1.我的电脑：打开EXCEL后，在一个空格内，输入文字后不见文字，但上面编辑栏内却有显示，且那一列内都会显示同样的文字，EXCEL并出现提示：可用资源不足，EXCEL无法完成任务，请少选择一些数据或关闭其它的应用程序。
    我现在启动后没有开启任何程序，连瑞星都关了，所有的启动项全部关闭了，打开一个新的EXCEL表格，还是一样 ，重装OFFICE后还是一样。（最新版瑞星杀毒显示没有发现病毒）

2.同事的电脑：之前所有的EXCEL文件都不能打开，并出现提示：该文件可能是只读，或者您要访问的位置是只读，或者文件所在的服务器没有响应。
    不能卸载，提示错误，无法完成卸载。直接安装时也不行，系统没反应，任务管理显示CPU占用率：99%。不管它，直接装WPS还是一样，没反应，任务管理器也同样显示WPS的CPU占用率：99%。（最新版瑞星杀毒显示没有发现病毒）

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

我的电脑：现在不再出现提示“可用资源不足，EXCEL无法完成任务，请少选择一些数据或关闭其它的应用程序”。而是出现另一个提示“EXCEL出现问题需要关闭，我们对此引起的不便表示抱歉”。

同事的电脑：用sreng扫描日志，扫了一个多小时，扫不完，停止扫描，图片如下：

同事电脑里打不开的文件，共享到我的电脑里可以打开，文件本身没问题。

提交什么？




（C:\WINDOWS\system32\MyGina.dll
C:\WINDOWS\system32\xvid.ax
C:\WINDOWS\system32\encdec.dll
C:\WINDOWS\system32\mpg2splt.ax
提交到这里，或者提交给瑞星，地址如下：http://mailcenter.rising.com.cn/index.shtml ）

同事的电脑用瑞星听诊器扫描结果如下：
未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\PROGRAM FILES\TENCENT\QQTOOLBAR\IEBAR.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\TOOLBAR.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\TBADDR.DLL
D:\ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
C:\WINDOWS\SYSTEM32\ATL71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.CHS
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
D:\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
C:\PROGRAM FILES\TENCENT\SSPLUS\SADDR2.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DSBHO_01.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_01.DLL
C:\WINDOWS\SYSTEM32\URLFILTER.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\URLRULE.DLL
D:\360SAFE\SAFEMON\SAFEMON.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\QQMAIL.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\SHUQIAN.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\WENWEN.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\WEATHER.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\POPUPBLOCKER.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\HIGHLIGHT.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\QQDOCTOR.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\MUSICBOX.DLL
C:\DOCUMENTS AND SETTINGS\TAO\APPLICATION DATA\TENCENT\QQTOOLBAR\BUTTONS\HOT.DLL
D:\RAV\RAVSCRCH.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\RAV\CCENTER.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\RAV\RAVMOND.EXE
D:\RAV\BWLIST.DLL
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MFC71CHS.DLL
D:\RAV\RSAPPMGR.DLL
D:\RAV\CFGDLL.DLL
D:\RAV\RSLOG.DLL
D:\RAV\PROCCOM.DLL
D:\RAV\RSCOMMX2.DLL
D:\RAV\MONRULE.DLL
D:\RAV\HOOKSYS.DLL
D:\RAV\HOOKREG.DLL
D:\RAV\HOOKNTOS.DLL
D:\RAV\RSWALMON.DLL
D:\RAV\RECOMP.DLL
D:\RAV\REFS.DLL
D:\RAV\FFR.DLL
D:\RAV\RSSTORE.DLL
D:\RAV\HOOKCONT.DLL
D:\RAV\FAKESCAN.DLL
D:\RAV\SCANNER.DLL
D:\RAV\VIRUSLIB.DLL
D:\RAV\RELIBLDR.DLL
D:\RAV\HOOKWEB.DLL
D:\RAV\EXTFILE.DLL
D:\RAV\PEARC.DLL
D:\RAV\NVFILE.DLL
D:\RAV\SCANEXEC.DLL
D:\RAV\UNEXE.DLL
D:\RAV\SCANEX.DLL
D:\RAV\SCANPACK.DLL
D:\RAV\REVM.DLL
D:\RAV\URUTILS.DLL
D:\RAV\UR000.DAT
D:\RAV\SCANSCT.DLL
D:\RAV\EXTMAIL.DLL
D:\RAV\EXTOLE.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\ADOBEPDF.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\ACROBAT 7.0\DISTILLR\ADISTRES.CHS
C:\WINDOWS\SYSTEM32\CNMLM6E.DLL
C:\WINDOWS\SYSTEM32\ZLHP1020.DLL
C:\WINDOWS\SYSTEM32\ZLM.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD6E.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IMFPRINT.DLL
C:\WINDOWS\SYSTEM32\IMF32.DLL
C:\WINDOWS\SYSTEM32\ZTAG32.DLL
C:\WINDOWS\SYSTEM32\ZSPOOL.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

D:\RAV\RAVSTUB.EXE
D:\RAV\PROCCOM.DLL
D:\RAV\RSCOMMX2.DLL
D:\RAV\RSCOMMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
D:\ACROBAT 7.0\ACTIVEX\PDFSHELL.CHS
C:\WINDOWS\SYSTEM32\IGFXPPH.DLL
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXRESS.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\PROGRAM FILES\COMMON FILES\ADOBE\SHELL\PSICON.DLL
C:\PROGRAM FILES\TENCENT\QQ\QDSHM.DLL
C:\PROGRAM FILES\TENCENT\QQ\MFC42.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\RAV\RSCOMMON.DLL
D:\ACROBAT 7.0\ACROBAT ELEMENTS\CONTEXTMENU.DLL
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MFC71CHS.DLL
D:\ACROBAT 7.0\ACROBAT ELEMENTS\CONTEXTMENU.CHS
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
D:\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
C:\PROGRAM FILES\TENCENT\SSPLUS\SADDR2.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DSBHO_01.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_01.DLL
D:\360SAFE\SAFEMON\SAFEMON.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL

D:\RAV\RAVTASK.EXE
D:\RAV\PROCCOM.DLL
D:\RAV\RSCOMMX2.DLL
D:\RAV\RSCOMMON.DLL
D:\RAV\RSAPPMGR.DLL
D:\RAV\CFGDLL.DLL

D:\RAV\RAVMON.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MFC71CHS.DLL
D:\RAV\PROCCOM.DLL
D:\RAV\RSCOMMX2.DLL
D:\RAV\RSCOMMON.DLL
D:\RAV\RECOMP.DLL
D:\RAV\REFS.DLL
D:\RAV\VIRUSLIB.DLL
D:\RAV\RELIBLDR.DLL
D:\RAV\RSAPPMGR.DLL
D:\RAV\CFGDLL.DLL
D:\RAV\MONRULE.DLL
D:\RAV\PNGDLL.DLL
D:\RAV\RSGUILIB.DLL
D:\RAV\RSXML.DLL

C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\STORMII\STORMLIV.EXE
C:\PROGRAM FILES\STORMII\MSVCP60.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL

C:\PROGRAM FILES\TENCENT\QQ\TXPLATFORM.EXE
D:\FOXMAIL\FOXMAIL.EXE
C:\WINDOWS\SYSTEM32\MAPI32.DLL
D:\FOXMAIL\FOXANTISPAM.DLL
D:\FOXMAIL\PCRE.DLL
D:\FOXMAIL\3RDPARTY\PUNYLIB.DLL

D:\备份软件\瑞星听诊器 在 XIEGUIYU (HELIKE-XIEGUIYU) 上\RSDETECT.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RavTask = "D:\RAV\RAVTASK.EXE" -SYSTEM


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXDEV.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233} = C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{0C7C23EF-A848-485B-873C-0ED954731014} = C:\Program Files\TENCENT\SSPlus\SAddr2.dll
{29CF293A-1E7D-4069-9E11-E39698D0AF95} = C:\Program Files\Tencent\QQToolbar\IEBar.dll
{889D2FEB-5411-4565-8998-1DD2C5261283} = C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} = C:\WINDOWS\system32\urlFilter.dll
{AE7CD045-E861-484f-8273-0445EE161910} = D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} = D:\360safe\safemon\safemon.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9B4B426-1D88-4286-8C08-D2D9650DF40F}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9B4B426-1D88-4286-8C08-D2D9650DF40F}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{25BD8B81-EB28-4BB5-BC51-1B777A43ADDD}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{25BD8B81-EB28-4BB5-BC51-1B777A43ADDD}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5216022-8BD6-44A9-8302-19B87C2FB23A}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5216022-8BD6-44A9-8302-19B87C2FB23A}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5C70973-1A2A-46C2-A128-9E9B1129F6E6}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5C70973-1A2A-46C2-A128-9E9B1129F6E6}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6EC3C179-710C-4B92-B09B-8EFD60B2DC76}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6EC3C179-710C-4B92-B09B-8EFD60B2DC76}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
C-DillaCdaC11BA = C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
ccosm = C:\PROGRAM FILES\STORMII\STORMLIV.EXE /ASSERVICE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "D:\RAV\CCENTER.EXE"
RsRavMon = "D:\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{2A3E8AA6-E2A6-4380-B2C3-6E2D7C050F58}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BIOS = C:\WINDOWS\SYSTEM32\DRIVERS\BIOS.SYS
CdaC15BA = C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
DgiVecp = C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HDAudBus = C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS
HookCont = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKCONT.SYS
HookNtos = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKNTOS.SYS
HookReg = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKREG.SYS
HookSys = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKSYS.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
ialm = C:\WINDOWS\SYSTEM32\DRIVERS\IGXPMP32.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntcAzAudAddService = C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RsNTGDI = C:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS
RTL8023xp = C:\WINDOWS\SYSTEM32\DRIVERS\RTNICXP.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SONYPVU1 = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbccgp = C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbprint = C:\WINDOWS\SYSTEM32\DRIVERS\USBPRINT.SYS
usbscan = C:\WINDOWS\SYSTEM32\DRIVERS\USBSCAN.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS