEndTasks 1

HKEY_LOCAL_MACHINE\SOFTWARE\MicROSoft\Windows\CurrentVersion\Explor
er\RemoteComputer\NameSpace
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous 1 IPC
HKEY_LOCAL_MACHINE\SOFTWARE\MicROSoft\Windows
NT\CurrentVersion\AeDebug
Auto 0 Dr.Watson
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management
ClearPageFileAtShutdown 1

DisablePagingExecutive 1
LargeSystemCache 1
DWORD IOPageLockLimit 8000

HKEY_CURRENT_USER\Console
{59031a47-3f72-44a7-89c5-5595fe6b30ee} 0

!
->

1 C:\Documents and Settings\\Local Settings\Temp (


)
2 C:\Documents and Settings\\Cookies .txt (
Cookies )

3 C:\Documents and Settings\\Local Settings\Temporary Internet


Files\()
4 C:\Documents and Settings\\Local Settings\History\(
5 C:\Documents and Settings\\Recent\(
)
6 C:\WINDOWS\Web\Wallpaper\()
7 C:\WINDOWS\SoftwareDistribution\Download\
8 C:\WINDOWS\ServicePackFiles\ i386 ( sp1 sp2
)
9 C:\WINDOWS\Driver Cache\i386\()
10 C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\
11 C:\WINDOWS\$
12 C:\WINDOWS\Temp\()
13 C:\WINDOWS\SoftwareDistribution\Download\
14 C:\windows\system32\dllcache\ dll ( dll )
15 C:\Windows\inf\ pnf ()
16 C:\Wndows\help\(windows )
17 C:\Windows\ime\
chtimechtimeimejpimjp8_1imkr6_1 ()
18 -> -> ->
19 -> -> SFC.exe /purgecache(Windows )
20 -> -> RunDll32 advpack.dll,LaunchINFSection %Windir
%\inf\msmsgs.inf,BLC.Remove( Windows Messenger)
21 -> -> rundll32.exe setupapi,InstallHinfSection NetMtg.Remove
132 msnetmtg.inf( NetMeeting)
22
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\PrefetchParameters
EnablePrefetcher 2
del %SystemRoot%\Prefetch\*.* /q
delpf.bat
C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\
gpedit.msc
Windows
delpf.bat Prefetch

23

"/ Windows ""/


Windows "
C:\Windows\inf\sysoc.inf /"hide"
"-"
Internat
Windows messenger

24

PCMCIA
(LPT1)(COM1)
"""()"

25/
/

HKEY_LOCAL_MacHINE/SoftwareMicROSoft/Windows/CurrentVersion/Uninstall
/

26

HKEY_CURRENT_USER\Software\MicROSoft\Internet Explorer\MenuExt

27
HKLM\SOFTWARE\MicROSoft\Windows\CurrentVersion\Run
Windows Windows
Windows
28
HKEY_CURRENT_USER\Control Panel\Appearance\Schemes\
Windows ()
29
HKEY_LOCAL_MACHINE\SOFTWARE\MicROSoft\Windows\CurrentVersion\Control
Panel\Cursors\Schemes\
Windows
30
HKEY_LOCAL_MACHINE\Software\MicROSoft\Windows NT\CurrentVersion\Time
Zones\

31
HKEY_LOCAL_MACHINE\Software\MicROSoft\Windows\CurrentVersion\Telephon
y\Country List\
86
32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\
00000409 /00000804
33
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard

Layout\DosKeybCodes
00000409 /00000804
.

A:
Alerter
svchost.exe -k LocalService

Services.exe
(Administrative Alerts)
Workstation

Application Layer Gateway Service


alg.exe
Internet

Windows
XP SP2 (ICS)
(ICF)
Internt Connection Firewall (ICF) / Internet Connection Sharing
(ICS)

Application Management
svchost.exe -k netsvcs

Windows2000 msi
:

Automatic Updates
svchost.exe -k netsvcs
Windows
Windows Update
2005 4 12
SP2 WindowsXP SP2

Update

B:
Background Intelligent Transfer Service
:
: BITS

HTTP 1.1
Windows
: Remote Procedure Call (RPC) Workstation
: .
ClipBook
clipsrv.exe

Network DDE

COM+ EVEnt System (COM+ )


svchost.exe -k netsvcs
(SENS)(COM)
SENS

COM+ COM+ BootVis


C:\Program Files\ComPlus Applications
Remote Procedure Call (RPC) System EVEnt Notification

COM+ System Application


dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D00805FC79235}
COM+ COM+

COM+ EVEnt System COM+ SystemApplication


DCOM COM+
C:\Program Files\ComPlus Applications

Remote Procedure Call (RPC)

Computer Browser ()
svchost.exe -k netsvcs

Server Workstation

Cryptographic Services
svchost.exe -k netsvcs
: Windows ;
;(Key)

Windows Hardware Quality Lab (WHQL)


Automatic Updates
Remote Procedure Call (RPC)

D
DCOM Server Process Launcher
svchost -k DcomLaunch
DCOM
SP2 DCOM

flashmx,
RPC

DHCP Client
svchost.exe -k netsvcs
IP DNS
DHCP IP

AFD NetBTSYMTDITCP/IP Protocol Driver


NetBios over TCP/IP

Distributed Link Tracking Client ()


svchost.exe -k netsvcs
NTFS
A
B
4
Remote Procedure Call (RPC)

Distributed Transaction Coordinator


msdtc.exe

Message
Queuing
Remote Procedure Call (RPC) Security Accounts Manager

DNS Client
svchost.exe -k NetworkService
(DNS)
DNS Active Directory

DNS DNS
IPSEC
TCP/IP Protocol Driver

E
Error Reporting Service
svchost.exe -k netsvcs

.
Remote Procedure Call (RPC)

EVEnt Log ()
services.exe
Windows

Windows Management Instrumentation

F
Fast User Switching Compatibility
svchost.exe -k netsvcs

Terminal Services

H
Help and Support
svchost.exe -k netsvcs

Remote Procedure Call (RPC)

HTTP SSL
svchost.exe -k HTTPFilter
(SSL) HTTP
(HTTPS)
SP2

Human Interface Device Access


svchost.exe -k netsvcs
(HID)

HID

Remote Procedure Call (RPC)

IMAPI CD-Burning COM Service


imapi.exe
Image Mastering Applications Programming Interface(IMAPI) CD
CD

XP CD-R CD-RW
Nero
1.6

Indexing Service ()
cisvc.exe

Remote Procedure Call (RPC)

Internet Connection - Firewall (ICF) / Sharing (ICS)


svchost.exe
/
SP2 Windows Firewall/Internet Connection Sharing (ICS)
Application Layer Gateway ServiceNetwork
ConnectionsNetwork Location Awareness(NLA)Remote Access Connection
Manager

IPSEC Services (IP )


lsass.exe
IP ISAKMP/Oakley(IKE) IP
IP IPSec
(VPN) VPN

IPSEC driverRemote Procedure Call (RPC)TCP/IP Protocol


Driver

L
Logical Disk Manager ()
svchost.exe -k netsvcs

MicROSoft Management Console(MMC)

Plug and PlayRemote Procedure Call (RPC)Logical Disk


Manager Administrative Service

Logical Disk Manager Administrative Service (


)

dmadmin.exe /com

MicROSoft Management
Console(MMC)
Plug and PlayRemote Procedure Call (RPC)Logical Disk
Manager

M
Machine Debug Manager Service
mdm.exe
Visual Studio

Messenger
svchost.exe -k netsvcs
NET SEND Alerter
Windows Messenger Alerter

net send

NetBIOS InterfacePlug and PlayRemote Procedure Call


(RPC)Workstation

MS Software Shadow Copy Provider


dllhost.exe /Processid:{ED4B06E8-12C4-4351-BA072B43EB72B786}

MS Backup

Remote Procedure Call (RPC)

N
Net Logon
lsass.exe
pass-through
Domain
Controller

Workstation

NetMeeting Remote Desktop Sharing


mnmsrvc.exe
NetMeeting intranet

NetMeeting
NetMeeting

Network Connections
svchost.exe -k netsvcs

Remote Procedure Call (RPC)Internet Connection Firewall


(ICF) / Internet Connection Sharing (ICS)

Network DDE
netdde.exe
(DDE)
DDE

DDE
Network DDE DSDMClipBook

Network DDE DSDM


netdde.exe
(DDE)DDE

DDE DSDM
Network DDE

Network Location Awareness (NLA)


svchost.exe -k netsvcs

ICF ICS ICS/ICF ()

AFD TCP/IP Procotol DriverInternet Connection

Firewall (ICF) / Internet Connection Sharing (ICS)

Network Provisioning Service


svchost.exe -k netsvcs
XML

NT LM Security Support Provider


lsass.exe
(RPC)
NTLM Message Queuing Telnet Server

Telnet

P
Performance Logs and Alerts
smlogsvc.exe

Plug and Play


services.exe

PNP PNP

Logical Disk ManagerLogical Disk Manager Administrative


ServiceMessengerSmart CardTelephonyWindows Audio

Portable Media Serial Number Service


svchost.exe -k netsvcs
RetriEVEs the serial number of any portable media player connected
to this computer. If this service is stopped, protected content might not be
down loaded to the device.
WmdmPmSN()

MP3MD Svchost.exe

Print Spooler
spoolsv.exe

Remote Procedure Call (RPC)

Protected Storage
lsass.exe
()

Outlook

Remote Procedure Call (RPC)

Q
QoS RSVP
rsvp.exe
(QoS)

QoS RSVP 20% 802.1p


ACS server
AFD TCP/IP Procotol DriverRemote Procedure Call
(RPC)

R
Remote Access Auto Connection Manager
svchost.exe -k netsvcs
DNS NetBIOS

DSL/Cable
Remote Access Connection ManagerTelephony

Remote Access Connection Manager


svchost.exe -k netsvcs


TelephonyInternet Connection Firewall (ICF) / Internet
Connection Sharing (ICS)Remote Access Auto Connection Manager

Remote Desktop Help Session Manager


sessmgr.exe

Remote Procedure Call (RPC)

Remote Procedure Call (RPC)


svchost -k rpcss
(endpoint mapper) RPC

Remote Procedure Call (RPC) Locator


locator.exe
RPC

Workstation

Remote Registry
svchost.exe -k LocalService

Remote Procedure Call (RPC)

Removable Storage
svchost.exe -k netsvcs

Zip USB Tape

Remote Procedure Call (RPC)

Routing and Remote Access


svchost.exe -k netsvcs

VPN

Remote Procedure Call (RPC)NetBIOSGroup

S
Secondary Logon
svchost.exe -k netsvcs

Seclogon()

WindowsXP svchost.exe

Security Accounts Manager


lsass.exe

(gpedit.msc)
Remote Procedure Call (RPC)Distributed Transaction
Coordinator

Security Center
svchost.exe -k netsvcs

SP2

Server
svchost.exe -k netsvcs

/
Computer Browser

Shell Hardware Detection


svchost.exe -k netsvcs

CD DVD
Remote Procedure Call (RPC)

Smart Card
SCardSvr.exe

Windows XP PC
1.4
Plug and Play

Smart Card Helper


SCardSvr.exe
(legacy)

Windows XP PC

SSDP Discovery Service


svchost.exe -k LocalService
UPnP
(Universal Plug and PlayUPnP)
TCP/IP
UPnP

Universal Plug and Play Device Host

System EVEnt Notification


svchost.exe -k netsvcs
Windows
COM+(subscriber)
// /

COM+ EVEnt System

System Restore Service


svchost.exe -k netsvcs

Remote Procedure Call (RPC)

T
Task Scheduler
svchost.exe -k netsvcs

Remote Procedure Call (RPC)

TCP/IP NetBIOS Helper


svchost.exe -k LocalService
TCP/IP NetBIOS (NetBT) NetBIOS
NetBios WINS

AFD NetBt

Telephony
svchost.exe -k netsvcs
TAPI LAN
IP
DSL/Cable

Plug and PlayRemote Procedure Call (RPC)Remote Access


Connection ManagerRemote Access Auto Connection Manager

Telnet
tlntsvr.exe
TCP/IPTelnet

UNIX Windows

Telnet BBS
BBS dos Telnet
2
NT LM Security Support ProviderRemote Procedure Call
(RPC)TCP/IP Protocol Driver

Terminal Services
svchost -k DComLaunch

( )

Remote Procedure Call (RPC)Fast User Switching


CompatibilityInteractiveLogon

Themes
svchost.exe -k netsvcs

U
Uninterruptible Power Supply
ups.exe
(UPS)
(UPS)

Universal Plug and Play Device Host


svchost.exe -k LocalService

(Universal Plug and Play,UPnP)

SSDP Discovery Service

V
Volume Shadow Copy
vssvc.exe

MS
Backup
Remote Procedure Call (RPC)

WebClient
svchost.exe -k LocalService
Windows Internet

WebDAV Web
.net
WebDav Client Redirector

Windows Audio
svchost.exe -k netsvcs
Windows

Plug and PlayRemote Procedure Call (RPC)

W
Windows Firewall/Internet Connection Sharing (ICS)
svchost.exe -k netsvcs
/
SP2 SP2 Internet Connection Firewall (ICF)
/ Internet Connection Sharing (ICS)(ICS)
Network Connections

Windows Image Acquisition (WIA)


svchost.exe -k imgsvc

WIA

Remote Procedure Call (RPC)

Windows Installer
msiexec.exe /V
Windows (*.msi)

Remote Procedure Call (RPC)

Windows Management Instrumentation


svchost.exe -k netsvcs

Windows

EVEnt LogRemote Procedure Call (RPC)

Windows Management Instrumentation Driver Extensions


svchost.exe -k netsvcs

Windows Management Instrumentation

Windows Time
svchost.exe -k netsvcs

Wireless Zero Configuration


svchost.exe -k netsvcs
802.11

NDIS Usermode I/O ProtocolRemote Procedure Call (RPC)

WMI Performance Adapter


wmiapsrv.exe
WMI HiPerf

Remote Procedure Call (RPC)

Workstation
svchost.exe -k netsvcs

AlerterBackground Intelligent Transfer ServiceComputer


BrowserMessengerNet LogonRemote Procedure Call (RPC) Locator