Rkill.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/04/2017 10:32:46 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\IFTA\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe (PID: 1932) [UP-HEUR]
* C:\Users\IFTA\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe (PID: 3108) [UP-HEUR]
* C:\Users\IFTA\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe (PID: 6064) [UP-HEUR]
* C:\Users\IFTA\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe (PID: 4904) [UP-HEUR]

4 proccesses terminated!

Possibly Patched Files.

* C:\Windows\system32\winlogon.exe

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\IFTA\Desktop\rkill\rkill-11-04-2017-10-34-11.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Modified HKCU\...\Winlogon: [Shell] => %comspec%

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 1 008 640 : 01/16/2011 01:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [NoSig]
+-> C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll : 833 024 : 11/19/2010 09:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\KJ\Pirate\P\x64P\user32.dll : 1 008 128 : 11/19/2010 10:27 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\KJ\Pirate\P\x86P\user32.dll : 811 520 : 11/19/2010 09:21 PM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll : 833 024 : 11/19/2010 09:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\x64T\user32.dll : 1 008 640 : 01/16/2011 01:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\x86T\user32.dll : 812 032 : 11/19/2010 09:21 PM : cf97d64d7ec169c53c93b0a192218b29 [Pos Repl]
+-> C:\Windows\SysWOW64\user32.dll : 833 024 : 11/19/2010 09:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1 008 640 : 07/14/2009 02:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1 008 128 : 11/20/2010 02:27 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833 024 : 07/14/2009 02:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833 024 : 11/20/2010 01:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

* C:\Windows\System32\winlogon.exe : 389 632 : 01/16/2011 01:01 AM : 81257415084b84f3c0d95c381a8d4c8f [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe : 389 120 : 07/14/2009 02:39 AM : 132328df455b0028f13bf0abee51a63a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390 656 : 11/20/2010 02:25 PM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe : 455 168 : 03/04/2014 10:43 AM : 88ab9b72b4bf3963a0de0820b4b0b06c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe : 455 168 : 07/17/2014 03:07 AM : 8cebd9d0a0a879cde9f36f4383b7caea [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe : 455 680 : 03/04/2014 12:08 AM : 6ce2ae073bd21c542fc2c707cae944cc [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe : 455 680 : 07/16/2014 04:23 AM : 98aa0bfee089c7e5dadb94190d93456c [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com

20 out of 191 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/04/2017 10:36:42 PM
Execution time: 0 hours(s), 3 minute(s), and 56 seconds(s)

Signaler le contenu de ce document