[C:\WINDOWS\SYSTEM32\WBEM\ETQHM.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 1056 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7184]
[PID: 2112 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 2648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2136 / Owner][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.4]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3121 (xpsp_sp2_gdr.070418-0032)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
[PID: 2172 / Owner][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.4]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 3068 / Owner][C:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 3, 101, 101]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Tencent\QQDownload\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 3, 101, 101]
    [C:\Program Files\Tencent\QQDownload\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 80]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [H:\软件备份\AVG Anti-Spyware 7.5\杂碎\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQDownload\BT\BTDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 3, 101, 101]
    [C:\Program Files\Tencent\QQDownload\BT\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\QQDownload\BT\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\QQDownload\BT\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[PID: 392 / Owner][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3028 / Owner][C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.703\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.703\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1792, C:\PROGRAM FILES\LENOVO\功能键盘\HOTKEYB.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 684, C:\PROGRAM FILES\RACER-HAN-CNC\RACER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3068, C:\PROGRAM FILES\TENCENT\QQDOWNLOAD\QQDOWNLOAD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 392, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

删除以下启动项
<AppInit_DLLs><qhbpri.dll> [N/A]（清空括号中的qhbpri.dll即可）
<N/A><C:\WINDOWS\system32\nwizzhuxians.exe> [N/A]
删除以下服务
[Security Machine Manager / BARCASE][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\ETQHM.DLL,DllRegisterServer 1087><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Windows lfmz RunThem / lfmz][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\gahu\qkre.dll><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Remote Route Service / Templates][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\bxtfl.dll><N/A>
删除以下驱动
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[dj2xu45gy / dj2xu45gye][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dj2xu45gye.sys><N/A>
[klgsschb / klgsschbj][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\klgsschbj.sys><N/A>
[nf179x / nf179xz][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nf179xz.sys><N/A>
并按地址删除原文件，以及
[C:\WINDOWS\system32\1uownjdaj.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]

[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
这个没问题.

打开SREng-启动项目->注册表->
编辑Userinit><rundll32.exe C:\WINDOWS\system32\winsys16_070708.dll start> [N/A]
为Userinit><C:\WINDOWS\system32\userinit.exe,> [N/A]（逗号不可省略）

删除C:\WINDOWS\system32\winsys16_070708.dll

你叫我删 这么多?我的手都软了,不敢删 啊,说几个重要的我山7下