先谢过秋日里的蓝天，，我已按你说的做了，就没找到C:\WINDOWS\System32\windds32.dll这个文件，，
C:\WINDOWS\System32\Drivers\CMBProtector.dat 这个也要删除吧，
拷贝的如下，
另说下，这两天又杀出好多好多中了威金的毒，，可在安全模式下再杀就没了，，

MZ             @                                      ? ???L?This program cannot be run in DOS mode.$      ?鸘?║?║?║?∕?ǒ?≒?◤?╙?ǒ?═?≧ichU?                        PE  L
 ?        

 €        )    €   
€  €  


    €    E 
                            €  <                          €  H
  ?                                            €  h                          .text  \    €                  h.rdata  
  €  €
  €              @  H.data        €                  @  菼NIT    ?  €    €                ?reloc  ?  €    €              @  B                                                                                                                KBClassFilter: DriverEntry: Start
  \ D e v i c e \ C M B P r o t e c t o r    KBClassFilter: DriverEntry: IoCreateDevice CDO Failed: %x
  \ D O S D e v i c e s \ C M B P r o t e c t o r C D O  KBClassFilter: DriverEntry: IoCreateSymbolicLink Failed: %x
    KBClassFilter: DriverEntry: Success
U嬱冹VWh 
?  婨??
?
岴$$
P謍
3Wh
  j"岴鳳j5
?
;莭PhP
枋  YYWWWWh
  痣S?
僅?
€`?
婡(
  h?
岴餚謲E鳳岴餚?
;莭Ph?
鑥  YYWWWWh  ??
j8X?
?\
兝=  r椤
莯  ?
?
莯  h

?
茾D?
?
茾pA
?
h
墄4?  Y_3繼陕 蘇BClassFilter: IrpCommonDispatch: Start
    KBClassFilter: IrpCommonDispatch: IRP_MJ_CREATE
    KBClassFilter: IrpCommonDispatch: IRP_MJ_CREATE_NAMED_PIPE
KBClassFilter: IrpCommonDispatch: IRP_MJ_CLOSE
KBClassFilter: IrpCommonDispatch: IRP_MJ_READ
  KBClassFilter: IrpCommonDispatch: IRP_MJ_WRITE
KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_INFORMATION
KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_INFORMATION
  KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_EA
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_EA
    KBClassFilter: IrpCommonDispatch: IRP_MJ_FLUSH_BUFFERS
    KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_VOLUME_INFORMATION
      KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_VOLUME_INFORMATION
    KBClassFilter: IrpCommonDispatch: IRP_MJ_DIRECTORY_CONTROL
KBClassFilter: IrpCommonDispatch: IRP_MJ_FILE_SYSTEM_CONTROL
  KBClassFilter: IrpCommonDispatch: IRP_MJ_DEVICE_CONTROL
        KBClassFilter: IrpCommonDispatch: IRP_MJ_INTERNAL_DEVICE_CONTROL
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SHUTDOWN
  KBClassFilter: IrpCommonDispatch: IRP_MJ_LOCK_CONTROL
  KBClassFilter: IrpCommonDispatch: IRP_MJ_CLEANUP
  KBClassFilter: IrpCommonDispatch: IRP_MJ_CREATE_MAILSLOT
  KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_SECURITY
    KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_SECURITY
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SYSTEM_CONTROL
    KBClassFilter: IrpCommonDispatch: IRP_MJ_DEVICE_CHANGE
KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_QUOTA
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_QUOTA
VWhX
梃  婦$媥(?
Yu9婰$婣` 3?苩HHt2覂?t?  缷饓A?2覊q?
嬈辂  媡$婩` 凐囍  $叜
h?
榭  h?
榈  h?
楂  h$
椤  hT
闂  h?
閸  h?
閮  h?
雦h0
雞hd
雗h?
雊h?
隸h,
隮hh
隦h?
隟h?
隓h,
?h`
?h?
?h?
?h

?hD

?h|

?h?
?h?
?h(
韬
  Y﨔#僃`$婳嬛?
_^? ?
?
?
?
?
?




#
*
1
8
?
F
M
T
[
b
i
p
?
w
~
?
?
HIDClassFilter: IrpPNP: Start
  KBWatch: IrpPNP: IRP_MN_REMOVE_DEVICE: Start
SVWh

枸  媡$婩`媆$媨(Y禜
IIt﨔#兝$塅`婳嬛?
?h:

瑜  﨔#僃`$Y婳嬛?
w?
S?
3繽^[? 蘃IDClassFilter: IrpFDOPower: Start
VWh?
鐷  婦$媡$媥(YV?
﨔#僃`$Vw?
_^? 蘇BWatch: IrpCDODeviceControlProcessing: ENABLE_KEYBOARD_WATCH
  KBWatch: IrpCDODeviceControlProcessing: ENABLE_KEYBOARD_WATCH
V媡$婩`婡- " t1冭t2覌吻F  ??
?  离,h2
鑖  Y铚  3离hr
鑂  婩Y0杵  塅^? HIDClassFilter: IrpInternalDeviceControl: Start
Vh
?  婦$;
Yut$P鐽婰$2覌??
?婡(婽$﨎#傿`$婬?
嬸嬈^? KBClassFilter: IrpFDOReadCompletionRoutine: Start
  KBWatch: IrpFDOReadCompletionRoutine: Key Pressed
Vh?
鐻  媡$儈 Y|8婩Wj3襙鼢婲3襙吚v#兞f?
t
B兞;衦螂h?
?  Y钃  €~! t婩`€H
婩^? 蘇BClassFilter: IrpFDORead: Start, pDeviceObject = %x
SV媡$WVh\
璎  媈(婽$媟`YY岶躩孁Y螗€` 婤`僠 冭$茾?
艪鄫K?
_^[? KBWatch: EnabledKeyBoardWatch: IoGetDeviceInterfaces() GUID_DEVINTERFACE_KEYBOARD Failed:%x
    KBWatch: EnabledKeyBoardWatch: pwszDeviceSymbolicLinkList = %ws
        KBWatch: EnableKeyBoardWatch: ObReferenceObjectByHandle() Failed:%x
U嬱QQ? 

u3篱  VW岴黀j
3鯲h
?
孁;Wh?
鐴  YY嬊雝婨鼖1PhB
?  YY岴鳳u   ;苪Pu??
Y婱鼚DA塃黤90u蔠?
Vh
VVh  u?
孁;Wh?
雿? 

  3繽^陕 虄= 

u?
?
? 
  锰KBWatch: SendKeyPressNotify: Call KeSetEvent()
? 

uh?
鑓  Yj j 5
?
锰婦$?婬;L$t婡吚u鹇 蘇BWatch: CreateFilterForDevice: ZwCreateFile Failed:%x
KBWatch: CreateFilterForDevice: ObReferneceObjectByHandle Failed:%x
    KBWatch: CreateFilterForDevice: GetRelatedDeviceObject return Failed    KBWatch: CreateFilterForDevice: GetFilterDeviceObjectFromDeviceStack() return FilterDeviceObject    KBWatch: CreateFilterForDevice: pTargetDeviceObject = %x
  KBWatch: CreateFilterForDevice: IoCreateDevice Failed:%x
      KBWatch: CreateFilterForDevice: IoAttachDeviceToDeviceStack PDO Failed
KBWatch: CreateFilterForDevice: pTargetDeviceObject is not attachable
U嬱冹4SVWu岴霵?
3跾Sj`j
j
岴靿E跃€  VS岴銹岴蘌h€  岴鳳荅?  塢星E谸  塢軌]??
孁;鹽Wh
钃
  Y嬊閭
  S岴黀SSVu??
孁;鹽WhR
鑙
  YY?
  u??
嬸;髩u魎婱??
u??
h?
?
  ?
V5
圗柘?吚t,奙€
婱??
u??
Wh?
桴  Y殇  V栾  鯜€叝  媭  鯜厽  奙€
VhF
杌  媢YYVSSj"Sj 5
?
孁;鹽Wh?
钁  YY隚?€`?媥(u羟  6?
;脡Guh?
鑐  Y6?
?  离
?f丯 3婱??
u??
嬊?奙€
婱??
u??
h

?  3繷_^[陕 ?%?
%?
                                    ?  ?      ^  v  ?  ?  ?  ?  ?  ?  ?  L  ,  :  D  \  t  ?  ?  ?  ?  4    $                  ?      t      脰K堬V?紝 犐軷SDS荖 &K?&???  D:\SOURCE~1\EEFE~1\C436~1\6228~1\SOURCE~1\CMBSAF~1\objfre_wxp_x86\i386\CMBProtector.dat.pdb                                                                                                                                                                                                                                                ?          ?  ?  ?            €                      ?  ?      ^  v  ?  ?  ?  ?  ?  ?  ?  L  ,  :  D  \  t  ?  ?  ?  ?  4    $      ?KeBugCheckEx  A
IoCreateSymbolicLink  8
IoCreateDevice  RtlInitUnicodeString  0 DbgPrint  %
IoAttachDeviceToDeviceStack ?IofCallDriver ?IofCompleteRequest  I
IoDeleteDevice  L
IoDetachDevice  +PoCallDriver  7PoStartNextPowerIrp ObReferenceObjectByHandle L ExFreePool  ?wcslen  e
IoGetDeviceInterfaces %ObfDereferenceObject  MKeSetEvent  ]
IoGetAttachedDevice ?ZwClose o
IoGetRelatedDeviceObject  ?ZwCreateFile  ntoskrnl.exe  M KfLowerIrql D KeRaiseIrqlToDpcLevel HAL.dll                                                                                                                              24@4E4O4W4m4s4}4?????????555 5%5,51585=5B5_;????????<<<<$<+<2<9<@<G<N<U<\<c<j<q<x<<????????????????????????==
====l=?????=>(>???C?R?m???    t  80??????22:2Q2W2g2s2{2????????c5?????6666%6:6C6L6R6????????77%7.777<7R7X7