- AdliceDiag (Tigzy)
- Ads (Gen-Hackman)
- AdsFix (Gen-Hackman)
- AdwCleaner (Malwarebytes)
- AHK_NavScan (Batch_Man)
- AlphaDecrypter (Michael Gillespie)
- AswMBR (Avast!Software)
- AuroraDecrypter (Michael Gillespie)
- AutorunsVTChecker (regist)
- AVCertClean (fr33tux)
- Offline CryptoMix Ransomware Decryptor (Avast!Software)
- Avenger (swandog46)
- BitKangarooDecrypter (Michael Gillespie)
- BitStakDecrypter (Michael Gillespie)
- BlitzBlank (Emsisoft)
- BTCWareDecrypter (Michael Gillespie)
- Catchme (Gmer)
- Check Browsers LNK (Alex Dragokas & regist)
- CKScanner (askey127)
- Clean_DNS (Gen-Hackman)
- ClearLNK (Alex Dragokas)
- CMD_Command (Gen-Hackman)
- CoinVaultDecryptor (Kaspersky Labs)
- Combofix (sUBs)
- Crypt38Decrypter (Michael Gillespie)
- CryptoSearch (Michael Gillespie)
- DDS (sUBs)
- CryptON Ransomware Decryptor (Emsisoft)
- Defogger (jpshortstuff)
- DCryDecrypter (Michael Gillespie)
- EasyRestorePoint (kernel-panik)
- Eset Online Scanner (Eset)
- FilesLockerDecrypter (Michael Gillespie)
- FixExec (BleepingComputer)
- FixPurge (McVivien2)
- FRST (Farbar)
- FSS (Farbar)
- GetSystemInfo (Kaspersky Labs)
- GhostCryptDecrypter (Michael Gillespie)
- GIBON Ransomware Decryptor (Michael Gillespie)
- GooredFix (jpshortstuff)
- GrantPerms (Farbar)
- HiddenTear Bruteforcer (Michael Gillespie)
- HiddenTear Decrypter (Michael Gillespie)
- HostsXpert (funkytoad)
- Hosts-perm.bat (BleepingComputer)
- InsaneCryptDecrypter (Michael Gillespie)
- JavaRa (Fred de Vries et Paul McLain)
- Jigsaw Decrypter (Michael Gillespie)
- Junkware Removal Tool (Malwarebytes corporation)
- ListCWall (BleepingComputer)
- ListParts (Farbar)
- LogOnFix (Xplode)
- MBAR (Malwarebytes corporation)
- MBRCheck (a_d_13)
- MbrScan (Eric_71)
- mbr.exe (Gmer)
- McAfee Labs RootkitRemover (McAfee)
- MicroCop Decryptor (Michael Gillespie)
- Miniregtool (Farbar)
- Minitoolbox (Farbar)
- MKV (El Desaparecido & C_XX)
- Mole02Decryptor (M AV)
- OneClick2RP (Laddy)
- OTA (Old_Timer)
- OTC (Old_Timer)
- OTH (Old_Timer)
- OTL (Old_Timer)
- OTM (Old_Timer)
- OTS (Old_Timer)
- PCHunter (epoolsoft)
- Pre_Scan (Gen-Hackman)
- PowerLockyDecrypter (Michael Gillespie)
- ProcessClose (Gen-Hackman)
- QuickDiag (Gen-Hackman)
- RakhniDecryptor (Kaspersky Lab)
- Rannoh Decryptor (Kaspersky Lab)
- RansomNoteCleaner (Michael Gillespie)
- RegtoolExport (Xplode)
- Remediate VBS Worm (bartblaze)
- Report_Antivir (Laddy)
- Report_CHKDSK (Laddy)
- ResetNavigator (SoftwareQuality)
- Rkill (Grinler)
- RogueKiller (Tigzy)
- Rooter (Team IDN)
- RootkitRevealer (Microsoft)
- RstAssociations (Xplode) (scr) (exe)
- RstHosts (Xplode)
- ScanRapide (Lydem)
- ShadeDecryptor (Kaspersky Labs)
- Shortcut Cleaner (BleepingComputer)
- Seaf (C_XX)
- SecurityCheck (screen317)
- ServicesRepair (Eset)
- SMBCheck (Webroot)
- StrikedDecrypter (Michael Gillespie)
- StupidDecryptor (Michael Gillespie)
- Symantec Kovter Removal Tool (Symantec)
- SystemLook (jpshortstuff)
- SFTGC (Pierre13)
- TDSSkiller (Kaspersky Labs)
- TFC (Old_Timer)
- ToolsDiag (Amesam)
- UAC-LEVEL (Amesam)
- UAC Manager (Xplode)
- UnHide (BleepingComputer)
- Unlock92Decrypter (Michael Gillespie)
- Usb File Resc (Streuner Corporation)
- UsbFix (El desaparecido & C_XX)
- UnZacMe (Gen-Hackman)
- Webroot DE-BUG (Webroot)
- WildfireDecryptor (Kaspersky Labs)
- WinChk (Xplode)
- WinsockAnalyzer (Xplode)
- WinUpdatefix (Xplode)
- XoristDecryptor (Kaspersky Labs)
- ZHPCleaner (Nicolas Coolman)
- ZHPDiag (Nicolas Coolman)
- ZHPLite (Nicolas Coolman)
- ZHPFix (Nicolas Coolman)
- Zoek (Smeenk)
The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence.
To restore hives easily, it is possible to use KPLive: https://github.com/KernelPan1k/KpLive
During this phase, KpRm first activates system recovery and then deletes recovery points that were created less than 24 hours ago. After creating a restore point, this tool will list all the points on the machine. It is important to always check in this list if the restore point has been created, especially if the machine is running on Windows 10.
- Reset DNS cache
- Reset the WinSock catalog
- Hide hidden files
- Hide protected files
- Show known file extensions
- ConsentPromptBehaviorAdmin (5)
- ConsentPromptBehaviorUser (3)
- EnableInstallerDetection (0)
- EnableLUA (1)
- EnableSecureUIAPaths (1)
- EnableUIADesktopToggle (0)
- EnableVirtualization (1)
- FilterAdministratorToken (0)
- PromptOnSecureDesktop (1)
- ValidateAdminCodeSignatures (0)
Project website: https://kernel-panik.me/tool/kprm/
If you think KpRm has helped you, you can make a donation:
1L7YjRfxaci9Zwz5Hv84wfRYSmcbQSTNAo
GCLLHFLOZFYIV5IR2BWBIU7Q55E4EYWHWAOPYMLN3NHXTBQQCAIWJ6FC