~ ZHPCleaner v2015.3.12.117 by Nicolas Coolman (12/03/2015) ~ Run by dimthehot (Administrator) (13/03/2015 18:56:44) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\dimthehot\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\dimthehot\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious items found. ---\\ Browser internet (18) MOVED file: C:\Users\dimthehot\Desktop\Torntv Downloader.lnk [Bad : C:\Users\dimthehot\AppData\Roaming\TornTV.com\Torntv Downloader.exe] (Hijacker.TornTV) REPLACED Quicklaunch: C:\Users\dimthehot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED Quicklaunch: C:\Users\dimthehot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED TaskBar: C:\Users\dimthehot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED TaskBar: C:\Users\dimthehot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED Desktop: C:\Users\Public\Desktop\Google Chrome.lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED SystemTools: C:\Users\dimthehot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED Programs: C:\Users\dimthehot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : http://www.omniboxes.com/?type=sc&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY1783Y1783] (Hijacker.Browser) REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [hxxp://www.omniboxes.com/?type=hp&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA[...]] (PUP.Omniboxes) REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [hxxp://www.omniboxes.com/?type=hp&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.omniboxes.com/?type=hp&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.omniboxes.com/web/?type=ds&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.omniboxes.com/?type=hp&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.omniboxes.com/web/?type=ds&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.omniboxes.com/?type=hp&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.omniboxes.com/web/?type=ds&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.omniboxes.com/?type=hp&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA[...]] (PUP.Omniboxes) REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.omniboxes.com/web/?type=ds&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08[...]] (PUP.Omniboxes) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious items found. ---\\ Explorer ( File, Folder) (21) MOVED file: C:\Program Files (x86)\CinemaP-1.8cV10.03\bc9992e7-8e91-4f7d-bd38-aacbd2a96583-1-7.exe [Cinema PlusV10.03 - CinemaP-1.8cV10.03 exe] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\CinemaP-1.8cV10.03\bc9992e7-8e91-4f7d-bd38-aacbd2a96583-10.exe [Cinema PlusV10.03 - CinemaP-1.8cV10.03 exe] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\CinemaP-1.8cV10.03\bc9992e7-8e91-4f7d-bd38-aacbd2a96583-5.exe [Cinema PlusV10.03 - CinemaP-1.8cV10.03 exe] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\CinemaP-1.8cV10.03\bc9992e7-8e91-4f7d-bd38-aacbd2a96583-6.exe [Cinema PlusV10.03 - CinemaP-1.8cV10.03 exe] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\CinemaP-1.8cV10.03\bc9992e7-8e91-4f7d-bd38-aacbd2a96583-64.exe [Cinema PlusV10.03 - CinemaP-1.8cV10.03 exe] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\CinemaP-1.8cV10.03\bc9992e7-8e91-4f7d-bd38-aacbd2a96583-7.exe [Cinema PlusV10.03 - CinemaP-1.8cV10.03 exe] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\77950a88-4e7f-46ab-b1a0-9e27ef3d1d53\1158c947-44bd-4161-8ff2-188caa37e973.dll [ - ] (PUP.CrossRider) MOVED file: C:\Program Files (x86)\77950a88-4e7f-46ab-b1a0-9e27ef3d1d53\1c656b52-6b5c-4315-8b49-07b739e41393.dll [ - ] (PUP.CrossRider) MOVED folder: C:\Program Files (x86)\77950a88-4e7f-46ab-b1a0-9e27ef3d1d53 (PUP.CrossRider) MOVED file: C:\ProgramData\15651002628008033613\cd5b15e575e1c3d05a7a6c0969dbf9f5.ini [ - ] (PUP.CrossRider) MOVED folder: C:\ProgramData\15651002628008033613 (PUP.CrossRider) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\goopdate.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\npGoogleUpdate4.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\psmachine.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\psuser.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\~dlE1F5\lxwsh\tmp\wpm_v20.0.0.1953_0302.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\GoogleCrashHandler.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\GoogleUpdate.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\GoogleUpdateBroker.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\DIMTHE~1\AppData\Local\Temp\comh.463393\GoogleUpdateOnDemand.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) ---\\ Registry ( Key, Value, Data) (10) DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.omniboxes.com/web/?type=ds&ts=1425995460&from=obw&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3F1LY178[...]] [omniboxes] (PUP.Omniboxes) DELETED key*: HKCU\Software\CinemaP-1.8cV10.03-nv [] (Heuristic.CrossRider) DELETED key*: HKCU\Software\CinemaP-1.8cV10.03-nv-ie [] (Heuristic.CrossRider) DELETED key*: HKLM\SOFTWARE\Wow6432Node\5dc62bb6-71d8-4cc6-b109-b59215c62029 [] (PUP.CrossRider) DELETED key*: HKLM\SOFTWARE\Wow6432Node\ef85dc9f-866e-801d-1db2-20d96886e8b3 [] (PUP.CrossRider) DELETED key*: HKLM\SOFTWARE\Wow6432Node\CinemaP-1.8cV10.03-nv [] (Heuristic.CrossRider) DELETED key*: HKLM\SOFTWARE\Wow6432Node\CinemaP-1.8cV10.03-nv-ie [] (Heuristic.CrossRider) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info [1278341] (PUP.ShoppinGate) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info [] (PUP.ShoppinGate) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.boostsaves.com [678] (PUP.BoostSaves) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 65038 ~ Items found : 0 ~ Items repaired : 46 End of clean at 19:00:03 =================== ZHPCleaner-[R]-12022015-12_04_13.txt ZHPCleaner-[R]-13032015-19_00_03.txt ZHPCleaner-[S]-10032015-14_57_36.txt ZHPCleaner-[S]-12022015-12_01_32.txt ZHPCleaner-[S]-13032015-18_55_28.txt ZHPCleaner-[S]-19022015-17_44_50.txt