Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
Lignes indésirables :
O23 - Service: (WinSAPSvc) . (.TODO: <公司名> - TODO: <文件说明>.) - C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll =>PUP.Optional.Youndoo
SR - Auto [15/05/2017] [ 1887232] (WinSAPSvc) . (.TODO: <公司名>.) - C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll =>PUP.Optional.Youndoo
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
E0 - Microsoft Edge: HKU\S-1-5-21-1423490753-1626447125-540586519-1001\HomeButtonPage = http://www.ourluckysites.com/ =>Hijacker.Browser
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe http://www.ourluckysites.com/ =>Hijacker.Browser
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe http://www.ourluckysites.com/ =>Hijacker.Browser
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (ourluckysites) - http://www.ourluckysites.com/ =>Hijacker.Browser
O69 - SBI: SearchScopes [HKLM] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (ourluckysites) - http://www.ourluckysites.com/ =>Hijacker.Browser
HKLM\SYSTEM\CurrentControlSet\Services\WinSAPSvc =>PUP.Optional.Youndoo
C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll =>PUP.Optional.Youndoo
C:\Users\catho\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\Open\command =>Hijacker.Browser
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command =>Hijacker.Browser
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} =>Hijacker.Browser
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} =>Hijacker.Browser
C:\Users\catho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango
C:\Users\catho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.ChatangoHKCU\SOFTWARE\csastats =>Adware.InstallCore
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
O43 - CFD: 15/05/2017 - [] D -- C:\Users\catho\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo
O61 - LFC: 2017/05/15 10:02:00 A . (.TODO: <公司名>.) -- C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232] =>PUP.Optional.Youndoo
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe http://www.ourluckysites.com/ =>Hijacker.Browser
O23 - Service: (3DM) . (.kitty.exe - kitty.exe.) - C:\Users\catho\AppData\Local\3DM\Kitty.dll
O23 - Service: (3DM) . (.kitty.exe - kitty.exe.) - C:\Users\catho\AppData\Local\3DM\Kitty.dll
O23 - Service: Apple Notifications Service (AppleNotificationsSrv) . (...) - C:\ProgramData\Software\Apple\Apps\Notification.dll
O23 - Service: Update Service(FirefoxU) (FirefoxU) . (.Copyright (C) 2017 - .) - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe {45A8458D05878B9FE97F9367F3956CDE}
O23 - Service: Windows Install Services (WinInstallSvc) . (...) - C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll
SR - Auto [19/04/2017] [ 754688] (3DM) . (.kitty.exe.) - C:\Users\catho\AppData\Local\3DM\Kitty.dll
SR - Auto [17/04/2017] [ 106496] Apple Notifications Service (AppleNotificationsSrv) . (...) - C:\ProgramData\Software\Apple\Apps\Notification.dll
SR - Auto [14/05/2017] [ 101016] Update Service(FirefoxU) (FirefoxU) . (.Copyright (C) 2017.) - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe {45A8458D05878B9FE97F9367F3956CDE}
SR - Auto [08/05/2017] [ 105984] Windows Install Services (WinInstallSvc) . (...) - C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll
O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Windows-PG [3592]
[MD5.86377E9241CD1CDD65DAF0954EA3A633] - (.Copyright (C) 2017 - .) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101016] [PID.7552] {45A8458D05878B9FE97F9367F3956CDE}
HKLM\SOFTWARE\Wow6432Node\Eastness
HKLM\SOFTWARE\Wow6432Node\ourluckysitesSoftware
HKLM\SOFTWARE\Wow6432Node\XOB
HKCU\SOFTWARE\Bookness
HKCU\SOFTWARE\Eastness
HKCU\SOFTWARE\heheelibom
O43 - CFD: 16/05/2017 - [] D -- C:\Program Files (x86)\BiaoJi
O43 - CFD: 05/05/2017 - [] D -- C:\ProgramData\BIT
O43 - CFD: 23/02/2016 - [] D -- C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}
O43 - CFD: 18/04/2017 - [] D -- C:\Users\catho\AppData\Roaming\SSMgre
O43 - CFD: 05/05/2017 - [] D -- C:\Users\catho\AppData\Local\background_fault
O43 - CFD: 08/05/2017 - [] D -- C:\Users\catho\AppData\Local\Bookness
O43 - CFD: 16/05/2017 - [] D -- C:\Users\catho\AppData\Local\CWASRE
O43 - CFD: 17/04/2017 - [] D -- C:\Users\catho\AppData\Local\Eastness
O43 - CFD: 11/05/2017 - [] D -- C:\Users\catho\AppData\Local\NPASRE
O43 - CFD: 02/05/2017 - [] D -- C:\Users\catho\AppData\Local\SNARE
O43 - CFD: 03/05/2017 - [] D -- C:\Users\catho\AppData\Local\SNAREA
O43 - CFD: 09/05/2017 - [] D -- C:\Users\catho\AppData\Local\VNASRE
O43 - CFD: 05/05/2017 - [] D -- C:\Users\catho\AppData\Local\WANARE
O87 - FAEL: "{349DB31D-F0DD-4797-914A-447E342FAAEE}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe {45A8458D05878B9FE97F9367F3956CDE}
O87 - FAEL: "{B038ECCE-68A8-4ABD-BAED-9D41BAE0E744}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\MIO\loader\hgstxhts545050a7e680_rbb50a1j1g271s1g271sx.dat
O87 - FAEL: "{E7334571-D3CC-4B75-BDDF-2F16688E877E}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\MIO\loader\hgstxhts545050a7e680_rbb50a1j1g271s1g271sx.dat
Lignes superflues ou inutiles :
Lignes d'optimisation du démarrage :
EmptyClsid
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash
Lignes indésirables :
O23 - Service: (WinSAPSvc) . (.TODO: <公司名> - TODO: <文件说明>.) - C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll =>PUP.Optional.Youndoo
SR - Auto [15/05/2017] [ 1887232] (WinSAPSvc) . (.TODO: <公司名>.) - C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll =>PUP.Optional.Youndoo
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/ =>Hijacker.Browser
E0 - Microsoft Edge: HKU\S-1-5-21-1423490753-1626447125-540586519-1001\HomeButtonPage = http://www.ourluckysites.com/ =>Hijacker.Browser
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe http://www.ourluckysites.com/ =>Hijacker.Browser
O68 - StartMenuInternet:
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (ourluckysites) - http://www.ourluckysites.com/ =>Hijacker.Browser
O69 - SBI: SearchScopes [HKLM] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (ourluckysites) - http://www.ourluckysites.com/ =>Hijacker.Browser
HKLM\SYSTEM\CurrentControlSet\Services\WinSAPSvc =>PUP.Optional.Youndoo
C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll =>PUP.Optional.Youndoo
C:\Users\catho\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\Open\command =>Hijacker.Browser
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command =>Hijacker.Browser
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} =>Hijacker.Browser
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} =>Hijacker.Browser
C:\Users\catho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango
C:\Users\catho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.ChatangoHKCU\SOFTWARE\csastats =>Adware.InstallCore
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
O43 - CFD: 15/05/2017 - [] D -- C:\Users\catho\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo
O61 - LFC: 2017/05/15 10:02:00 A . (.TODO: <公司名>.) -- C:\Users\catho\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232] =>PUP.Optional.Youndoo
O68 - StartMenuInternet:
O23 - Service: (3DM) . (.kitty.exe - kitty.exe.) - C:\Users\catho\AppData\Local\3DM\Kitty.dll
O23 - Service: (3DM) . (.kitty.exe - kitty.exe.) - C:\Users\catho\AppData\Local\3DM\Kitty.dll
O23 - Service: Apple Notifications Service (AppleNotificationsSrv) . (...) - C:\ProgramData\Software\Apple\Apps\Notification.dll
O23 - Service: Update Service(FirefoxU) (FirefoxU) . (.Copyright (C) 2017 - .) - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe {45A8458D05878B9FE97F9367F3956CDE}
O23 - Service: Windows Install Services (WinInstallSvc) . (...) - C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll
SR - Auto [19/04/2017] [ 754688] (3DM) . (.kitty.exe.) - C:\Users\catho\AppData\Local\3DM\Kitty.dll
SR - Auto [17/04/2017] [ 106496] Apple Notifications Service (AppleNotificationsSrv) . (...) - C:\ProgramData\Software\Apple\Apps\Notification.dll
SR - Auto [14/05/2017] [ 101016] Update Service(FirefoxU) (FirefoxU) . (.Copyright (C) 2017.) - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe {45A8458D05878B9FE97F9367F3956CDE}
SR - Auto [08/05/2017] [ 105984] Windows Install Services (WinInstallSvc) . (...) - C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll
O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Windows-PG [3592]
[MD5.86377E9241CD1CDD65DAF0954EA3A633] - (.Copyright (C) 2017 - .) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101016] [PID.7552] {45A8458D05878B9FE97F9367F3956CDE}
HKLM\SOFTWARE\Wow6432Node\Eastness
HKLM\SOFTWARE\Wow6432Node\ourluckysitesSoftware
HKLM\SOFTWARE\Wow6432Node\XOB
HKCU\SOFTWARE\Bookness
HKCU\SOFTWARE\Eastness
HKCU\SOFTWARE\heheelibom
O43 - CFD: 16/05/2017 - [] D -- C:\Program Files (x86)\BiaoJi
O43 - CFD: 05/05/2017 - [] D -- C:\ProgramData\BIT
O43 - CFD: 23/02/2016 - [] D -- C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}
O43 - CFD: 18/04/2017 - [] D -- C:\Users\catho\AppData\Roaming\SSMgre
O43 - CFD: 05/05/2017 - [] D -- C:\Users\catho\AppData\Local\background_fault
O43 - CFD: 08/05/2017 - [] D -- C:\Users\catho\AppData\Local\Bookness
O43 - CFD: 16/05/2017 - [] D -- C:\Users\catho\AppData\Local\CWASRE
O43 - CFD: 17/04/2017 - [] D -- C:\Users\catho\AppData\Local\Eastness
O43 - CFD: 11/05/2017 - [] D -- C:\Users\catho\AppData\Local\NPASRE
O43 - CFD: 02/05/2017 - [] D -- C:\Users\catho\AppData\Local\SNARE
O43 - CFD: 03/05/2017 - [] D -- C:\Users\catho\AppData\Local\SNAREA
O43 - CFD: 09/05/2017 - [] D -- C:\Users\catho\AppData\Local\VNASRE
O43 - CFD: 05/05/2017 - [] D -- C:\Users\catho\AppData\Local\WANARE
O87 - FAEL: "{349DB31D-F0DD-4797-914A-447E342FAAEE}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe {45A8458D05878B9FE97F9367F3956CDE}
O87 - FAEL: "{B038ECCE-68A8-4ABD-BAED-9D41BAE0E744}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\MIO\loader\hgstxhts545050a7e680_rbb50a1j1g271s1g271sx.dat
O87 - FAEL: "{E7334571-D3CC-4B75-BDDF-2F16688E877E}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\MIO\loader\hgstxhts545050a7e680_rbb50a1j1g271s1g271sx.dat
Lignes superflues ou inutiles :
Lignes d'optimisation du démarrage :
EmptyClsid
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash