~ ZHPCleaner v2021.4.3.289 by Nicolas Coolman (2021/04/03) ~ Run by dymytry (Administrator) (07/04/2021 06:56:03) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Repair ~ Report : C:\Users\dymytry\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\dymytry\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (20) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) MOVED file: C:\Users\dymytry\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\Kekynha\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\dymytry\AppData\Local\Temp\utt5D99.tmp =>BitTorrent (P2P) MOVED file: C:\Users\dymytry\AppData\Local\Temp\utt6623.tmp =>BitTorrent (P2P) MOVED file: C:\Users\dymytry\AppData\Local\Temp\utt89DA.tmp =>BitTorrent (P2P) MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] =>HackTool.AutoKMS MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder: C:\Windows\AutoKMS =>HackTool.AutoKMS ---\\ Registry ( Key, Value, Data) (8) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E61F24D-0430-42AF-ACC3-3004C693079D}\\DhcpNameServer [Bad : 189.127.48.4 189.127.48.8] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 189.127.48.4 189.127.48.8] =>Hijacker.Browser DELETED key*: HKCU\Software\undefined [AdditionalScan 148] =>.SUP.Downloader DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier [] =>Riskware.FlashPlayer DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater [] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe Systems Incorporated] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI [Adobe] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google LLC] =>Heuristic.Suspect ---\\ Summary of the elements found (7) https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1711 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn42s ---\\ Reports (2) ZHPCleaner-[S]-07042021-06_55_29.txt ZHPCleaner-[R]-07042021-06_56_45.txt