Scribd
Upload
38 views2 pages

Rkill

Uploaded by

eduard morar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
38 views2 pages

Rkill

Uploaded by

eduard morar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Rkill 2.9.

1 by Lawrence Abrams (Grinler)


http://www.bleepingcomputer.com/
Copyright 2008-2023 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/25/2023 08:45:27 PM in x64 mode.


Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\IPROSetMonitor.exe (PID: 5016) [WD-HEUR]


* C:\Windows\System32\kms-server.exe (PID: 3484) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\
Application Data => C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\
Local [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\History
=> C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\Microsoft\
Windows\History [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\
Microsoft\Windows\Temporary Internet Files => C:\Windows\ServiceProfiles\
SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\Microsoft\Windows\INetCache [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\
Temporary Internet Files => C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\
AppData\Local\Microsoft\Windows\INetCache [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Application Data =>
C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Cookies => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local\Microsoft\
Windows\INetCookies [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Documents\My Music =>
C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Music [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Documents\My Pictures
=> C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Pictures [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Documents\My Videos
=> C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Videos [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Local Settings => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Local [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\My Documents => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Documents [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\NetHood => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming\Microsoft\
Windows\Network Shortcuts [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\PrintHood => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming\Microsoft\
Windows\Printer Shortcuts [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Recent => C:\Windows\
ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming\Microsoft\Windows\
Recent [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\SendTo => C:\Windows\
ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming\Microsoft\Windows\
SendTo [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Start Menu => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming\Microsoft\
Windows\Start Menu [Dir]
* C:\Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\Templates => C:\
Windows\ServiceProfiles\SQLTELEMETRY$TEW_SQLEXPRESS\AppData\Roaming\Microsoft\
Windows\Templates [Dir]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site


109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site

20 out of 35 HOSTS entries shown.


Please review HOSTS file for further entries.

Program finished at: 11/25/2023 08:46:10 PM


Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

You might also like