问题项目如下:
==================================
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<winlogen><C:\WINDOWS\Fonts\winlogen.exe> []
<ravusee><C:\WINDOWS\Fonts\ravusee.exe> []
<360rptt><C:\WINDOWS\Fonts\360rptt.exe> [360Safe.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<tsqdjpix.dll><> [N/A]
<uuxqcios.dll><> [N/A]
<ulwrrxpe.dll><> [N/A]
<fhblbvnj.dll><> [N/A]
<onprqzdv.dll><> [N/A]
<qayfqnib.dll><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
<IFEO[enc98.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GooglePinyinDownloader.exe]
<IFEO[GooglePinyinDownloader.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pipi_zcom_513.exe]
<IFEO[pipi_zcom_513.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\StormGetter.exe]
<IFEO[StormGetter.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder.exe]
<IFEO[Thunder.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
<IFEO[ua80.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
==================================
驱动程序
[aliimz / aliimz][Stopped/Manual Start]
<System32\Drivers\aliimz.sys><N/A>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
<\SystemRoot\system32\drivers\HBKernel32.sys><N/A>
[rddan / rddan][Running/Boot Start]
<\SystemRoot\system32\drivers\rddan.sys><N/A>
[sfafix / sfafix][Stopped/Boot Start]
<\SystemRoot\system32\drivers\sfafix.sys><N/A>
[yyws / yywsw][Stopped/Boot Start]
<\SystemRoot\system32\drivers\yywsw.syss><N/A>
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
==================================
浏览器加载项
[Info cache]
{285AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Kler\pbhealth.dll, Compare the difference >
[JavaBrowser Class]
{686488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2211.dll, >
==================================
正在运行的进程
C:\WINDOWS\system32\winlib .dll] [N/A, ]
C:\WINDOWS\Fonts\360rptt.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2211.dll
C:\WINDOWS\system\mvjaj32dla.dll
C:\WINDOWS\FONTS\360RPTT.EXE
==================================
建议:将C:\WINDOWS\FONTS\360RPTT.EXE、C:\WINDOWS\Fonts\winlogen.exe、C:\WINDOWS\Fonts\ravusee.exe这三个文件分别用WINRAR压缩,分别上传压缩包。