【回复“天天泡泡”的帖子】
不好使，不管用

中止了1个与services.exe有关的服务，plug and play,好用，就是不能用usb接口

rocessPIDCPUDescriptionCompany Name
System Idle Process093.27
Interruptsn/aHardware Interrupts
DPCsn/aDeferred Procedure Calls
System40.96
  SMSS.EXE584Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE652Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE676Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE7242.88Services and Controller appMicrosoft Corporation
    SVCHOST.EXE892Generic Host Process for Win32 ServicesMicrosoft Corporation
      TIMPlatform.exe184TIMPlatformtencent
    CCenter.exe992CCenterBeijing Rising Technology Co., Ltd.
    SVCHOST.EXE1008Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1216Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1248Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe1260RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1548Rising RavStubBeijing Rising Technology Co., Ltd.
    rfwsrv.exe1312Rising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.
      RFWMAIN.EXE632Rising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1624Spooler SubSystem AppMicrosoft Corporation
    ATI2EVXX.EXE1724
    SVCHOST.EXE1780Generic Host Process for Win32 ServicesMicrosoft Corporation
    LSASS.EXE736LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE572Windows ExplorerMicrosoft Corporation
ATIPTAXX.EXE964ATI Desktop Control PanelATI Technologies, Inc.
SynTPLpr.exe972TouchPad Driver Helper ApplicationSynaptics, Inc.
SynTPEnh.exe980Synaptics TouchPad EnhancementsSynaptics, Inc.
RavTask.exe1028RavTimerBeijing Rising Technology Co., Ltd.
  RavMon.exe1072RavMonBeijing Rising Technology Co., Ltd.
  iexplore.exe1824Internet ExplorerMicrosoft Corporation
CTFMON.EXE1076CTF LoaderMicrosoft Corporation
MSMSGS.EXE1148MessengerMicrosoft Corporation
POWERPNT.EXE940
iexplore.exe196Internet ExplorerMicrosoft Corporation
regedit.exe636Registry EditorMicrosoft Corporation
procexp.exe16042.88Sysinternals Process ExplorerSysinternals
QQ.EXE524QQTENCENT

Process: SERVICES.EXE Pid: 724

TypeName
Desktop\Default
Directory\Windows
Directory\BaseNamedObjects
Directory\KnownDlls
Event\BaseNamedObjects\SC_AutoStartComplete
Event\BaseNamedObjects\SvcctrlStartEvent_A3752DX
Event\BaseNamedObjects\ScNetDrvMsg
Event\BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event\BaseNamedObjects\userenv:  User Profile setup event
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\scerpc
File\Device\NamedPipe\scerpc
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe1
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe2
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe3
File\Device\NamedPipe\net\NtControlPipe0
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe4
File\Device\NamedPipe\net\NtControlPipe5
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe6
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe7
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe8
File\Device\NamedPipe\net\NtControlPipe9
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\net\NtControlPipe10
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
File\Device\NamedPipe\ntsvcs
FileC:\WINDOWS\system32\
KeyHKLM\SYSTEM\ControlSet003\Control\NetworkProvider\Order
KeyHKLM\SYSTEM\ControlSet003\Control\ServiceGroupOrder
KeyHKLM
KeyHKLM\SYSTEM\ControlSet003\Control\ServiceCurrent
KeyHKU
KeyHKU\S-1-5-20
KeyHKU\S-1-5-19
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale\Alternate Sorts
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Language Groups
KeyHKLM\SYSTEM\ControlSet003\Enum
KeyHKLM\SYSTEM\ControlSet003\Services
KeyHKLM\SYSTEM\ControlSet003\Control\Class
KeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
KeyedEvent\KernelObjects\CritSecOutOfMemoryEvent
Mutant\BaseNamedObjects\ShimCacheMutex
Port\RPC Control\ntsvcs
ProcessSVCHOST.EXE(892)
ProcessCCenter.exe(992)
ProcessSVCHOST.EXE(1008)
ProcessSVCHOST.EXE(1216)
Process(1248)
ProcessRavMonD.exe(1260)
Process(1312)
Process(1624)
Process(1724)
ProcessSVCHOST.EXE(1780)
Section\BaseNamedObjects\ShimSharedMemory
ThreadSERVICES.EXE(724): 792
ThreadSERVICES.EXE(724): 800
ThreadSERVICES.EXE(724): 804
ThreadSERVICES.EXE(724): 868
ThreadSERVICES.EXE(724): 872
ThreadSERVICES.EXE(724): 876
ThreadSERVICES.EXE(724): 880
ThreadSERVICES.EXE(724): 864
ThreadSERVICES.EXE(724): 888
ThreadSERVICES.EXE(724): 1052
ThreadSERVICES.EXE(724): 1468
ThreadSERVICES.EXE(724): 2020
TokenNT AUTHORITY\NETWORK SERVICE
TokenNT AUTHORITY\LOCAL SERVICE
WindowStation\Windows\WindowStations\Service-0x0-3e7$
WindowStation\Windows\WindowStations\Service-0x0-3e7$

ProcessPIDCPUDescriptionCompany Name
System Idle Process086.54
Interruptsn/a0.96Hardware Interrupts
DPCsn/a1.92Deferred Procedure Calls
System4
  SMSS.EXE584Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE652Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE676Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE7242.88Services and Controller appMicrosoft Corporation
    SVCHOST.EXE892Generic Host Process for Win32 ServicesMicrosoft Corporation
      TIMPlatform.exe184TIMPlatformtencent
    CCenter.exe992CCenterBeijing Rising Technology Co., Ltd.
    SVCHOST.EXE1008Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1216Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1248Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe12600.96RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1548Rising RavStubBeijing Rising Technology Co., Ltd.
    rfwsrv.exe1312Rising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.
      RFWMAIN.EXE632Rising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1624Spooler SubSystem AppMicrosoft Corporation
    ATI2EVXX.EXE1724
    SVCHOST.EXE1780Generic Host Process for Win32 ServicesMicrosoft Corporation
    LSASS.EXE736LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE572Windows ExplorerMicrosoft Corporation
ATIPTAXX.EXE964ATI Desktop Control PanelATI Technologies, Inc.
SynTPLpr.exe972TouchPad Driver Helper ApplicationSynaptics, Inc.
SynTPEnh.exe9800.96Synaptics TouchPad EnhancementsSynaptics, Inc.
RavTask.exe1028RavTimerBeijing Rising Technology Co., Ltd.
  RavMon.exe1072RavMonBeijing Rising Technology Co., Ltd.
  iexplore.exe1824Internet ExplorerMicrosoft Corporation
CTFMON.EXE1076CTF LoaderMicrosoft Corporation
MSMSGS.EXE1148MessengerMicrosoft Corporation
POWERPNT.EXE940
iexplore.exe1960.96Internet ExplorerMicrosoft Corporation
regedit.exe636Registry EditorMicrosoft Corporation
procexp.exe16044.81Sysinternals Process ExplorerSysinternals
NOTEPAD.EXE1860记事本Microsoft Corporation
QQ.EXE524QQTENCENT

Process: SERVICES.EXE Pid: 724

NameDescriptionCompany NameVersion
advapi32.dllAdvanced Windows 32 Base APIMicrosoft Corporation5.01.2600.1106
authz.dllAuthorization FrameworkMicrosoft Corporation5.01.2600.0000
ctype.nls
gdi32.dllGDI Client DLLMicrosoft Corporation5.01.2600.1106
imm32.dllWindows XP IMM32 API Client DLLMicrosoft Corporation5.01.2600.1106
kernel32.dllWindows NT BASE API Client DLLMicrosoft Corporation5.01.2600.1106
locale.nls
lpk.dllLanguage PackMicrosoft Corporation5.01.2600.0000
msvcrt.dllWindows NT CRT DLLMicrosoft Corporation7.00.2600.1106
ncobjapi.dllMicrosoft Corporation5.01.2600.1106
netapi32.dllNet Win32 API DLLMicrosoft Corporation5.01.2600.1106
ntdll.dllNT Layer DLLMicrosoft Corporation5.01.2600.1106
rpcrt4.dllRemote Procedure Call RuntimeMicrosoft Corporation5.01.2600.1106
scesrv.dllWindows Security Configuration Editor EngineMicrosoft Corporation5.01.2600.1106
secur32.dllSecurity Support Provider InterfaceMicrosoft Corporation5.01.2600.1106
services.exeServices and Controller appMicrosoft Corporation5.01.2600.0000
sortkey.nls
sorttbls.nls
umpnpmgr.dllUser-mode Plug-and-Play ServiceMicrosoft Corporation5.01.2600.1106
unicode.nls
user32.dllWindows XP USER API Client DLLMicrosoft Corporation5.01.2600.1106
userenv.dllUserenvMicrosoft Corporation5.01.2600.1106
usp10.dllUniscribe Unicode script processorMicrosoft Corporation1.409.2600.1106
winsta.dllWinstation LibraryMicrosoft Corporation5.01.2600.1106

KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale\Alternate Sorts
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Language Groups
KeyHKLM\SYSTEM\ControlSet003\Enum
KeyHKLM\SYSTEM\ControlSet003\Services
KeyHKLM\SYSTEM\ControlSet003\Control\Class
我开了plugplay服务后，用process扫除与services.exe有关的handle文件在上面中间会跳出红色的
例如：
KeyHKLM\SYSTEM\ControlSet003\Enum\root\
KeyHKLM\SYSTEM\ControlSet003\Enum\usb\root
KeyHKLM\SYSTEM\ControlSet003\Enum\usbstore\root
以及KeyHKLM\SYSTEM\ControlSet003\Enum\usb\root目录下的注册表文件，
有时还有KeyHKLM\SYSTEM\ControlSet003\Enum\PIC或
KeyHKLM\SYSTEM\ControlSet003\Enum\API等

找了很长时间，瑞星没反应，我自己对这扫描找也没找出什么可以的文件，硬件问题会不会使进程里的services.exe
cpu占用达到90-99%
我开了plugplay服务后，cpu一直100%，电脑基本用不了，
关了之后基本正常，只是设备管理器列表刷不出来，usb有时能用，有时不能用
还有声音没了！

不行，只能顶！