~ ZHPCleaner v2014.12.28.277 by Nicolas Coolman (28/12/2014) ~ Run by Lila (Administrator) (29/12/2014 08:27:44) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Documents and Settings\Lila\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Documents and Settings\Lila\Application Data\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Windows XP, 32-bit Service Pack 2 (Build 2600) ---\\ Services (0) ~ No malicious items found. ---\\ Browser internet (6) REPLACED Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 ) REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page ( hxxp://aol.fr/ ) REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page ( hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ) REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar ( hxxp://g.msn.fr/0SEFRFR/SAOS02 ) REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs ( res://ieframe.dll/tabswelcome.htm ) REPLACED Chrome URL: "hxxp://www.google.com/"] ---\\ Hosts file (1) ~ The hosts file is legitimate (19) ---\\ Scheduled automatic tasks. (0) ~ No malicious items found. ---\\ Explorer ( File, Folder) (8) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage[] (PUP.AkamaiHD) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal[] (PUP.AkamaiHD) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage[] (PUP.SpecialSavings) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal[] (PUP.SpecialSavings) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fr.reimageplus.com_0.localstorage[] (Rogue.ReimageRepair) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fr.reimageplus.com_0.localstorage-journal[] (Rogue.ReimageRepair) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage[] (PUP.SpecialSavings) MOVED file: C:\Documents and Settings\Lila\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal[] (PUP.SpecialSavings) ---\\ Registry ( Key, Value, Data) (12) DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gt [C:\WINDOWS\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gt.sys] (PUP.LinkiDoo) DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gt [C:\WINDOWS\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gt.sys] (PUP.LinkiDoo) DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gt [C:\WINDOWS\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gt.sys] (PUP.LinkiDoo) DELETED data: HKCR\htmlfile\Shell\Open\Command\htmlfile\Shell\Open\Command\\htmlfile [Bad : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome] (Broken.OpenCommand) DELETED data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\\Intl [Bad : http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s] (Hijacker.Association) DELETED key: HKLM\SOFTWARE\Hold Page [] (PUP.HoldPage) DELETED key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster) DELETED key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster) DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Hold Page [] (PUP.HoldPage) DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Hold Page [] (PUP.HoldPage) DELETED key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Hold Page [] (PUP.HoldPage) DELETED key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup [] (PUP.MyPCBackup) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 41781 ~ Items found : 0 ~ Items repaired : 26 End of clean at 08:38:27