ProcessPIDCPUDescriptionCompany Name
System Idle Process086.54
Interruptsn/a0.96Hardware Interrupts
DPCsn/a1.92Deferred Procedure Calls
System4
  SMSS.EXE584Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE652Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE676Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE7242.88Services and Controller appMicrosoft Corporation
    SVCHOST.EXE892Generic Host Process for Win32 ServicesMicrosoft Corporation
      TIMPlatform.exe184TIMPlatformtencent
    CCenter.exe992CCenterBeijing Rising Technology Co., Ltd.
    SVCHOST.EXE1008Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1216Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1248Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe12600.96RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1548Rising RavStubBeijing Rising Technology Co., Ltd.
    rfwsrv.exe1312Rising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.
      RFWMAIN.EXE632Rising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1624Spooler SubSystem AppMicrosoft Corporation
    ATI2EVXX.EXE1724
    SVCHOST.EXE1780Generic Host Process for Win32 ServicesMicrosoft Corporation
    LSASS.EXE736LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE572Windows ExplorerMicrosoft Corporation
ATIPTAXX.EXE964ATI Desktop Control PanelATI Technologies, Inc.
SynTPLpr.exe972TouchPad Driver Helper ApplicationSynaptics, Inc.
SynTPEnh.exe9800.96Synaptics TouchPad EnhancementsSynaptics, Inc.
RavTask.exe1028RavTimerBeijing Rising Technology Co., Ltd.
  RavMon.exe1072RavMonBeijing Rising Technology Co., Ltd.
  iexplore.exe1824Internet ExplorerMicrosoft Corporation
CTFMON.EXE1076CTF LoaderMicrosoft Corporation
MSMSGS.EXE1148MessengerMicrosoft Corporation
POWERPNT.EXE940
iexplore.exe1960.96Internet ExplorerMicrosoft Corporation
regedit.exe636Registry EditorMicrosoft Corporation
procexp.exe16044.81Sysinternals Process ExplorerSysinternals
NOTEPAD.EXE1860记事本Microsoft Corporation
QQ.EXE524QQTENCENT

Process: SERVICES.EXE Pid: 724

NameDescriptionCompany NameVersion
advapi32.dllAdvanced Windows 32 Base APIMicrosoft Corporation5.01.2600.1106
authz.dllAuthorization FrameworkMicrosoft Corporation5.01.2600.0000
ctype.nls
gdi32.dllGDI Client DLLMicrosoft Corporation5.01.2600.1106
imm32.dllWindows XP IMM32 API Client DLLMicrosoft Corporation5.01.2600.1106
kernel32.dllWindows NT BASE API Client DLLMicrosoft Corporation5.01.2600.1106
locale.nls
lpk.dllLanguage PackMicrosoft Corporation5.01.2600.0000
msvcrt.dllWindows NT CRT DLLMicrosoft Corporation7.00.2600.1106
ncobjapi.dllMicrosoft Corporation5.01.2600.1106
netapi32.dllNet Win32 API DLLMicrosoft Corporation5.01.2600.1106
ntdll.dllNT Layer DLLMicrosoft Corporation5.01.2600.1106
rpcrt4.dllRemote Procedure Call RuntimeMicrosoft Corporation5.01.2600.1106
scesrv.dllWindows Security Configuration Editor EngineMicrosoft Corporation5.01.2600.1106
secur32.dllSecurity Support Provider InterfaceMicrosoft Corporation5.01.2600.1106
services.exeServices and Controller appMicrosoft Corporation5.01.2600.0000
sortkey.nls
sorttbls.nls
umpnpmgr.dllUser-mode Plug-and-Play ServiceMicrosoft Corporation5.01.2600.1106
unicode.nls
user32.dllWindows XP USER API Client DLLMicrosoft Corporation5.01.2600.1106
userenv.dllUserenvMicrosoft Corporation5.01.2600.1106
usp10.dllUniscribe Unicode script processorMicrosoft Corporation1.409.2600.1106
winsta.dllWinstation LibraryMicrosoft Corporation5.01.2600.1106

KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale\Alternate Sorts
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Language Groups
KeyHKLM\SYSTEM\ControlSet003\Enum
KeyHKLM\SYSTEM\ControlSet003\Services
KeyHKLM\SYSTEM\ControlSet003\Control\Class
我开了plugplay服务后，用process扫除与services.exe有关的handle文件在上面中间会跳出红色的
例如：
KeyHKLM\SYSTEM\ControlSet003\Enum\root\
KeyHKLM\SYSTEM\ControlSet003\Enum\usb\root
KeyHKLM\SYSTEM\ControlSet003\Enum\usbstore\root
以及KeyHKLM\SYSTEM\ControlSet003\Enum\usb\root目录下的注册表文件，
有时还有KeyHKLM\SYSTEM\ControlSet003\Enum\PIC或
KeyHKLM\SYSTEM\ControlSet003\Enum\API等

找了很长时间，瑞星没反应，我自己对这扫描找也没找出什么可以的文件，硬件问题会不会使进程里的services.exe
cpu占用达到90-99%
我开了plugplay服务后，cpu一直100%，电脑基本用不了，
关了之后基本正常，只是设备管理器列表刷不出来，usb有时能用，有时不能用
还有声音没了！

我是用98启动盘启动的,我网盘上有.

不行，只能顶！

结束下面的进程
C:\WINDOWS\System32\TopGhost.exe

修复
O2 - BHO: BHelper - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINDOWS\System32\msibm\cfsbho.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\drivers\inf\bands.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\RunServices: [SystemRunOn] C:\WINDOWS\system32\sysconfig.exe
O4 - HKCU\..\Run: [] TopGhost.exe
O9 - Extra button: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - Extra 'Tools' menuitem: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll

卸载
C:\Program Files\Infofo Bar

删除
C:\Program Files\Infofo Bar文件夹
C:\WINDOWS\System32\msibm\cfsbho.dll
C:\WINDOWS\system32\sysconfig.exe
C:\WINDOWS\System32\TopGhost.exe