~ ZHPCleaner v2024.3.9.10 by Nicolas Coolman (2024/03/09) ~ Run by kbca2 (Administrator) (11/03/2024 11:14:47) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\kbca2\OneDrive\Área de Trabalho\ZHPCleaner (S).txt ~ Quarantine : C:\Users\kbca2\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 19045) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (4) FOUND file: C:\Users\kbca2\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric FOUND file: C:\Users\kbca2\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric FOUND folder: C:\Users\kbca2\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache FOUND folder: C:\Users\kbca2\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (6) FOUND file: C:\Users\kbca2\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\kbca2\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Windows\Prefetch\OFFICE 2010 TOOLKIT.EXE-D1D053D8.pf =>Hacktool.Office FOUND file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS FOUND file: C:\Windows\AutoKMS\AutoKMS.ini =>HackTool.AutoKMS FOUND folder: C:\Windows\AutoKMS =>HackTool.AutoKMS ---\\ Registry ( Key, Value, Data) (4) FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fa9cba01-a6a6-4cf8-a1bb-246a5c5d882f}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CatalogoExpresso220Ideia2001_is1 [Idéia 2001 Informática] =>Toolbar.Expresso FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CatalogoExpresso293Ideia2001_is1 [Idéia 2001 Informática] =>Toolbar.Expresso FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CatalogoExpresso395Ideia2001_is1 [Idéia 2001 Informática] =>Toolbar.Expresso ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Hacktool.Office https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2017/09/23/barres-doutils-de-navigateur-toolbars/ =>Toolbar.Expresso ---\\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Microsoft Edge OK ~ Microsoft Internet Explorer OK ~ Thunderbird OK ---\\ Statistics ~ Items scanned : 98299 ~ Items found : 18 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h07mn08s ---\\ Reports (0) ZHPCleaner-[S]-11032024-11_21_55.txt