中左Win32:Malware-gen
时间:2014-03-23
来源:互联网
中左Win32:Malware-gen
好多防毒软件都比整到开唔到,game都系,系统还原都系找不到
好多防毒软件都download唔到,only 360杀毒开到
Hijack download左又install唔到,话找不到
:029: :029: :029:
希望有人可以帮到我,万分感谢
文件图片全部都话被另一使用者锁定搞到开唔到
小画家save唔到野话没有权限,蓝芽收唔到野
down左avast想install弹
The installer cannot extract vps files to C:/users/xxxx/appdata/local/temp/_av_iup.tm~a17528
(code 0x2)
[ 本帖最后由 爱猫一族 於 2014-2-27 12:48 AM 编辑 ]
好多防毒软件都比整到开唔到,game都系,系统还原都系找不到
好多防毒软件都download唔到,only 360杀毒开到
Hijack download左又install唔到,话找不到
:029: :029: :029:希望有人可以帮到我,万分感谢
文件图片全部都话被另一使用者锁定搞到开唔到
小画家save唔到野话没有权限,蓝芽收唔到野
down左avast想install弹
The installer cannot extract vps files to C:/users/xxxx/appdata/local/temp/_av_iup.tm~a17528
(code 0x2)
[ 本帖最后由 爱猫一族 於 2014-2-27 12:48 AM 编辑 ]
作者: 爱猫一族 发布时间: 2014-03-23
马上移除360所有程式。
1. 先下载以下两套扫瞄程式:
a. SUPERAntispyware Portable Scanner Personal Edition.
b. 下载ComboFix.
2. 开机按F8,入安全模式执行上述两套程式扫毒。
请贴上以下报告:
a. SAS 扫瞄报告。
b. ComboFix扫毒报告。
1. 先下载以下两套扫瞄程式:
a. SUPERAntispyware Portable Scanner Personal Edition.
b. 下载ComboFix.
2. 开机按F8,入安全模式执行上述两套程式扫毒。
请贴上以下报告:
a. SAS 扫瞄报告。
b. ComboFix扫毒报告。
作者: SILVESTERABEND 发布时间: 2014-03-23
执行a.个个 show error reading set up data
作者: 爱猫一族 发布时间: 2014-03-23
开机按F8,入唔到安全模式
作者: 爱猫一族 发布时间: 2014-03-23
now can enter 安全模式, but cant run both 扫瞄程式
作者: 爱猫一族 发布时间: 2014-03-23
试先下载/执行RKill在安全模式扫毒。
作者: SILVESTERABEND 发布时间: 2014-03-23
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/18/2014 11:26:28 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Backup Registry file created at:
C:\Users\xxxxxxxxx\Desktop\rkill\rkill-02-18-2014-11-26-29.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\ProgramData\NT Kernel\NTKernel.exe"
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/18/2014 11:26:28 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Backup Registry file created at:
C:\Users\xxxxxxxxx\Desktop\rkill\rkill-02-18-2014-11-26-29.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\ProgramData\NT Kernel\NTKernel.exe"
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
作者: 爱猫一族 发布时间: 2014-03-23
1. 下载Files extension type association fix (.reg)於桌面 > 右按.reg程式 > 右merge完成修正。
(修正[不能执行exe档案)
2. 执行原先SAS & ComboFix扫毒。(亦可以再试入安全模式执行)
3. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. SAS扫毒报告。
b. ComboFix扫毒报告。
c. OTL.txt扫瞄报告。
(修正[不能执行exe档案)
2. 执行原先SAS & ComboFix扫毒。(亦可以再试入安全模式执行)
3. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. SAS扫毒报告。
b. ComboFix扫毒报告。
c. OTL.txt扫瞄报告。
作者: SILVESTERABEND 发布时间: 2014-03-23
咁merge左,头两个sxxx and combo都系用唔到,一个error load setup data,一个找不到档案
[ 本帖最后由 爱猫一族 於 2014-2-20 08:09 PM 编辑 ]
[ 本帖最后由 爱猫一族 於 2014-2-20 08:09 PM 编辑 ]
作者: 爱猫一族 发布时间: 2014-03-23
得最后个个用到
1Extras.Txt (101.36 KB)
1OTL.Txt (162.55 KB)
1Extras.Txt (101.36 KB)
2014-2-20 08:06 PM, 下载次数: 2
1OTL.Txt (162.55 KB)
2014-2-20 08:06 PM, 下载次数: 6
作者: 爱猫一族 发布时间: 2014-03-23
楼主先做以下3项:
1. 移除360所有程式。
2. 做系统还原,尽量做到最前日子。
3. 重新做过份OTL.txt扫瞄报告贴上。
1. 移除360所有程式。
2. 做系统还原,尽量做到最前日子。
3. 重新做过份OTL.txt扫瞄报告贴上。
作者: SILVESTERABEND 发布时间: 2014-03-23
360删左好耐啦,控制台,桌面都无
还原唔到,话找不到C:/window....rstrui.exe
还原唔到,话找不到C:/window....rstrui.exe
作者: 爱猫一族 发布时间: 2014-03-23
系Program Files见到,但del唔到,要向administrator取得权限,但我个user应该就系administrator
作者: 爱猫一族 发布时间: 2014-03-23
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
引用:
:OTL
PRC - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe
PRC - [2013/09/16 11:22:30 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
PRC - [2012/07/06 11:09:52 | 002,553,752 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\ARO 2012\ARO.exe
MOD - [2013/09/16 11:22:30 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
MOD - [2012/07/06 11:09:52 | 012,195,232 | ---- | M] () -- C:\Program Files (x86)\ARO 2012\AROSS.dll
MOD - [2012/07/06 11:09:52 | 000,567,600 | ---- | M] () -- C:\Program Files (x86)\ARO 2012\sqlite3.dll
MOD - [2012/05/18 14:23:48 | 000,021,360 | ---- | M] () -- C:\Program Files (x86)\ARO 2012\soref.dll
SRV:64bit: - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
DRV:64bit: - [2013/12/17 11:54:46 | 000,285,880 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360FsFlt.sys -- (360FsFlt)
DRV:64bit: - [2013/12/02 19:58:18 | 000,179,896 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV)
DRV:64bit: - [2013/10/25 12:04:48 | 000,096,960 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker)
DRV:64bit: - [2013/10/14 17:25:18 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64)
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\lizlisa\funshion\funshiontools\npFunshion.dll ( )
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: QvodShareModule (Enabled) = C:\Program Files (x86)\QvodPlayer\npShareModule.dll
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (瑞俴弝畦温挚狟婥郪璃) - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\lizlisa\funshion\funshiontools\FunshionHelper.dll (北京风行在线技术有限公司)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360safe\safemon\safemon.dll (360.cn)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O8:64bit: - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()
O8:64bit: - Extra context menu item: 传送影像到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: 传送页面到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: 奻换善杬蔬绶眈聊 - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm File not found
O8:64bit: - Extra context menu item: 煦砅善杬蔬绶 - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm File not found
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 传送影像到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: 传送页面到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 奻换善杬蔬绶眈聊 - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm File not found
O8 - Extra context menu item: 煦砅善杬蔬绶 - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F17518-68B0-42F4-B3E9-1C3B18BCCAFE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
:Files
C:\Users\lizlisa\AppData\Roaming\360DiagnoseScan
C:\Users\lizlisa\Documents\360js Files
C:\$360Section
C:\Users\lizlisa\AppData\Roaming\dclogs
C:\Users\lizlisa\72w728uj6dhv9m
C:\Users\lizlisa\AppData\Roaming\360safe
C:\ProgramData\360SD
C:\Users\lizlisa\AppData\Roaming\360mobilemgr
C:\windows\SysNative\drivers\BAPIDRV64.SYS
C:\Program Files\360
C:\ProgramData\360SDTemp
C:\Users\lizlisa\AppData\Roaming\360Login
C:\windows\SysNative\drivers\360FsFlt.sys
C:\360SANDBOX
C:\windows\SysNative\drivers\360Box64.sys
C:\windows\SysNative\drivers\360AntiHacker64.sys
C:\windows\SysNative\drivers\360Camera64.sys
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
:OTL
PRC - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe
PRC - [2013/09/16 11:22:30 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
PRC - [2012/07/06 11:09:52 | 002,553,752 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\ARO 2012\ARO.exe
MOD - [2013/09/16 11:22:30 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
MOD - [2012/07/06 11:09:52 | 012,195,232 | ---- | M] () -- C:\Program Files (x86)\ARO 2012\AROSS.dll
MOD - [2012/07/06 11:09:52 | 000,567,600 | ---- | M] () -- C:\Program Files (x86)\ARO 2012\sqlite3.dll
MOD - [2012/05/18 14:23:48 | 000,021,360 | ---- | M] () -- C:\Program Files (x86)\ARO 2012\soref.dll
SRV:64bit: - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
DRV:64bit: - [2013/12/17 11:54:46 | 000,285,880 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360FsFlt.sys -- (360FsFlt)
DRV:64bit: - [2013/12/02 19:58:18 | 000,179,896 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV)
DRV:64bit: - [2013/10/25 12:04:48 | 000,096,960 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker)
DRV:64bit: - [2013/10/14 17:25:18 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64)
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\lizlisa\funshion\funshiontools\npFunshion.dll ( )
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: QvodShareModule (Enabled) = C:\Program Files (x86)\QvodPlayer\npShareModule.dll
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\lizlisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (瑞俴弝畦温挚狟婥郪璃) - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\lizlisa\funshion\funshiontools\FunshionHelper.dll (北京风行在线技术有限公司)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360safe\safemon\safemon.dll (360.cn)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O8:64bit: - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()
O8:64bit: - Extra context menu item: 传送影像到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: 传送页面到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: 奻换善杬蔬绶眈聊 - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm File not found
O8:64bit: - Extra context menu item: 煦砅善杬蔬绶 - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm File not found
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 传送影像到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: 传送页面到 Bluetooth 装置(&B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 奻换善杬蔬绶眈聊 - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm File not found
O8 - Extra context menu item: 煦砅善杬蔬绶 - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F17518-68B0-42F4-B3E9-1C3B18BCCAFE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
:Files
C:\Users\lizlisa\AppData\Roaming\360DiagnoseScan
C:\Users\lizlisa\Documents\360js Files
C:\$360Section
C:\Users\lizlisa\AppData\Roaming\dclogs
C:\Users\lizlisa\72w728uj6dhv9m
C:\Users\lizlisa\AppData\Roaming\360safe
C:\ProgramData\360SD
C:\Users\lizlisa\AppData\Roaming\360mobilemgr
C:\windows\SysNative\drivers\BAPIDRV64.SYS
C:\Program Files\360
C:\ProgramData\360SDTemp
C:\Users\lizlisa\AppData\Roaming\360Login
C:\windows\SysNative\drivers\360FsFlt.sys
C:\360SANDBOX
C:\windows\SysNative\drivers\360Box64.sys
C:\windows\SysNative\drivers\360AntiHacker64.sys
C:\windows\SysNative\drivers\360Camera64.sys
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
作者: SILVESTERABEND 发布时间: 2014-03-23
有d move fail
02202014_010026(1).txt (340.98 KB)
02202014_010026(1).txt (340.98 KB)
2014-2-20 11:26 PM, 下载次数: 3
作者: 爱猫一族 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-20 11:26 PM 发表
有d move fail
1. 大部份[move fail]档案应该会於电脑重启后删除。有d move fail
2. 楼主先backup C drive里面重要档案。
3. 重新再做1份新OTL.txt扫瞄报告贴上。
作者: SILVESTERABEND 发布时间: 2014-03-23
thank you
1OTL.Txt (151.64 KB)
1OTL.Txt (151.64 KB)
2014-2-21 04:08 PM, 下载次数: 7
作者: 爱猫一族 发布时间: 2014-03-23
开机按F8入安全模式执行OTL run fix。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
引用:
:OTL
PRC - [2013/12/07 12:12:22 | 004,255,368 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe
PRC - [2013/12/07 12:12:22 | 003,266,184 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe
PRC - [2013/12/07 12:12:22 | 000,766,088 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe
PRC - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe
MOD - [2013/12/07 12:12:22 | 000,766,088 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe
SRV:64bit: - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
DRV:64bit: - [2013/12/17 11:54:46 | 000,285,880 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360FsFlt.sys -- (360FsFlt)
DRV:64bit: - [2013/12/02 19:58:18 | 000,179,896 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV)
DRV:64bit: - [2013/10/25 12:04:48 | 000,096,960 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker)
DRV:64bit: - [2013/10/14 17:25:18 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64)
DRV:64bit: - [2013/07/11 12:43:58 | 000,040,120 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360Camera64.sys -- (360Camera)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll File not found
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: QvodShareModule (Enabled) = C:\Program Files (x86)\QvodPlayer\npShareModule.dll
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\63223: 301548880 = 50 4B 03 04 D9 79 98 5E 50 45 F9 11 4D 07 00 00 00 30 00 00 01 24 24 43 B9 01 44 3B 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 5C 4D 4D 56 D2 07 DF 37 BB B8 AC 50 04 31 CC 92 84 68 45 42 CE 6A 01 12 EB 7D EF 9A 03 2A 4A 71 66 4F 0D 09 66 61 69 A4 CE 88 32 40 8C 8A 29 EC D9 C0 49 32 40 F8 BD E1 55 D3 05 6C 8C 6D AE 96 F5 5F 7B 71 D9 8D CE 19 0A C3 8C F2 42 20 CB EF 0F 60 2F 2D 72 FA 90 72 9C 5D 65 77 2C 31 6A B4 3F 0C 11 1B 23 08 5D 65 CC 18 C2 69 4B 1E 18 30 56 0B AF DE 60 7C CF DF 12 D4 ED FF 92 33 07 D7 3C B5 A4 D2 63 7C 78 4F 48 BB 32 82 EE E1 E2 F8 D1 46 5B A3 EF 5F F7 F0 DB D3 A5 EE E4 FD 2E 2B DC 0C 58 2D 11 45 B1 6B F1 7E AB 1F 0B E7 33 40 F5 73 30 0E DB BE 01 91 5A 4A D5 E3 54 82 C1 56 F8 31 29 21 1B 92 3A 32 79 9E 40 92 9B 34 4D 25 A6 4F 99 E0 EE FB 78 7A 63 7E F1 EE C5 E0 D1 B4 61 65 C2 06 E3 1A 2F AB 46 D4 39 68 87 28 9A DE 1C 37 4F 4B D6 2B C9 1B B3 E1 5B 57 2E F1 24 08 3D F1 93 A3 75 D0 0F E4 2B BE ED 4C 02 37 70 05 BA 3C C6 09 54 6F 2D 11 5E FF 68 C8 43 62 A2 78 45 CE 9D 1D C3 BE 54 A0 2C CC C6 64 89 BD D3 1E DC EF F1 06 B3 64 D5 C3 1C 13 88 EA 51 78 AD 33 4C 90 52 B0 C0 26 6F 7D 5E C0 A0 9A A5 DC 1A 2C C9 58 DB 84 71 2F 6E 0B 8C C0 61 8E AE D1 03 BC 6A 62 EB AC 4E 3E DA B6 2E 50 0F B6 B7 E8 21 63 16 FE 88 F7 24 66 FE EB F8 9D 4C 7B F6 65 04 72 EC A6 58 67 DB BA E6 EC 7A 35 4A FE 42 66 06 6C 3D 00 28 C9 AB E7 8C F5 4A 91 0E 7C A5 F1 DB 90 36 A6 9B 1C 8D 22 F6 B6 36 69 44 6D F6 95 83 61 81 B1 6E 78 83 30 DB 09 8D 3A 95 80 47 9B 9B 03 73 E3 B9 3B 70 3D 25 43 0B 50 63 C5 72 74 6C 78 01 7F 96 CD 51 2A A9 FF 95 DB D7 70 2A 58 88 74 21 AC C4 7F B0 93 11 74 8E C5 B5 80 8F 89 BD 26 5B D0 85 EE 71 72 AD 51 42 30 12 90 72 F0 0F C3 2D 8C AA 50 FD 3A E9 CB F3 79 BB B1 77 3C E1 5E 53 BB 5B 62 AC 70 DD 5A 75 A0 FC E2 1E 95 67 ED C0 C8 1F 58 17 8B BE B2 5C 6F 29 D7 F5 6D F4 E2 2B 25 53 69 14 7A 2B BB D2 DC 3C D0 5D 0D 66 FD 90 A6 B4 D2 AE 3A 14 81 EC 3B 50 CC FE FC AD 18 02 D6 D4 66 90 97 15 36 23 1A 5A 26 92 F5 55 B5 66 A2 0C 27 2C 5D 3F 1C 38 7E 5A 2F 92 29 14 C0 F0 7E 48 A1 26 18 35 10 C6 24 F2 05 1D 38 BC 11 6D 8A 92 FC B3 AC 8C 39 12 66 6F 65 69 58 90 F7 BA 22 A2 13 B0 44 6D CE E1 CE AE 55 EE AF B9 04 0D 6E 2C 8D B3 33 7B A5 E6 39 ED 60 17 D9 57 5E C0 BA A3 CF 0E A0 89 98 BF CA 97 D6 1C 59 75 22 05 57 BF 3F 23 83 EA EA EF E9 98 A8 6B C2 57 21 09 BE 92 E4 32 AA D0 13 5E 56 54 AB 4E 0C F7 AE 5C 33 DA 2D 96 77 1A 67 BD AF CE D8 03 3D 0A 34 C4 AB 78 75 D7 DC 50 CB E0 A6 B9 C5 83 90 05 F2 34 7F BE FF 47 3A 1A CE 2F 58 70 DE 1C DB 0A F5 31 91 A1 6A 70 44 92 96 B1 40 6E 83 2F C7 6C CE 95 B9 AD 1E 98 8E 89 E1 A1 EC 6B C6 46 31 14 F6 01 02 9D 48 39 8B 3B DC 89 4F C5 DF 88 F1 BA B8 0F 60 4D 8E 1B 5E FD 50 25 42 9C 72 7B 44 13 9E 90 F5 7C 67 43 EF 3E DD 6F DD AD 6E CD 7C E2 93 EB 49 B4 FF F1 76 D9 97 0A D3 29 DC DD C8 78 02 75 78 34 F8 FF 5F C5 33 07 56 4E 14 A8 CD AB 13 6B 17 96 BB 93 E9 39 5A CE DF 93 FE DC 8F 2D 90 36 DF FA 5F 3E 37 CA CA E8 08 BD D1 DF C9 BC 3B FC 42 44 9A 3E F7 A0 BE 0C AF 79 6C A8 DD A8 3E 24 46 BF E9 F3 0E E9 92 27 33 BA 9E C5 E4 45 26 5B 25 27 05 BD 12 32 92 90 1B 77 61 A1 6A 99 3C 97 D3 F6 32 87 20 2A 55 38 97 93 5B CE 51 C8 D2 C4 03 01 22 27 81 33 A1 DA 82 7A 55 B8 65 27 CC ED 19 77 44 8F FC 50 B3 9F 55 90 59 85 37 94 C1 CC 27 E6 2D E8 F2 36 60 E7 8C 80 05 F2 44 7A 16 08 4D EC 60 61 92 E8 12 BF 6E 6B 83 B7 BC FA 2D 8A A1 DF 0C 9B D2 44 9A B4 C0 04 F0 F8 E9 17 11 7D A0 E1 79 A8 65 19 AE E8 5D DB 63 FE 9F 7D B0 AD C7 DB D0 01 27 D0 F3 B5 73 14 8A 8F 90 5E FB A2 83 49 47 4E 14 5E 34 19 83 4F D0 FE 40 82 D6 4F 53 64 67 98 85 AF AF 6A EB 41 0A D2 70 86 05 EC D0 EE 4F 29 06 39 FE EF 7F D2 C4 32 4C 64 44 0D 4D 44 5D 1E 71 86 88 13 3F D9 B9 55 03 DD EE BE 66 95 9C A7 BA 0D D1 E3 0C C8 1A 40 03 C0 C5 68 FF 15 26 B5 EF C8 60 B6 3D 82 3F B1 40 96 D2 64 26 5D FB 45 24 CF AA 1F 32 2C E9 1A 26 2E D4 19 1D 8A 86 82 11 3D D4 DA 1F 0B 2A 6D 38 31 8D BB 99 5F 40 C5 00 7E 85 06 39 F3 A9 1F D5 EF 3D A3 6E DA DA 0B 6A CE 04 97 21 10 2E F3 46 AC 5D 6E FF C6 8B A7 E6 24 B7 C0 C7 2C D1 3A EC 69 2C 7D 18 50 0F E4 22 D4 AA E5 CF D5 6B 24 B5 F8 E3 48 D1 91 15 02 DC 1E 90 83 21 FB AB 2C 86 50 21 37 8A 7A B6 ED 07 45 A0 A6 FA 66 24 8B 55 76 58 71 12 50 3D 22 B6 87 4B 49 68 5F D8 3D BA 67 F4 A1 F9 F0 76 EB 99 AC 1F 8D 14 2D 7A D5 03 03 AD 48 03 E6 4B DC DA C2 D1 C6 0A F1 A7 C6 35 1F 9F 4C A5 EB AB 97 D6 EE 2B E9 8E 48 2E 54 97 E4 CB 94 02 E1 BB 0B D1 1B 87 84 39 30 E4 9B 72 E2 32 AF 8D C8 CC 93 67 C8 00 94 72 68 BF 66 7D A4 81 85 22 1C 31 BC CE AD 02 F0 83 7A 40 C9 EF 82 B5 BB 60 27 F6 7F 17 0B 71 41 E1 A4 66 A3 CE BB E3 6C BC 08 11 02 A0 58 97 BC 4B 0B EF 18 B2 77 34 36 D9 0B 4B 98 12 56 4F DE 22 36 1B B5 3C CB 41 ED 05 A4 86 AE B1 14 34 7A 85 4F 19 04 BB A0 D7 DD EA 22 76 55 D1 18 4B BB 78 9B 56 56 11 D5 8B 17 2A 5C 38 E8 98 5F 34 B2 66 04 8D CA BB C7 41 25 80 16 98 F4 41 23 4E C4 61 97 43 6F 9B 45 C5 40 71 FE B7 41 6B 70 A8 19 00 61 DE 1F 66 D1 E8 47 A8 DA 3E 03 E6 73 F6 BC 40 52 CD 9B 5D 7B E5 FE DB E5 E4 7F 22 4F 5B 1C 89 07 2D 41 3E 78 24 A0 99 8D F1 C1 3F 2D 1B BA 9F A0 01 E3 B6 71 73 D1 48 87 D1 C8 CA 87 E4 2B AE 2F FA 14 E5 71 73 D1 C3 43 29 8A D6 27 26 DC E0 22 16 D3 41 8A 07 65 67 64 2B 01 D2 AB 05 FF A6 24 6A 1B F0 56 27 78 D0 6E DA D7 51 C7 57 D1 9D 3A 23 41 95 21 45 88 44 44 F3 F1 C9 8C 3E CC 82 E2 C1 C4 13 68 73 23 0D 60 D7 5E B8 F5 86 C8 9A 6D C3 0C 2F B1 96 51 2E 4A 7C EA 60 C0 64 82 04 79 0D EB 2B 79 33 64 EE 28 AB 51 CF 97 46 99 CF AF B9 7C 98 57 F9 42 31 F2 F4 A6 2A F9 C0 AA 2D A1 78 DB A1 44 46 B6 80 94 1D 58 7F D8 54 7C 6A 83 25 64 46 BA 01 A9 7D [Binary data over 200 bytes]
:Files
C:\Users\lizlisa\AppData\Roaming\360safe
C:\Users\lizlisa\Desktop\SAS_246B38B4.EXE
C:\Program Files (x86)\Trend Micro
C:\ProgramData\SUPERSetup
C:\SoftMgr
C:\windows\SysNative\drivers\BAPIDRV64.SYS
C:\Program Files\360
C:\windows\SysNative\drivers\360FsFlt.sys
C:\360SANDBOX
C:\windows\SysNative\drivers\360Box64.sys
C:\windows\SysNative\drivers\360AntiHacker64.sys
C:\windows\SysNative\drivers\360Camera64.sys
C:\ProgramData\AVAST Software
C:\Program Files\Trend Micro
C:\Users\lizlisa\Desktop\SAS_246B38B4.EXE
C:\Users\lizlisa\funshion.ini
C:\Users\lizlisa\Desktop\Default_EXE.reg
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Users\lizlisa\funshion.ini
C:\windows\SysWow64\funshion.ini
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
:OTL
PRC - [2013/12/07 12:12:22 | 004,255,368 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe
PRC - [2013/12/07 12:12:22 | 003,266,184 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe
PRC - [2013/12/07 12:12:22 | 000,766,088 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe
PRC - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe
MOD - [2013/12/07 12:12:22 | 000,766,088 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe
SRV:64bit: - [2013/09/23 10:31:24 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
DRV:64bit: - [2013/12/17 11:54:46 | 000,285,880 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360FsFlt.sys -- (360FsFlt)
DRV:64bit: - [2013/12/02 19:58:18 | 000,179,896 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV)
DRV:64bit: - [2013/10/25 12:04:48 | 000,096,960 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker)
DRV:64bit: - [2013/10/14 17:25:18 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64)
DRV:64bit: - [2013/07/11 12:43:58 | 000,040,120 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360Camera64.sys -- (360Camera)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll File not found
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: QvodShareModule (Enabled) = C:\Program Files (x86)\QvodPlayer\npShareModule.dll
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\63223: 301548880 = 50 4B 03 04 D9 79 98 5E 50 45 F9 11 4D 07 00 00 00 30 00 00 01 24 24 43 B9 01 44 3B 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 5C 4D 4D 56 D2 07 DF 37 BB B8 AC 50 04 31 CC 92 84 68 45 42 CE 6A 01 12 EB 7D EF 9A 03 2A 4A 71 66 4F 0D 09 66 61 69 A4 CE 88 32 40 8C 8A 29 EC D9 C0 49 32 40 F8 BD E1 55 D3 05 6C 8C 6D AE 96 F5 5F 7B 71 D9 8D CE 19 0A C3 8C F2 42 20 CB EF 0F 60 2F 2D 72 FA 90 72 9C 5D 65 77 2C 31 6A B4 3F 0C 11 1B 23 08 5D 65 CC 18 C2 69 4B 1E 18 30 56 0B AF DE 60 7C CF DF 12 D4 ED FF 92 33 07 D7 3C B5 A4 D2 63 7C 78 4F 48 BB 32 82 EE E1 E2 F8 D1 46 5B A3 EF 5F F7 F0 DB D3 A5 EE E4 FD 2E 2B DC 0C 58 2D 11 45 B1 6B F1 7E AB 1F 0B E7 33 40 F5 73 30 0E DB BE 01 91 5A 4A D5 E3 54 82 C1 56 F8 31 29 21 1B 92 3A 32 79 9E 40 92 9B 34 4D 25 A6 4F 99 E0 EE FB 78 7A 63 7E F1 EE C5 E0 D1 B4 61 65 C2 06 E3 1A 2F AB 46 D4 39 68 87 28 9A DE 1C 37 4F 4B D6 2B C9 1B B3 E1 5B 57 2E F1 24 08 3D F1 93 A3 75 D0 0F E4 2B BE ED 4C 02 37 70 05 BA 3C C6 09 54 6F 2D 11 5E FF 68 C8 43 62 A2 78 45 CE 9D 1D C3 BE 54 A0 2C CC C6 64 89 BD D3 1E DC EF F1 06 B3 64 D5 C3 1C 13 88 EA 51 78 AD 33 4C 90 52 B0 C0 26 6F 7D 5E C0 A0 9A A5 DC 1A 2C C9 58 DB 84 71 2F 6E 0B 8C C0 61 8E AE D1 03 BC 6A 62 EB AC 4E 3E DA B6 2E 50 0F B6 B7 E8 21 63 16 FE 88 F7 24 66 FE EB F8 9D 4C 7B F6 65 04 72 EC A6 58 67 DB BA E6 EC 7A 35 4A FE 42 66 06 6C 3D 00 28 C9 AB E7 8C F5 4A 91 0E 7C A5 F1 DB 90 36 A6 9B 1C 8D 22 F6 B6 36 69 44 6D F6 95 83 61 81 B1 6E 78 83 30 DB 09 8D 3A 95 80 47 9B 9B 03 73 E3 B9 3B 70 3D 25 43 0B 50 63 C5 72 74 6C 78 01 7F 96 CD 51 2A A9 FF 95 DB D7 70 2A 58 88 74 21 AC C4 7F B0 93 11 74 8E C5 B5 80 8F 89 BD 26 5B D0 85 EE 71 72 AD 51 42 30 12 90 72 F0 0F C3 2D 8C AA 50 FD 3A E9 CB F3 79 BB B1 77 3C E1 5E 53 BB 5B 62 AC 70 DD 5A 75 A0 FC E2 1E 95 67 ED C0 C8 1F 58 17 8B BE B2 5C 6F 29 D7 F5 6D F4 E2 2B 25 53 69 14 7A 2B BB D2 DC 3C D0 5D 0D 66 FD 90 A6 B4 D2 AE 3A 14 81 EC 3B 50 CC FE FC AD 18 02 D6 D4 66 90 97 15 36 23 1A 5A 26 92 F5 55 B5 66 A2 0C 27 2C 5D 3F 1C 38 7E 5A 2F 92 29 14 C0 F0 7E 48 A1 26 18 35 10 C6 24 F2 05 1D 38 BC 11 6D 8A 92 FC B3 AC 8C 39 12 66 6F 65 69 58 90 F7 BA 22 A2 13 B0 44 6D CE E1 CE AE 55 EE AF B9 04 0D 6E 2C 8D B3 33 7B A5 E6 39 ED 60 17 D9 57 5E C0 BA A3 CF 0E A0 89 98 BF CA 97 D6 1C 59 75 22 05 57 BF 3F 23 83 EA EA EF E9 98 A8 6B C2 57 21 09 BE 92 E4 32 AA D0 13 5E 56 54 AB 4E 0C F7 AE 5C 33 DA 2D 96 77 1A 67 BD AF CE D8 03 3D 0A 34 C4 AB 78 75 D7 DC 50 CB E0 A6 B9 C5 83 90 05 F2 34 7F BE FF 47 3A 1A CE 2F 58 70 DE 1C DB 0A F5 31 91 A1 6A 70 44 92 96 B1 40 6E 83 2F C7 6C CE 95 B9 AD 1E 98 8E 89 E1 A1 EC 6B C6 46 31 14 F6 01 02 9D 48 39 8B 3B DC 89 4F C5 DF 88 F1 BA B8 0F 60 4D 8E 1B 5E FD 50 25 42 9C 72 7B 44 13 9E 90 F5 7C 67 43 EF 3E DD 6F DD AD 6E CD 7C E2 93 EB 49 B4 FF F1 76 D9 97 0A D3 29 DC DD C8 78 02 75 78 34 F8 FF 5F C5 33 07 56 4E 14 A8 CD AB 13 6B 17 96 BB 93 E9 39 5A CE DF 93 FE DC 8F 2D 90 36 DF FA 5F 3E 37 CA CA E8 08 BD D1 DF C9 BC 3B FC 42 44 9A 3E F7 A0 BE 0C AF 79 6C A8 DD A8 3E 24 46 BF E9 F3 0E E9 92 27 33 BA 9E C5 E4 45 26 5B 25 27 05 BD 12 32 92 90 1B 77 61 A1 6A 99 3C 97 D3 F6 32 87 20 2A 55 38 97 93 5B CE 51 C8 D2 C4 03 01 22 27 81 33 A1 DA 82 7A 55 B8 65 27 CC ED 19 77 44 8F FC 50 B3 9F 55 90 59 85 37 94 C1 CC 27 E6 2D E8 F2 36 60 E7 8C 80 05 F2 44 7A 16 08 4D EC 60 61 92 E8 12 BF 6E 6B 83 B7 BC FA 2D 8A A1 DF 0C 9B D2 44 9A B4 C0 04 F0 F8 E9 17 11 7D A0 E1 79 A8 65 19 AE E8 5D DB 63 FE 9F 7D B0 AD C7 DB D0 01 27 D0 F3 B5 73 14 8A 8F 90 5E FB A2 83 49 47 4E 14 5E 34 19 83 4F D0 FE 40 82 D6 4F 53 64 67 98 85 AF AF 6A EB 41 0A D2 70 86 05 EC D0 EE 4F 29 06 39 FE EF 7F D2 C4 32 4C 64 44 0D 4D 44 5D 1E 71 86 88 13 3F D9 B9 55 03 DD EE BE 66 95 9C A7 BA 0D D1 E3 0C C8 1A 40 03 C0 C5 68 FF 15 26 B5 EF C8 60 B6 3D 82 3F B1 40 96 D2 64 26 5D FB 45 24 CF AA 1F 32 2C E9 1A 26 2E D4 19 1D 8A 86 82 11 3D D4 DA 1F 0B 2A 6D 38 31 8D BB 99 5F 40 C5 00 7E 85 06 39 F3 A9 1F D5 EF 3D A3 6E DA DA 0B 6A CE 04 97 21 10 2E F3 46 AC 5D 6E FF C6 8B A7 E6 24 B7 C0 C7 2C D1 3A EC 69 2C 7D 18 50 0F E4 22 D4 AA E5 CF D5 6B 24 B5 F8 E3 48 D1 91 15 02 DC 1E 90 83 21 FB AB 2C 86 50 21 37 8A 7A B6 ED 07 45 A0 A6 FA 66 24 8B 55 76 58 71 12 50 3D 22 B6 87 4B 49 68 5F D8 3D BA 67 F4 A1 F9 F0 76 EB 99 AC 1F 8D 14 2D 7A D5 03 03 AD 48 03 E6 4B DC DA C2 D1 C6 0A F1 A7 C6 35 1F 9F 4C A5 EB AB 97 D6 EE 2B E9 8E 48 2E 54 97 E4 CB 94 02 E1 BB 0B D1 1B 87 84 39 30 E4 9B 72 E2 32 AF 8D C8 CC 93 67 C8 00 94 72 68 BF 66 7D A4 81 85 22 1C 31 BC CE AD 02 F0 83 7A 40 C9 EF 82 B5 BB 60 27 F6 7F 17 0B 71 41 E1 A4 66 A3 CE BB E3 6C BC 08 11 02 A0 58 97 BC 4B 0B EF 18 B2 77 34 36 D9 0B 4B 98 12 56 4F DE 22 36 1B B5 3C CB 41 ED 05 A4 86 AE B1 14 34 7A 85 4F 19 04 BB A0 D7 DD EA 22 76 55 D1 18 4B BB 78 9B 56 56 11 D5 8B 17 2A 5C 38 E8 98 5F 34 B2 66 04 8D CA BB C7 41 25 80 16 98 F4 41 23 4E C4 61 97 43 6F 9B 45 C5 40 71 FE B7 41 6B 70 A8 19 00 61 DE 1F 66 D1 E8 47 A8 DA 3E 03 E6 73 F6 BC 40 52 CD 9B 5D 7B E5 FE DB E5 E4 7F 22 4F 5B 1C 89 07 2D 41 3E 78 24 A0 99 8D F1 C1 3F 2D 1B BA 9F A0 01 E3 B6 71 73 D1 48 87 D1 C8 CA 87 E4 2B AE 2F FA 14 E5 71 73 D1 C3 43 29 8A D6 27 26 DC E0 22 16 D3 41 8A 07 65 67 64 2B 01 D2 AB 05 FF A6 24 6A 1B F0 56 27 78 D0 6E DA D7 51 C7 57 D1 9D 3A 23 41 95 21 45 88 44 44 F3 F1 C9 8C 3E CC 82 E2 C1 C4 13 68 73 23 0D 60 D7 5E B8 F5 86 C8 9A 6D C3 0C 2F B1 96 51 2E 4A 7C EA 60 C0 64 82 04 79 0D EB 2B 79 33 64 EE 28 AB 51 CF 97 46 99 CF AF B9 7C 98 57 F9 42 31 F2 F4 A6 2A F9 C0 AA 2D A1 78 DB A1 44 46 B6 80 94 1D 58 7F D8 54 7C 6A 83 25 64 46 BA 01 A9 7D [Binary data over 200 bytes]
:Files
C:\Users\lizlisa\AppData\Roaming\360safe
C:\Users\lizlisa\Desktop\SAS_246B38B4.EXE
C:\Program Files (x86)\Trend Micro
C:\ProgramData\SUPERSetup
C:\SoftMgr
C:\windows\SysNative\drivers\BAPIDRV64.SYS
C:\Program Files\360
C:\windows\SysNative\drivers\360FsFlt.sys
C:\360SANDBOX
C:\windows\SysNative\drivers\360Box64.sys
C:\windows\SysNative\drivers\360AntiHacker64.sys
C:\windows\SysNative\drivers\360Camera64.sys
C:\ProgramData\AVAST Software
C:\Program Files\Trend Micro
C:\Users\lizlisa\Desktop\SAS_246B38B4.EXE
C:\Users\lizlisa\funshion.ini
C:\Users\lizlisa\Desktop\Default_EXE.reg
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Users\lizlisa\funshion.ini
C:\windows\SysWow64\funshion.ini
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
作者: SILVESTERABEND 发布时间: 2014-03-23
finished
102202014_004908.txt (26.3 KB)
102202014_004908.txt (26.3 KB)
2014-2-21 11:54 PM, 下载次数: 4
作者: 爱猫一族 发布时间: 2014-03-23
1. 同样开机按F8入安全模式执行OTL run fix。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
3. 完成上述run fix后,请重新再做新1份OTL.txt扫瞄报告贴上。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
引用:
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\63223: 85703904 = 50 4B 03 04 C2 3B E6 A8 E0 BC 1B 05 D3 11 00 00 00 40 00 00 01 86 9E 70 7A 57 11 6D 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 5C 06 B6 1A D1 03 DF 1B 14 35 83 50 04 31 CC 19 B0 68 45 42 CE 6A DB 27 EB 7D E7 9A 13 C5 94 C1 43 99 20 09 66 D9 71 77 63 EB 32 B5 F1 CF 17 C0 9F 2E 14 92 9D C0 7F CA 08 3F F1 21 08 99 36 58 1D 95 50 FE 42 93 4E DD EF DB F6 5C 3D 1B 55 9D E6 C5 D6 20 1A 6A 64 D6 62 5F 6C 9D 4B 73 77 B2 FB C8 FE B4 41 6B 56 07 7D E5 D2 FA 5C 1C F1 5B EA C2 36 3A 44 A0 7C 5E F2 8E EB 44 03 08 9D 82 BE 9E 24 36 54 64 98 82 B2 F9 C4 24 CE 8B CB EE A6 12 46 16 57 4F 69 88 45 7B BD 48 D5 87 19 12 6E 8C E2 AE D5 43 7D 7A 80 82 5E E0 2C 7D 32 C5 D1 C6 B1 5E DE 34 A3 DC EF B4 E4 01 22 04 11 DB BA D0 DA C8 0E 98 49 4A A0 07 6B 73 6E 95 D6 6B 85 E7 89 90 25 4B 51 8A 76 7B 5F EE A4 0F 17 C3 74 66 7A 60 52 6E B9 61 82 56 B5 6D 05 99 FA 78 66 D4 F2 48 80 DA 06 3A 39 BF 32 F4 6B 95 5F 1E 84 80 32 05 08 12 B2 EA 05 C9 01 6F 26 1C 96 55 50 F2 77 A4 AE BA E2 56 AF 98 11 A8 7E 62 FA 4F 85 7A 6D 01 26 A9 92 CB 8E 72 68 3E F0 E5 AC 90 12 01 AE A2 14 61 79 9F 72 7C FA A3 1B 48 94 D1 25 C6 3B C8 E9 1E 24 D8 59 E9 63 AB E7 AE CB 4D 78 95 AB 1E B2 00 1F 7C 48 D0 90 19 6A 60 AA 64 6B A4 21 8C D8 37 4C 37 26 2D 28 CA BC 6C AD EE EF 1C 4B E9 3C 6D 59 17 56 50 09 1B 24 F6 BD 88 F2 4E EC 60 4A 76 93 D9 F8 A0 0D 2B A5 74 0B 87 36 BA 27 26 00 AA C1 55 18 F9 1D 97 A1 46 7A AB 44 A8 33 D0 4B 34 C3 C3 4F 4D 6E 27 B5 C4 2B E3 1F 4E 36 F5 8A F0 27 FA 9C 21 67 4E BE 6E DB D4 71 FC 80 DE FD 34 88 6A EB A4 E1 B1 B7 10 D2 68 B1 B0 E9 D4 AB 7F 70 F7 D5 F9 CD 78 7B 00 78 AF 12 F4 BB 09 1D 10 4B 43 AE 23 4E C2 83 AB 4E 5B 01 7F E2 6C 0E CF 37 DF BB CF 56 89 3C A9 88 D2 4A D6 02 02 11 75 82 9E E5 15 5C 22 B5 EB 32 3C 16 6F C7 DC 8F 2A B1 5C 8D F4 CF D6 B1 B8 8C 19 D4 0E 2A 5B A7 54 07 EC B6 4A E1 A3 D9 C4 90 CC 92 B4 03 0D B4 67 E1 D1 10 1C F3 9D C0 F6 A4 DB 0D CB EB 18 97 B7 2B 07 B3 1B DC 80 5D 17 39 AE 8E 46 8D D6 3F B7 B4 55 FD 7D 62 82 D3 B0 65 E0 4B 99 F4 CB 22 BE 6B 30 54 0B 4B 65 49 F2 DE E1 B3 40 EB 8E AB F1 DB F4 F1 2D 7F D0 66 81 8C EF B0 62 5D CB 97 E3 99 B1 FB FA 25 C1 D2 D4 0B 77 E0 69 CD DC C0 C6 0B FE 7C E6 F6 B4 E4 6B 71 16 25 B9 26 C7 33 D0 AB 5E BF D9 B5 9C A2 FB 34 7B BA A9 27 6E DF 05 6F 8B 8B 1C 40 19 54 3E 11 EB 50 73 9E 3D B3 57 46 15 E7 B7 8A 31 74 F3 7E CA 23 AD FD BE 78 B9 4E 9F 8B 03 13 1F 14 C3 C6 55 4E 42 2D 6B CB C1 3E C3 65 86 56 13 D5 23 45 B0 1C AA F0 EC AD 9F 5C D2 B8 37 4C C0 38 B6 89 73 18 35 5B 39 02 AE 9A B4 B6 31 CF 26 DA 0F 0E 4B F9 9A DE FC 84 20 42 B5 CF BC DE E3 4B 70 63 36 71 13 28 17 4A D6 5F 8E 67 6E 9E 5B C4 2E ED 87 1D E0 7A 69 B1 59 BB B4 F5 BB CE D6 9D DD 24 91 38 0F F4 E9 7A 85 0F 7A 3E 24 8A 4E 9B 13 26 D5 BD 3A 2B DF 42 B0 11 47 E8 ED FA 55 98 B6 82 6C A5 4A 5A D4 90 27 B3 8F 39 F1 CE D9 F8 AC A6 04 8A 48 76 45 0F B6 88 1A 87 B0 71 E2 DA 47 F7 62 8B 80 44 1C B4 71 FD C3 2F 81 62 30 D2 35 EE 26 CE 8C 00 22 4B 0C A1 45 19 5D 06 94 E8 8A 79 58 E1 23 88 59 C4 D5 92 96 38 33 65 07 08 D8 CD DF 0A 8B 49 E1 9F AB 2A 57 75 34 73 C8 3E 58 96 63 0C AA AF 9D D0 05 C2 96 80 34 70 9C 3F 61 98 3B 45 B6 98 D5 EE 27 6E 83 1E 74 19 B4 63 03 47 E9 29 4F E8 A8 3D C0 4F 67 23 D4 43 DE DA E0 7B A2 FB EA E9 36 6E 08 F1 BC 5E BF 5F 5F F8 7C 31 E9 3D FE EB 4A BC 1E A4 94 82 38 B4 70 EE 45 8F 72 F0 6B AC B0 15 97 30 82 2D 89 8D 30 9A 0F 36 BA DD 14 44 5E D1 D3 F2 56 C0 65 36 A0 9B B0 C3 4C C0 A7 1C 36 C5 23 C5 FB 52 70 5F A5 70 4C 44 DD C1 B9 A9 DB 7C 18 6E B8 9C AA DD 22 64 CE 91 C9 1B B9 6C 56 15 81 42 2E 7E 61 28 C1 48 07 F3 7D E1 E9 E0 D3 D6 49 EA 28 0D 3F F7 43 62 F0 77 D1 DC 9E 35 AB 2D 00 E9 55 36 04 E3 FA E0 05 27 DC 9F 3D E9 F4 27 D5 4E D1 9B E2 E1 BC A3 A1 70 61 FD DB 6F E9 66 CC C6 B8 1A 8D 80 14 85 5C 88 1F 77 D1 3C 62 DE E9 25 08 08 B6 DB 2B 12 F1 2B D0 2B DF 4A C3 8D 28 0D 13 B5 99 CE E4 BC 6A BC 3A 35 7F EC 95 81 57 92 20 74 19 6E 0F C6 CC B9 6E 34 AF 52 7F E9 20 2D 4D 08 18 79 69 6B 79 09 48 DB 88 5C 8B 01 9F DC F9 A4 83 0F F6 85 74 B5 1D 8F B3 7E 2D 6C 13 30 9B 7B 20 A6 99 87 49 39 2F 76 86 7C 07 F5 F5 58 8B 95 13 A7 5C B0 FF B1 4C 93 87 E0 BD 47 38 8F 48 EF 0E 3B 3B 3B C8 57 8F 07 24 62 88 AD 54 F6 9A FC A8 4E 13 78 B1 6D 91 51 AD FC EC 7E C1 CF 47 9D 9A 89 51 DB AB F8 CF 57 14 D7 5D 76 97 9B AA FD A0 1A B8 3B 1A E0 A9 8B ED 57 02 E3 68 52 43 08 37 C8 A8 96 9E CD FF 27 A4 E2 16 EA BB 87 44 E3 FD A9 4B 05 42 94 B9 64 26 2A AF 96 29 89 79 B0 BD 5A 41 02 0F 0F 64 B6 91 2C 76 B1 BF 8A A5 51 2C 1E 1E A9 99 AC A5 29 90 B4 D3 CF 5A 92 DB 5D 97 AC 77 CD 1C 1A A5 AB C1 4F 22 A0 19 2F E1 AF 18 D2 52 2E F9 A4 D4 B7 97 B9 79 60 D5 EE 3C B3 61 19 18 4A A7 CA 38 C5 A6 FF F2 17 22 39 ED 59 BE 00 29 21 BC E3 9D 48 04 15 54 EA 6E 9C 5B 44 30 3E E4 1D 69 F4 36 A9 D8 29 24 FF B9 0E A3 CE 03 E8 EA 27 3F 19 BE C8 7D 59 4D 67 81 21 29 A4 38 68 0E A6 3F E1 B5 F9 40 E8 B7 A5 38 C7 11 4D 51 EA A2 D4 05 F4 47 25 C5 CB E2 AB A5 CA 14 74 C1 DA 54 49 B4 6B DF 7A DB AB 3E 6D EE 6F 0C 08 5E F0 1D 24 AF 8C 22 46 1E E2 CF 13 2A C3 FE 5D 86 34 84 3F 10 16 40 4F 72 B4 39 96 2F 27 64 CD 43 C3 BE FA C4 45 42 69 8B 18 37 A1 36 75 E3 FC 7C A6 70 99 C2 DB FE 7C 95 1B 98 3D 41 99 B0 88 B4 08 69 64 4C 56 CF 4B 79 AB 57 75 FE EA D3 73 78 35 FA F0 07 20 8C 23 44 E3 7F 01 E7 89 B5 B8 75 65 8F 63 F6 CE 9A D1 68 0A 64 29 33 CB 4B C8 B7 52 31 26 1E 8E 39 4D 2E E2 2B CC F6 CF 42 0A 3F 05 A5 AD 0F F1 67 B4 A1 79 9C 81 DD 2C CC B0 47 8E 32 B3 35 12 09 D1 22 26 F7 9F BF F4 11 B3 B9 44 F1 24 99 21 AC D1 0E 14 17 B2 C3 74 99 FB CD C2 07 4D A5 F0 4E 97 4F 50 8B E3 40 C2 D0 28 2A DC E7 8C AE 4E 0B 2C 4D 15 AB 32 28 6C 22 5A 8A 5C D5 31 AC B7 F2 2F D8 85 07 D1 25 51 13 FC A5 88 11 56 1C 9B 53 BF 6D 42 7D EB 52 8F EB C5 0C A2 E7 0E F3 AF EC E6 C4 74 9E 92 24 EA 1E 39 92 81 40 21 F2 BD A7 D9 0B 24 56 C5 FF 7B E4 C6 B7 E7 4E 8D 21 42 49 60 E3 B2 61 9E E6 DD DB 07 B2 E1 DE 76 D0 76 A2 62 DD 92 92 7F 3A 2E F8 9E 9A 26 35 F9 34 9C 95 BB 8F 95 A9 37 9A 34 43 92 9B FF 04 D9 C7 2D 83 A0 BF 68 B6 98 38 80 CE 4D 52 AE 78 8A B1 45 1B C9 91 38 C0 DE 97 1E 1F D4 27 97 52 C7 F3 26 1C 50 A4 68 8F 8C 68 6F 1F E7 B0 F2 20 36 23 B5 26 F3 D4 DF 6C 85 5B B0 AA 0C EE 8B 6D 7B E7 71 1B 41 08 06 17 28 FE CB 03 EB FC F8 09 91 DB A2 34 F2 9A CE A4 E3 A9 99 27 5C 8F 88 FB 27 CA 21 0C 66 58 19 30 97 E8 89 FD 2C 86 76 89 12 0E 8A 16 08 46 C9 1F 54 D4 29 4B 54 0D 1E 05 E4 30 C6 25 31 E8 CF E0 3E 45 74 58 6F C7 5D 9C E5 72 E2 D0 DD 05 50 19 75 2B 7A F7 43 8A 01 83 AE 60 FB 05 CB C7 D2 13 70 FE B0 3F C3 A1 AE 72 E1 89 84 2E 1D 4B 75 5B AA 71 9E FB 09 D1 C9 20 DE 77 F2 D5 98 31 4E 09 5D 69 80 0F EE DB 0C 84 07 A7 61 95 21 18 2E AC 39 AC AE B1 29 71 51 4C 63 58 39 A8 8C 4B 9F DE 44 AC A5 40 39 C4 22 9F 34 0C BC 03 39 0A D9 33 1B 17 6B 18 31 A7 C2 61 80 47 7A 4A 87 13 3A 66 87 C9 B8 81 5E C2 CC 6C F0 1F DA 72 22 11 FE 60 E8 36 E8 43 7F BE 79 1F 7D 09 09 38 E1 BA 9D 80 AD 5D 86 FF 8A 06 2A FF F3 8C D3 A4 62 9B B5 E1 FF 3F B9 A0 97 C3 5D 0E B6 38 00 05 5F E4 10 2C 8C C0 76 18 30 D5 01 85 37 6B F6 39 D9 F1 30 32 21 0D A0 57 95 57 30 07 FD 73 D8 FA FC 2B 89 77 F6 21 CB A5 57 6D A2 70 69 74 EA 4B 7D DC F2 C5 D4 60 1D AC 06 67 59 95 48 DA AA 94 0D 0A 44 3B 0E BF AF 01 4F 85 ED 9A 70 B6 31 3C 4D 50 09 2D D4 C4 D9 42 2C 68 6F F8 00 D2 73 FE EB 97 B6 69 CC F0 77 50 42 73 01 75 59 2C F8 C1 4F A4 2E 47 07 3C 56 A7 6D 66 02 38 0F BB 51 89 BB E5 B0 89 0A F5 79 08 BB 2B E1 23 AF D3 CA 18 60 40 63 85 35 55 E0 66 F3 51 F1 E1 30 73 20 56 E6 A4 89 BD 2A 56 FB 82 83 B1 0F FD E0 26 21 3C 8B 20 5F 19 C9 6A C4 21 E3 A2 97 02 9D 7F E1 84 DA 10 4E 2F E0 65 21 60 B7 E5 B6 B9 8F 96 34 48 16 47 13 20 24 9B 38 46 89 2A 70 29 C7 FE 8A C0 22 F9 12 E9 51 92 89 8D 78 9C D6 FB 32 E9 F3 31 31 BD 70 2D EC 14 B1 E2 4F 18 51 9B 84 1F 9C 8B 48 69 73 23 97 EC CE 44 AB FF 81 A5 10 98 77 8F C1 2C F1 B7 76 FC D3 FC B4 B9 D3 83 95 CD 3B 8F 21 C3 67 0D 60 89 54 3C E6 9F 77 05 E7 2F 22 9F AD 89 FC ED EF A6 21 F6 D8 5B 1E 43 DB F1 96 B1 0D 06 77 6B 71 E8 23 C7 DA 21 CA CD F3 C2 8D 55 3B B1 72 3D 99 08 A4 86 06 6F 9E 3F 5B 51 0B 24 0E 9D 2B 99 BE 7C F3 22 E5 C8 FB CC CC 2A 97 48 0A FD 6F B9 65 22 55 94 A4 3A 2A BA C8 63 C8 A5 D2 35 BB DD 02 D4 D2 46 A7 D6 BC 86 75 4D E8 6E CA 0A B5 47 3B 0B E5 43 F0 00 15 FF 36 B6 9E F3 95 5D 18 C0 A9 A7 E6 E2 37 9E B8 6D 41 76 42 7C 14 36 14 15 33 67 07 66 38 4D 2D C3 BD CA 46 5A 62 7A B9 E4 3F 89 1C 13 49 59 59 98 DD 53 0D F0 79 62 40 36 F9 78 4C 20 FA 13 74 C5 9D FE 98 8F 5E 76 A7 76 D2 20 C4 84 E8 F4 C4 F9 3E BE 38 DD DD E4 81 A9 7D 68 CA 2B AA 6E 65 21 A8 F2 D3 66 FE D0 D5 6F F9 CF 47 62 C2 6C 57 8D 81 3C 13 9E F0 D8 08 2E 46 4C 13 61 9C A1 D2 2A 3F D0 5B B1 DE 5E 70 83 19 53 7B 04 E4 8C F5 DA 20 1A A4 05 D8 7F 9C D5 7E 81 79 A0 D2 F9 C7 80 C3 22 80 01 17 A6 8F A7 3B D1 86 B1 43 FB EE 75 33 1D 71 57 B5 BB BE 45 1A C9 B9 15 D7 02 D8 A2 2E CD AB 29 A5 69 08 C9 6B CA 5B 1E 84 7C 98 7B 3C E3 A9 B9 DE 35 77 27 59 72 7C 7E 36 3C 1B 98 4D 4A 70 B5 38 4D DA 42 B8 D9 85 E3 16 BD C7 F1 4F A5 DB D5 E5 60 AD E0 C7 D1 FB 83 47 B7 AF 2D 09 AC 15 1D AA 8C 5C DA 44 54 3B F4 2B 2A 8C 21 5F 05 01 4D 81 CC F8 2C 43 0E 42 9E 6B 52 E6 70 99 AA 59 B4 02 99 C4 87 37 83 28 19 1C E3 58 00 33 2F 5C ED 6C 1F 51 2F 64 F9 BE 5B 2E EA F7 D3 B5 A3 EF 84 DB BF EC 11 00 39 D8 A0 2D 6A F3 51 75 44 C3 01 5F 21 9C EE B6 AD 17 2B 4C 85 4E 50 AC 70 0D 3C 79 72 50 99 99 57 55 2B 17 CA 6D 25 6F EF 8A 89 5F 1A 7C F8 0D F0 39 42 85 1D 4B B2 58 5B ED 02 AE 9E FD B5 F2 63 A8 3D 53 C6 35 CC EA E2 27 96 84 9F 03 C9 C9 10 E1 D0 01 A6 6A 30 B0 11 9C 13 FD 66 04 7B C4 95 6E A8 FD 06 72 32 AC 7C 3E F4 1B 14 5A 21 63 80 33 8C 19 1A F9 AF 67 F0 CD 8C F5 77 DE AC 14 6F D0 9E 38 0A EC 5A E7 27 92 3D DE 34 60 DB 97 92 BA 53 41 00 CC 7C 4A 0D EE F9 5A 42 35 1A 20 8D D5 9C B3 0F 06 B3 28 9F DB D6 8E 66 8A 12 18 39 C8 5D A6 87 94 3C C7 CF 58 64 F1 3A C6 EB 0C D8 4F 12 1B F2 73 EB 69 26 03 67 5C 62 FB AE 9C F8 0D 7D 06 61 86 E2 AC 53 DB A2 CF 45 23 B9 BC 6C 15 A5 6C 6E 09 0B D3 C5 61 7C 3F 66 1F 7C 8B D1 59 3D E8 1B 98 7F 1E 7F D0 44 F1 41 59 CE 5E 0A 31 E8 B8 D4 C1 15 EF 26 20 A1 A7 07 1C 73 5B 85 6E EF C3 63 93 DE 13 2D 03 EF A9 A9 1F 39 5E 15 B7 D6 2A 65 8B D9 64 9F 44 99 85 C9 DA 3B 2B 87 12 66 BD 95 2C 0A 48 84 64 95 EC 8E F9 0E 3D 83 0C 46 EF A3 7C 8C F1 26 55 1C 25 D8 15 07 56 D0 95 A9 66 A5 A5 10 0C 9B A5 7D 68 BB 0B E6 C5 03 E8 4F 68 11 CF 55 79 01 CC 54 D2 9F 40 8B F1 52 D4 B6 87 64 01 8D AF 63 6F E9 2B A0 8E 07 3C 55 CB 5A 7D DA 56 4B B2 3C 32 2E 71 D3 C7 70 B3 4A 4E 8F 71 5F 65 45 C3 1A 86 63 B0 F9 30 97 BB 07 C0 FA 2E AE 76 F2 9D AB 4E 01 C7 97 8E 1B 33 6D 75 A3 D0 F2 A6 51 AE E7 9D FE 14 8C C3 C7 87 41 29 67 1D 85 9F D3 7C 0E 83 66 CA D8 D6 23 98 C5 C3 CE C8 A3 C7 D4 4B 0E AC D0 8C 53 06 3D F2 B3 6A 2F 29 4B CC F0 7C 04 9A 69 68 2A 70 24 4A 77 A8 06 16 B7 53 32 E2 2F 92 40 4C 35 3F 8E AD 76 54 E6 59 B8 00 28 35 10 01 2F F3 F9 16 02 AC 71 0D A3 CC 88 FC E7 39 06 1C 1A 08 D6 6A EE 30 79 4F BB 4D 1E AA 14 9A 7B 03 34 A0 8A 92 81 F3 38 12 E6 7E 7B 3B 65 CE 9F 6F AF B5 88 B2 AE D6 BC 68 55 66 1B 89 42 DD 2D FF 34 83 F8 51 A5 CD D6 BB E4 59 6F C2 59 CD 4E E8 F8 7E DC 7D 64 28 62 BD C6 77 B3 88 A5 B4 9A DB E9 78 E2 6A 1B 84 91 5C 24 B2 0D 6D 0E 95 55 6D F1 80 9B 7C 80 B4 7A FE 01 EB E4 AF 22 D1 E8 5B 54 93 46 5F 52 B1 D7 22 D2 EE 1C 3D F7 92 D7 12 6A 12 E8 1A C8 0D 72 30 59 A2 0D BA D0 D7 5B 54 84 DB 88 C5 66 16 56 A3 32 2C 83 8C 82 E6 3E 29 47 BF 44 DC EF A5 06 58 DB 30 47 E4 99 24 B9 35 92 B3 76 0F 4A 63 7D 87 E8 13 C3 F6 63 22 A4 E4 6C D6 72 25 0F 04 2D E3 0B 83 47 5B 15 59 D5 FA 3C BE FE B5 B0 A7 23 62 74 AB E0 C0 0A FB 9F 97 71 F2 C9 A4 0F B5 2C B2 62 AD DF 3E E4 43 59 F2 D3 CA 54 9D 63 9E 12 49 75 1F D5 AB 02 79 59 F5 43 3F 19 3F 73 84 39 E4 98 B4 DB 13 6D 5F 92 C0 E6 A9 31 5D 00 D0 E4 BD C7 6E 74 0F 0D 33 C8 9B 8A E2 FD F3 33 F5 CB 7D 2F AA 36 14 F9 1B 42 0C CB D1 DC 03 23 60 C6 15 CA 07 FB A4 92 99 C4 08 9E 19 6A 13 FB D4 C4 D0 3F EA 1F DE 3E 68 50 1D C3 F8 32 89 8B 36 B3 57 9B 0F 29 D1 77 91 24 FA A5 82 29 3B 29 AD 36 C1 9B 57 40 EC 69 5B 1F 54 7D 2B 53 42 CC E9 B1 EB 4D A8 36 8A 1F 5B CF 6B 18 38 8D 4D 05 3B A8 C8 5C 6D 7F 84 7C A2 14 4F A5 69 DA 3F 77 36 BC 68 90 34 84 FB F8 FA 0D DA 8F E5 91 87 37 02 24 91 9A D7 BF A7 DA 9F 7F B7 5B 67 4C 6D AC 35 DB 90 A4 61 BD 07 7F E4 7E 38 8E 63 16 06 3A 33 11 AF 57 50 B2 AF 1D 93 D0 87 7F 25 26 63 9C 98 BA D7 89 E4 91 BF B0 29 30 83 F6 34 93 9B 55 71 C6 1D 6C 2A 29 A4 80 8A 9B 87 D5 A2 A2 91 0D A3 4E 74 4D 70 20 19 B0 A8 EF 73 3B 4D B6 A2 78 E5 E7 77 F8 80 D5 A0 D8 77 C8 39 91 31 EB D4 3F 41 1C BA 87 D4 B0 DA 49 66 C6 90 3C B4 7E 29 39 B1 BB 02 1E 42 2A 83 FB 97 2A 6D 87 B6 90 E6 13 EC BC 75 EA A3 27 68 42 B0 00 D3 84 3F 40 E0 20 87 A6 71 B3 F0 B5 0D 74 B4 65 0D D3 3F 0B 20 03 CC AE 50 62 98 F4 3F 2E AB B4 94 DE 54 1C 71 BE C8 7B 0C E0 FE 0D 18 C5 3C 80 20 C4 50 7B A6 D1 62 96 33 05 18 37 41 95 14 EB 61 9E 9E 60 9F 4D 68 57 95 30 C3 15 8F E0 BE 52 0A FF 20 71 91 BA A4 CD A5 67 84 20 79 12 BF B9 9C B2 76 D5 58 F2 9B 67 53 6B 9D 22 24 C1 D8 51 64 C3 46 8F D6 ED AC 47 1B 2B C7 A8 A1 58 A5 27 E7 79 9D 53 2A 47 06 90 6E B2 9F 43 92 F1 58 31 53 C0 E8 95 8A 0D 7A F6 9A 71 92 AE 26 BB 96 30 55 D9 B2 77 61 AE CC E9 08 23 82 C2 56 78 04 7D 2B 52 C2 FF 2C 16 ED 9F 61 EE 7B F9 20 7C 22 C8 B9 BD 16 42 89 85 69 F7 97 FD 1B C7 16 BC 98 7E B3 75 44 BD E6 7D 34 2F B3 A5 9C FE 70 B3 EC CA 87 DF D5 5F DD 24 AF 61 D9 F2 8B 86 94 F2 C3 9E 73 01 49 14 31 8D 2F 6F AC CA 91 5B A5 6E 78 19 A8 C8 9A 5C 7A 24 7C A8 E8 0E 81 90 CB 02 A4 01 9B CD DF D0 11 0F 57 5C AB EB 53 B1 56 29 1A 6F E5 F8 B6 60 4B 70 81 32 5E 3B E7 66 58 55 0E 86 9B CB 84 ED C5 18 9A 4B 0E 2D 22 22 05 8C FA 14 6B 4D AF 08 C6 39 00 81 8D 9A 9B EA E0 19 CB D0 CC C8 21 6F A7 0E 4D 3E 90 19 DB FE FD 49 E3 89 D6 3D 11 31 00 65 01 20 32 3B 22 0B 67 C9 C7 F3 38 AE 57 A9 59 9B DC EC 4D 03 B3 6D 66 E3 0A C4 32 92 ED C8 3B F2 F3 30 FF 1E [Binary data over 200 bytes]
O27:64bit: - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgcsrvx.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgidsagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgrsx.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgtray.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgwdsvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\Setup.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgidsagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgrsx.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgtray.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\Setup.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
2. 因为版区帖限字数问题,所以OTL run fix要分几次做。:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\63223: 85703904 = 50 4B 03 04 C2 3B E6 A8 E0 BC 1B 05 D3 11 00 00 00 40 00 00 01 86 9E 70 7A 57 11 6D 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 5C 06 B6 1A D1 03 DF 1B 14 35 83 50 04 31 CC 19 B0 68 45 42 CE 6A DB 27 EB 7D E7 9A 13 C5 94 C1 43 99 20 09 66 D9 71 77 63 EB 32 B5 F1 CF 17 C0 9F 2E 14 92 9D C0 7F CA 08 3F F1 21 08 99 36 58 1D 95 50 FE 42 93 4E DD EF DB F6 5C 3D 1B 55 9D E6 C5 D6 20 1A 6A 64 D6 62 5F 6C 9D 4B 73 77 B2 FB C8 FE B4 41 6B 56 07 7D E5 D2 FA 5C 1C F1 5B EA C2 36 3A 44 A0 7C 5E F2 8E EB 44 03 08 9D 82 BE 9E 24 36 54 64 98 82 B2 F9 C4 24 CE 8B CB EE A6 12 46 16 57 4F 69 88 45 7B BD 48 D5 87 19 12 6E 8C E2 AE D5 43 7D 7A 80 82 5E E0 2C 7D 32 C5 D1 C6 B1 5E DE 34 A3 DC EF B4 E4 01 22 04 11 DB BA D0 DA C8 0E 98 49 4A A0 07 6B 73 6E 95 D6 6B 85 E7 89 90 25 4B 51 8A 76 7B 5F EE A4 0F 17 C3 74 66 7A 60 52 6E B9 61 82 56 B5 6D 05 99 FA 78 66 D4 F2 48 80 DA 06 3A 39 BF 32 F4 6B 95 5F 1E 84 80 32 05 08 12 B2 EA 05 C9 01 6F 26 1C 96 55 50 F2 77 A4 AE BA E2 56 AF 98 11 A8 7E 62 FA 4F 85 7A 6D 01 26 A9 92 CB 8E 72 68 3E F0 E5 AC 90 12 01 AE A2 14 61 79 9F 72 7C FA A3 1B 48 94 D1 25 C6 3B C8 E9 1E 24 D8 59 E9 63 AB E7 AE CB 4D 78 95 AB 1E B2 00 1F 7C 48 D0 90 19 6A 60 AA 64 6B A4 21 8C D8 37 4C 37 26 2D 28 CA BC 6C AD EE EF 1C 4B E9 3C 6D 59 17 56 50 09 1B 24 F6 BD 88 F2 4E EC 60 4A 76 93 D9 F8 A0 0D 2B A5 74 0B 87 36 BA 27 26 00 AA C1 55 18 F9 1D 97 A1 46 7A AB 44 A8 33 D0 4B 34 C3 C3 4F 4D 6E 27 B5 C4 2B E3 1F 4E 36 F5 8A F0 27 FA 9C 21 67 4E BE 6E DB D4 71 FC 80 DE FD 34 88 6A EB A4 E1 B1 B7 10 D2 68 B1 B0 E9 D4 AB 7F 70 F7 D5 F9 CD 78 7B 00 78 AF 12 F4 BB 09 1D 10 4B 43 AE 23 4E C2 83 AB 4E 5B 01 7F E2 6C 0E CF 37 DF BB CF 56 89 3C A9 88 D2 4A D6 02 02 11 75 82 9E E5 15 5C 22 B5 EB 32 3C 16 6F C7 DC 8F 2A B1 5C 8D F4 CF D6 B1 B8 8C 19 D4 0E 2A 5B A7 54 07 EC B6 4A E1 A3 D9 C4 90 CC 92 B4 03 0D B4 67 E1 D1 10 1C F3 9D C0 F6 A4 DB 0D CB EB 18 97 B7 2B 07 B3 1B DC 80 5D 17 39 AE 8E 46 8D D6 3F B7 B4 55 FD 7D 62 82 D3 B0 65 E0 4B 99 F4 CB 22 BE 6B 30 54 0B 4B 65 49 F2 DE E1 B3 40 EB 8E AB F1 DB F4 F1 2D 7F D0 66 81 8C EF B0 62 5D CB 97 E3 99 B1 FB FA 25 C1 D2 D4 0B 77 E0 69 CD DC C0 C6 0B FE 7C E6 F6 B4 E4 6B 71 16 25 B9 26 C7 33 D0 AB 5E BF D9 B5 9C A2 FB 34 7B BA A9 27 6E DF 05 6F 8B 8B 1C 40 19 54 3E 11 EB 50 73 9E 3D B3 57 46 15 E7 B7 8A 31 74 F3 7E CA 23 AD FD BE 78 B9 4E 9F 8B 03 13 1F 14 C3 C6 55 4E 42 2D 6B CB C1 3E C3 65 86 56 13 D5 23 45 B0 1C AA F0 EC AD 9F 5C D2 B8 37 4C C0 38 B6 89 73 18 35 5B 39 02 AE 9A B4 B6 31 CF 26 DA 0F 0E 4B F9 9A DE FC 84 20 42 B5 CF BC DE E3 4B 70 63 36 71 13 28 17 4A D6 5F 8E 67 6E 9E 5B C4 2E ED 87 1D E0 7A 69 B1 59 BB B4 F5 BB CE D6 9D DD 24 91 38 0F F4 E9 7A 85 0F 7A 3E 24 8A 4E 9B 13 26 D5 BD 3A 2B DF 42 B0 11 47 E8 ED FA 55 98 B6 82 6C A5 4A 5A D4 90 27 B3 8F 39 F1 CE D9 F8 AC A6 04 8A 48 76 45 0F B6 88 1A 87 B0 71 E2 DA 47 F7 62 8B 80 44 1C B4 71 FD C3 2F 81 62 30 D2 35 EE 26 CE 8C 00 22 4B 0C A1 45 19 5D 06 94 E8 8A 79 58 E1 23 88 59 C4 D5 92 96 38 33 65 07 08 D8 CD DF 0A 8B 49 E1 9F AB 2A 57 75 34 73 C8 3E 58 96 63 0C AA AF 9D D0 05 C2 96 80 34 70 9C 3F 61 98 3B 45 B6 98 D5 EE 27 6E 83 1E 74 19 B4 63 03 47 E9 29 4F E8 A8 3D C0 4F 67 23 D4 43 DE DA E0 7B A2 FB EA E9 36 6E 08 F1 BC 5E BF 5F 5F F8 7C 31 E9 3D FE EB 4A BC 1E A4 94 82 38 B4 70 EE 45 8F 72 F0 6B AC B0 15 97 30 82 2D 89 8D 30 9A 0F 36 BA DD 14 44 5E D1 D3 F2 56 C0 65 36 A0 9B B0 C3 4C C0 A7 1C 36 C5 23 C5 FB 52 70 5F A5 70 4C 44 DD C1 B9 A9 DB 7C 18 6E B8 9C AA DD 22 64 CE 91 C9 1B B9 6C 56 15 81 42 2E 7E 61 28 C1 48 07 F3 7D E1 E9 E0 D3 D6 49 EA 28 0D 3F F7 43 62 F0 77 D1 DC 9E 35 AB 2D 00 E9 55 36 04 E3 FA E0 05 27 DC 9F 3D E9 F4 27 D5 4E D1 9B E2 E1 BC A3 A1 70 61 FD DB 6F E9 66 CC C6 B8 1A 8D 80 14 85 5C 88 1F 77 D1 3C 62 DE E9 25 08 08 B6 DB 2B 12 F1 2B D0 2B DF 4A C3 8D 28 0D 13 B5 99 CE E4 BC 6A BC 3A 35 7F EC 95 81 57 92 20 74 19 6E 0F C6 CC B9 6E 34 AF 52 7F E9 20 2D 4D 08 18 79 69 6B 79 09 48 DB 88 5C 8B 01 9F DC F9 A4 83 0F F6 85 74 B5 1D 8F B3 7E 2D 6C 13 30 9B 7B 20 A6 99 87 49 39 2F 76 86 7C 07 F5 F5 58 8B 95 13 A7 5C B0 FF B1 4C 93 87 E0 BD 47 38 8F 48 EF 0E 3B 3B 3B C8 57 8F 07 24 62 88 AD 54 F6 9A FC A8 4E 13 78 B1 6D 91 51 AD FC EC 7E C1 CF 47 9D 9A 89 51 DB AB F8 CF 57 14 D7 5D 76 97 9B AA FD A0 1A B8 3B 1A E0 A9 8B ED 57 02 E3 68 52 43 08 37 C8 A8 96 9E CD FF 27 A4 E2 16 EA BB 87 44 E3 FD A9 4B 05 42 94 B9 64 26 2A AF 96 29 89 79 B0 BD 5A 41 02 0F 0F 64 B6 91 2C 76 B1 BF 8A A5 51 2C 1E 1E A9 99 AC A5 29 90 B4 D3 CF 5A 92 DB 5D 97 AC 77 CD 1C 1A A5 AB C1 4F 22 A0 19 2F E1 AF 18 D2 52 2E F9 A4 D4 B7 97 B9 79 60 D5 EE 3C B3 61 19 18 4A A7 CA 38 C5 A6 FF F2 17 22 39 ED 59 BE 00 29 21 BC E3 9D 48 04 15 54 EA 6E 9C 5B 44 30 3E E4 1D 69 F4 36 A9 D8 29 24 FF B9 0E A3 CE 03 E8 EA 27 3F 19 BE C8 7D 59 4D 67 81 21 29 A4 38 68 0E A6 3F E1 B5 F9 40 E8 B7 A5 38 C7 11 4D 51 EA A2 D4 05 F4 47 25 C5 CB E2 AB A5 CA 14 74 C1 DA 54 49 B4 6B DF 7A DB AB 3E 6D EE 6F 0C 08 5E F0 1D 24 AF 8C 22 46 1E E2 CF 13 2A C3 FE 5D 86 34 84 3F 10 16 40 4F 72 B4 39 96 2F 27 64 CD 43 C3 BE FA C4 45 42 69 8B 18 37 A1 36 75 E3 FC 7C A6 70 99 C2 DB FE 7C 95 1B 98 3D 41 99 B0 88 B4 08 69 64 4C 56 CF 4B 79 AB 57 75 FE EA D3 73 78 35 FA F0 07 20 8C 23 44 E3 7F 01 E7 89 B5 B8 75 65 8F 63 F6 CE 9A D1 68 0A 64 29 33 CB 4B C8 B7 52 31 26 1E 8E 39 4D 2E E2 2B CC F6 CF 42 0A 3F 05 A5 AD 0F F1 67 B4 A1 79 9C 81 DD 2C CC B0 47 8E 32 B3 35 12 09 D1 22 26 F7 9F BF F4 11 B3 B9 44 F1 24 99 21 AC D1 0E 14 17 B2 C3 74 99 FB CD C2 07 4D A5 F0 4E 97 4F 50 8B E3 40 C2 D0 28 2A DC E7 8C AE 4E 0B 2C 4D 15 AB 32 28 6C 22 5A 8A 5C D5 31 AC B7 F2 2F D8 85 07 D1 25 51 13 FC A5 88 11 56 1C 9B 53 BF 6D 42 7D EB 52 8F EB C5 0C A2 E7 0E F3 AF EC E6 C4 74 9E 92 24 EA 1E 39 92 81 40 21 F2 BD A7 D9 0B 24 56 C5 FF 7B E4 C6 B7 E7 4E 8D 21 42 49 60 E3 B2 61 9E E6 DD DB 07 B2 E1 DE 76 D0 76 A2 62 DD 92 92 7F 3A 2E F8 9E 9A 26 35 F9 34 9C 95 BB 8F 95 A9 37 9A 34 43 92 9B FF 04 D9 C7 2D 83 A0 BF 68 B6 98 38 80 CE 4D 52 AE 78 8A B1 45 1B C9 91 38 C0 DE 97 1E 1F D4 27 97 52 C7 F3 26 1C 50 A4 68 8F 8C 68 6F 1F E7 B0 F2 20 36 23 B5 26 F3 D4 DF 6C 85 5B B0 AA 0C EE 8B 6D 7B E7 71 1B 41 08 06 17 28 FE CB 03 EB FC F8 09 91 DB A2 34 F2 9A CE A4 E3 A9 99 27 5C 8F 88 FB 27 CA 21 0C 66 58 19 30 97 E8 89 FD 2C 86 76 89 12 0E 8A 16 08 46 C9 1F 54 D4 29 4B 54 0D 1E 05 E4 30 C6 25 31 E8 CF E0 3E 45 74 58 6F C7 5D 9C E5 72 E2 D0 DD 05 50 19 75 2B 7A F7 43 8A 01 83 AE 60 FB 05 CB C7 D2 13 70 FE B0 3F C3 A1 AE 72 E1 89 84 2E 1D 4B 75 5B AA 71 9E FB 09 D1 C9 20 DE 77 F2 D5 98 31 4E 09 5D 69 80 0F EE DB 0C 84 07 A7 61 95 21 18 2E AC 39 AC AE B1 29 71 51 4C 63 58 39 A8 8C 4B 9F DE 44 AC A5 40 39 C4 22 9F 34 0C BC 03 39 0A D9 33 1B 17 6B 18 31 A7 C2 61 80 47 7A 4A 87 13 3A 66 87 C9 B8 81 5E C2 CC 6C F0 1F DA 72 22 11 FE 60 E8 36 E8 43 7F BE 79 1F 7D 09 09 38 E1 BA 9D 80 AD 5D 86 FF 8A 06 2A FF F3 8C D3 A4 62 9B B5 E1 FF 3F B9 A0 97 C3 5D 0E B6 38 00 05 5F E4 10 2C 8C C0 76 18 30 D5 01 85 37 6B F6 39 D9 F1 30 32 21 0D A0 57 95 57 30 07 FD 73 D8 FA FC 2B 89 77 F6 21 CB A5 57 6D A2 70 69 74 EA 4B 7D DC F2 C5 D4 60 1D AC 06 67 59 95 48 DA AA 94 0D 0A 44 3B 0E BF AF 01 4F 85 ED 9A 70 B6 31 3C 4D 50 09 2D D4 C4 D9 42 2C 68 6F F8 00 D2 73 FE EB 97 B6 69 CC F0 77 50 42 73 01 75 59 2C F8 C1 4F A4 2E 47 07 3C 56 A7 6D 66 02 38 0F BB 51 89 BB E5 B0 89 0A F5 79 08 BB 2B E1 23 AF D3 CA 18 60 40 63 85 35 55 E0 66 F3 51 F1 E1 30 73 20 56 E6 A4 89 BD 2A 56 FB 82 83 B1 0F FD E0 26 21 3C 8B 20 5F 19 C9 6A C4 21 E3 A2 97 02 9D 7F E1 84 DA 10 4E 2F E0 65 21 60 B7 E5 B6 B9 8F 96 34 48 16 47 13 20 24 9B 38 46 89 2A 70 29 C7 FE 8A C0 22 F9 12 E9 51 92 89 8D 78 9C D6 FB 32 E9 F3 31 31 BD 70 2D EC 14 B1 E2 4F 18 51 9B 84 1F 9C 8B 48 69 73 23 97 EC CE 44 AB FF 81 A5 10 98 77 8F C1 2C F1 B7 76 FC D3 FC B4 B9 D3 83 95 CD 3B 8F 21 C3 67 0D 60 89 54 3C E6 9F 77 05 E7 2F 22 9F AD 89 FC ED EF A6 21 F6 D8 5B 1E 43 DB F1 96 B1 0D 06 77 6B 71 E8 23 C7 DA 21 CA CD F3 C2 8D 55 3B B1 72 3D 99 08 A4 86 06 6F 9E 3F 5B 51 0B 24 0E 9D 2B 99 BE 7C F3 22 E5 C8 FB CC CC 2A 97 48 0A FD 6F B9 65 22 55 94 A4 3A 2A BA C8 63 C8 A5 D2 35 BB DD 02 D4 D2 46 A7 D6 BC 86 75 4D E8 6E CA 0A B5 47 3B 0B E5 43 F0 00 15 FF 36 B6 9E F3 95 5D 18 C0 A9 A7 E6 E2 37 9E B8 6D 41 76 42 7C 14 36 14 15 33 67 07 66 38 4D 2D C3 BD CA 46 5A 62 7A B9 E4 3F 89 1C 13 49 59 59 98 DD 53 0D F0 79 62 40 36 F9 78 4C 20 FA 13 74 C5 9D FE 98 8F 5E 76 A7 76 D2 20 C4 84 E8 F4 C4 F9 3E BE 38 DD DD E4 81 A9 7D 68 CA 2B AA 6E 65 21 A8 F2 D3 66 FE D0 D5 6F F9 CF 47 62 C2 6C 57 8D 81 3C 13 9E F0 D8 08 2E 46 4C 13 61 9C A1 D2 2A 3F D0 5B B1 DE 5E 70 83 19 53 7B 04 E4 8C F5 DA 20 1A A4 05 D8 7F 9C D5 7E 81 79 A0 D2 F9 C7 80 C3 22 80 01 17 A6 8F A7 3B D1 86 B1 43 FB EE 75 33 1D 71 57 B5 BB BE 45 1A C9 B9 15 D7 02 D8 A2 2E CD AB 29 A5 69 08 C9 6B CA 5B 1E 84 7C 98 7B 3C E3 A9 B9 DE 35 77 27 59 72 7C 7E 36 3C 1B 98 4D 4A 70 B5 38 4D DA 42 B8 D9 85 E3 16 BD C7 F1 4F A5 DB D5 E5 60 AD E0 C7 D1 FB 83 47 B7 AF 2D 09 AC 15 1D AA 8C 5C DA 44 54 3B F4 2B 2A 8C 21 5F 05 01 4D 81 CC F8 2C 43 0E 42 9E 6B 52 E6 70 99 AA 59 B4 02 99 C4 87 37 83 28 19 1C E3 58 00 33 2F 5C ED 6C 1F 51 2F 64 F9 BE 5B 2E EA F7 D3 B5 A3 EF 84 DB BF EC 11 00 39 D8 A0 2D 6A F3 51 75 44 C3 01 5F 21 9C EE B6 AD 17 2B 4C 85 4E 50 AC 70 0D 3C 79 72 50 99 99 57 55 2B 17 CA 6D 25 6F EF 8A 89 5F 1A 7C F8 0D F0 39 42 85 1D 4B B2 58 5B ED 02 AE 9E FD B5 F2 63 A8 3D 53 C6 35 CC EA E2 27 96 84 9F 03 C9 C9 10 E1 D0 01 A6 6A 30 B0 11 9C 13 FD 66 04 7B C4 95 6E A8 FD 06 72 32 AC 7C 3E F4 1B 14 5A 21 63 80 33 8C 19 1A F9 AF 67 F0 CD 8C F5 77 DE AC 14 6F D0 9E 38 0A EC 5A E7 27 92 3D DE 34 60 DB 97 92 BA 53 41 00 CC 7C 4A 0D EE F9 5A 42 35 1A 20 8D D5 9C B3 0F 06 B3 28 9F DB D6 8E 66 8A 12 18 39 C8 5D A6 87 94 3C C7 CF 58 64 F1 3A C6 EB 0C D8 4F 12 1B F2 73 EB 69 26 03 67 5C 62 FB AE 9C F8 0D 7D 06 61 86 E2 AC 53 DB A2 CF 45 23 B9 BC 6C 15 A5 6C 6E 09 0B D3 C5 61 7C 3F 66 1F 7C 8B D1 59 3D E8 1B 98 7F 1E 7F D0 44 F1 41 59 CE 5E 0A 31 E8 B8 D4 C1 15 EF 26 20 A1 A7 07 1C 73 5B 85 6E EF C3 63 93 DE 13 2D 03 EF A9 A9 1F 39 5E 15 B7 D6 2A 65 8B D9 64 9F 44 99 85 C9 DA 3B 2B 87 12 66 BD 95 2C 0A 48 84 64 95 EC 8E F9 0E 3D 83 0C 46 EF A3 7C 8C F1 26 55 1C 25 D8 15 07 56 D0 95 A9 66 A5 A5 10 0C 9B A5 7D 68 BB 0B E6 C5 03 E8 4F 68 11 CF 55 79 01 CC 54 D2 9F 40 8B F1 52 D4 B6 87 64 01 8D AF 63 6F E9 2B A0 8E 07 3C 55 CB 5A 7D DA 56 4B B2 3C 32 2E 71 D3 C7 70 B3 4A 4E 8F 71 5F 65 45 C3 1A 86 63 B0 F9 30 97 BB 07 C0 FA 2E AE 76 F2 9D AB 4E 01 C7 97 8E 1B 33 6D 75 A3 D0 F2 A6 51 AE E7 9D FE 14 8C C3 C7 87 41 29 67 1D 85 9F D3 7C 0E 83 66 CA D8 D6 23 98 C5 C3 CE C8 A3 C7 D4 4B 0E AC D0 8C 53 06 3D F2 B3 6A 2F 29 4B CC F0 7C 04 9A 69 68 2A 70 24 4A 77 A8 06 16 B7 53 32 E2 2F 92 40 4C 35 3F 8E AD 76 54 E6 59 B8 00 28 35 10 01 2F F3 F9 16 02 AC 71 0D A3 CC 88 FC E7 39 06 1C 1A 08 D6 6A EE 30 79 4F BB 4D 1E AA 14 9A 7B 03 34 A0 8A 92 81 F3 38 12 E6 7E 7B 3B 65 CE 9F 6F AF B5 88 B2 AE D6 BC 68 55 66 1B 89 42 DD 2D FF 34 83 F8 51 A5 CD D6 BB E4 59 6F C2 59 CD 4E E8 F8 7E DC 7D 64 28 62 BD C6 77 B3 88 A5 B4 9A DB E9 78 E2 6A 1B 84 91 5C 24 B2 0D 6D 0E 95 55 6D F1 80 9B 7C 80 B4 7A FE 01 EB E4 AF 22 D1 E8 5B 54 93 46 5F 52 B1 D7 22 D2 EE 1C 3D F7 92 D7 12 6A 12 E8 1A C8 0D 72 30 59 A2 0D BA D0 D7 5B 54 84 DB 88 C5 66 16 56 A3 32 2C 83 8C 82 E6 3E 29 47 BF 44 DC EF A5 06 58 DB 30 47 E4 99 24 B9 35 92 B3 76 0F 4A 63 7D 87 E8 13 C3 F6 63 22 A4 E4 6C D6 72 25 0F 04 2D E3 0B 83 47 5B 15 59 D5 FA 3C BE FE B5 B0 A7 23 62 74 AB E0 C0 0A FB 9F 97 71 F2 C9 A4 0F B5 2C B2 62 AD DF 3E E4 43 59 F2 D3 CA 54 9D 63 9E 12 49 75 1F D5 AB 02 79 59 F5 43 3F 19 3F 73 84 39 E4 98 B4 DB 13 6D 5F 92 C0 E6 A9 31 5D 00 D0 E4 BD C7 6E 74 0F 0D 33 C8 9B 8A E2 FD F3 33 F5 CB 7D 2F AA 36 14 F9 1B 42 0C CB D1 DC 03 23 60 C6 15 CA 07 FB A4 92 99 C4 08 9E 19 6A 13 FB D4 C4 D0 3F EA 1F DE 3E 68 50 1D C3 F8 32 89 8B 36 B3 57 9B 0F 29 D1 77 91 24 FA A5 82 29 3B 29 AD 36 C1 9B 57 40 EC 69 5B 1F 54 7D 2B 53 42 CC E9 B1 EB 4D A8 36 8A 1F 5B CF 6B 18 38 8D 4D 05 3B A8 C8 5C 6D 7F 84 7C A2 14 4F A5 69 DA 3F 77 36 BC 68 90 34 84 FB F8 FA 0D DA 8F E5 91 87 37 02 24 91 9A D7 BF A7 DA 9F 7F B7 5B 67 4C 6D AC 35 DB 90 A4 61 BD 07 7F E4 7E 38 8E 63 16 06 3A 33 11 AF 57 50 B2 AF 1D 93 D0 87 7F 25 26 63 9C 98 BA D7 89 E4 91 BF B0 29 30 83 F6 34 93 9B 55 71 C6 1D 6C 2A 29 A4 80 8A 9B 87 D5 A2 A2 91 0D A3 4E 74 4D 70 20 19 B0 A8 EF 73 3B 4D B6 A2 78 E5 E7 77 F8 80 D5 A0 D8 77 C8 39 91 31 EB D4 3F 41 1C BA 87 D4 B0 DA 49 66 C6 90 3C B4 7E 29 39 B1 BB 02 1E 42 2A 83 FB 97 2A 6D 87 B6 90 E6 13 EC BC 75 EA A3 27 68 42 B0 00 D3 84 3F 40 E0 20 87 A6 71 B3 F0 B5 0D 74 B4 65 0D D3 3F 0B 20 03 CC AE 50 62 98 F4 3F 2E AB B4 94 DE 54 1C 71 BE C8 7B 0C E0 FE 0D 18 C5 3C 80 20 C4 50 7B A6 D1 62 96 33 05 18 37 41 95 14 EB 61 9E 9E 60 9F 4D 68 57 95 30 C3 15 8F E0 BE 52 0A FF 20 71 91 BA A4 CD A5 67 84 20 79 12 BF B9 9C B2 76 D5 58 F2 9B 67 53 6B 9D 22 24 C1 D8 51 64 C3 46 8F D6 ED AC 47 1B 2B C7 A8 A1 58 A5 27 E7 79 9D 53 2A 47 06 90 6E B2 9F 43 92 F1 58 31 53 C0 E8 95 8A 0D 7A F6 9A 71 92 AE 26 BB 96 30 55 D9 B2 77 61 AE CC E9 08 23 82 C2 56 78 04 7D 2B 52 C2 FF 2C 16 ED 9F 61 EE 7B F9 20 7C 22 C8 B9 BD 16 42 89 85 69 F7 97 FD 1B C7 16 BC 98 7E B3 75 44 BD E6 7D 34 2F B3 A5 9C FE 70 B3 EC CA 87 DF D5 5F DD 24 AF 61 D9 F2 8B 86 94 F2 C3 9E 73 01 49 14 31 8D 2F 6F AC CA 91 5B A5 6E 78 19 A8 C8 9A 5C 7A 24 7C A8 E8 0E 81 90 CB 02 A4 01 9B CD DF D0 11 0F 57 5C AB EB 53 B1 56 29 1A 6F E5 F8 B6 60 4B 70 81 32 5E 3B E7 66 58 55 0E 86 9B CB 84 ED C5 18 9A 4B 0E 2D 22 22 05 8C FA 14 6B 4D AF 08 C6 39 00 81 8D 9A 9B EA E0 19 CB D0 CC C8 21 6F A7 0E 4D 3E 90 19 DB FE FD 49 E3 89 D6 3D 11 31 00 65 01 20 32 3B 22 0B 67 C9 C7 F3 38 AE 57 A9 59 9B DC EC 4D 03 B3 6D 66 E3 0A C4 32 92 ED C8 3B F2 F3 30 FF 1E [Binary data over 200 bytes]
O27:64bit: - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgcsrvx.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgidsagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgrsx.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgtray.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgwdsvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\Setup.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgidsagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgrsx.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgtray.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\Setup.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
3. 完成上述run fix后,请重新再做新1份OTL.txt扫瞄报告贴上。
作者: SILVESTERABEND 发布时间: 2014-03-23
可唔可以copy 系记事簿upload ?.?
102202014_004921.txt (34.41 KB)
102202014_004921.txt (34.41 KB)
2014-2-22 04:46 PM, 下载次数: 3
作者: 爱猫一族 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-22 04:46 PM 发表
可唔可以copy 系记事簿upload ?.?
可以。 可唔可以copy 系记事簿upload ?.?
作者: SILVESTERABEND 发布时间: 2014-03-23
楼主试执行以下程式扫毒:
1. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
2. 下载/执行 AdwCleaner (Xplode) 扫毒。(先按Scan扫瞄,扫到毒按[Clean] 删除)
(执行AdwCleaner关闭所有浏览器/程式)
3. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请贴上以下报告:
a. JRT扫毒报告。
b. AdwCleaner删毒报告。
c. ComboFix扫毒报告。
d. 新1份OTL.txt扫瞄报告。
1. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
2. 下载/执行 AdwCleaner (Xplode) 扫毒。(先按Scan扫瞄,扫到毒按[Clean] 删除)
(执行AdwCleaner关闭所有浏览器/程式)
3. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请贴上以下报告:
a. JRT扫毒报告。
b. AdwCleaner删毒报告。
c. ComboFix扫毒报告。
d. 新1份OTL.txt扫瞄报告。
作者: SILVESTERABEND 发布时间: 2014-03-23
第一个用唔到系appdata cannot create file
第二个系下面
第三个扫到中途弹话防毒未关,好似系Microsoft Security Essentials
开佢弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
之后combofix弹防毒未关,it will continue, i need to bear the risk about window will have some problem,我就关左
AdwCleaner[S0].txt (4.51 KB)
第二个系下面
第三个扫到中途弹话防毒未关,好似系Microsoft Security Essentials
开佢弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
之后combofix弹防毒未关,it will continue, i need to bear the risk about window will have some problem,我就关左
AdwCleaner[S0].txt (4.51 KB)
2014-2-22 11:54 PM, 下载次数: 7
作者: 爱猫一族 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-22 11:54 PM 发表
第一个用唔到系appdata cannot create file
第二个系下面
第三个扫到中途弹话防毒未关,好似系Microsoft Security Essentials
开佢弹Microsoft Security cilent
an error has ocurred in the program during init ...
1. 执行Combofix扫瞄要关闭所有防毒,避免Combofix出现误删(其实机会不大第一个用唔到系appdata cannot create file
第二个系下面
第三个扫到中途弹话防毒未关,好似系Microsoft Security Essentials
开佢弹Microsoft Security cilent
an error has ocurred in the program during init ...
)。2. 最低限度楼主系统已经可以恢复执行扫瞄程式。
3. 楼主试重新下载SUPERAntispyware Portable Scanner Personal Edition.,进行扫毒。
4. 重新执行Combofix扫毒。
请贴上以下报告:
a. SAS扫瞄报告。
b. Combofix扫瞄报告。
c. 新做1份OTL.txt报告。
作者: SILVESTERABEND 发布时间: 2014-03-23
still cant use sas
log1.txt (19.67 KB)
1OTL.Txt (91.64 KB)
log1.txt (19.67 KB)
2014-2-23 11:05 AM, 下载次数: 3
1OTL.Txt (91.64 KB)
2014-2-23 11:05 AM, 下载次数: 4
作者: 爱猫一族 发布时间: 2014-03-23
now i can open hijack
[ 本帖最后由 爱猫一族 於 2014-2-23 11:17 AM 编辑 ]
hijackthis.log (8.58 KB)
[ 本帖最后由 爱猫一族 於 2014-2-23 11:17 AM 编辑 ]
hijackthis.log (8.58 KB)
2014-2-23 11:17 AM, 下载次数: 3
作者: 爱猫一族 发布时间: 2014-03-23
作者: SILVESTERABEND 发布时间: 2014-03-23
相,系统还原开到now
语言列一直唔见.明明开左
OTL.Txt (108.72 KB)
11393125189_1_02.txt (82.95 KB)
语言列一直唔见.明明开左
OTL.Txt (108.72 KB)
2014-2-23 06:06 PM, 下载次数: 3
11393125189_1_02.txt (82.95 KB)
2014-2-23 06:06 PM, 下载次数: 3
作者: 爱猫一族 发布时间: 2014-03-23
扫瞄报告显示正常。
试下载/执行 Portable Windows Repair AIO修正以下各项:
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair Internet Explorer
Remove Policies Set By Infections
Remove Temp Files
试下载/执行 Portable Windows Repair AIO修正以下各项:
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair Internet Explorer
Remove Policies Set By Infections
Remove Temp Files
作者: SILVESTERABEND 发布时间: 2014-03-23
still弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
语言列 disappear
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
语言列 disappear
作者: 爱猫一族 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-23 08:37 PM 发表
still弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
语言列 disappear
1. 去控制台 > 时钟、语言和区域 > 地区及语言 > 键盘及语言 > 按[变更键盘] > 设定中文输入法.....still弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
语言列 disappear
2. 在「文字服务和输入语言」 > 语言列 > 勾选「固定在工作列」> 按[确定]。
3. 移除Microsoft Security Client。
4. 请将所有启动项目截图贴上。(开始 > msconfig > 按Enter)
作者: SILVESTERABEND 发布时间: 2014-03-23
我用你上一个post个software,跟足佢step做,download个个防毒再scan,再run所有repair就有返语言列,但就上唔到网,找不到所有网路,蓝芽都唔见左,del 唔到个个security, 系新增及移除无,来还原返,试左几次都失败
上得返网,蓝芽有返send到但收唔到野同cam唔见左
[ 本帖最后由 爱猫一族 於 2014-2-23 11:16 PM 编辑 ]
上得返网,蓝芽有返send到但收唔到野同cam唔见左
[ 本帖最后由 爱猫一族 於 2014-2-23 11:16 PM 编辑 ]
作者: 爱猫一族 发布时间: 2014-03-23
启动
[ 本帖最后由 爱猫一族 於 2014-2-23 11:06 PM 编辑 ]
[ 本帖最后由 爱猫一族 於 2014-2-23 11:06 PM 编辑 ]
未命名.jpg (100.77 KB)
2014-2-23 11:06 PM
作者: 爱猫一族 发布时间: 2014-03-23
用fn+f5,佢show先start无线装置
solved~~my bad for repair extra item
[ 本帖最后由 爱猫一族 於 2014-2-23 11:09 PM 编辑 ]
solved~~my bad for repair extra item
[ 本帖最后由 爱猫一族 於 2014-2-23 11:09 PM 编辑 ]
作者: 爱猫一族 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-23 08:37 PM 发表
still弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
语言列 disappear
路过..............still弹Microsoft Security cilent
an error has ocurred in the program during initialization,please contact system administrator
error code :0x80070002
语言列 disappear
师兄应该用错online scan,你装左Bitdefender防毒软件试用版
作者: KRally 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-23 10:18 PM 发表
启动
祗保留4个Bitdefender 2014,取消勾选其他启动。 启动
作者: SILVESTERABEND 发布时间: 2014-03-23
佢弹左Good news! We found no active infections on your PC
Keep it clean with The New Bitdefender Internet Security!我就click free download
Keep it clean with The New Bitdefender Internet Security!我就click free download
作者: 爱猫一族 发布时间: 2014-03-23
ok, thank you so much, you are really helpful and kindly
my computer seems not having huge problem now
my computer seems not having huge problem now
作者: 爱猫一族 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-24 11:15 PM 发表
佢弹左Good news! We found no active infections on your PC
Keep it clean with The New Bitdefender Internet Security!我就click free download
楼主如果装左BD IS试用版,要将系统MSE移除,避免冲突。 佢弹左Good news! We found no active infections on your PC
Keep it clean with The New Bitdefender Internet Security!我就click free download
作者: SILVESTERABEND 发布时间: 2014-03-23
引用:原帖由 爱猫一族 於 2014-2-24 11:22 PM 发表
ok, thank you so much, you are really helpful and kindly
my computer seems not having huge problem now
You're welcome.ok, thank you so much, you are really helpful and kindly
my computer seems not having huge problem now
1.如果系统运作回复正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner Free删除temp files/登录档,用Windows预载defrag功能,做番1次磁碟重组(defrag)。
3. 请将[病毒移除]主题改为[已解决]。Tks.
作者: SILVESTERABEND 发布时间: 2014-03-23
引用:原帖由 SILVESTERABEND 於 2014-2-25 10:02 AM 发表
You're welcome.
1.如果系统运作回复正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner F ...
thank you so much, finishedYou're welcome.
1.如果系统运作回复正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner F ...
作者: 爱猫一族 发布时间: 2014-03-23
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
