cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2014 01:32:07 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\nvsvc32.exe (PID: 884) [WD-HEUR]
* C:\WINDOWS\system32\RUNDLL32.EXE (PID: 1976) [WD-HEUR]
* C:\WINDOWS\system32\rundll32.exe (PID: 2004) [WD-HEUR]
* C:\WINDOWS\system32\crypserv.exe (PID: 1192) [WD-HEUR]

4 proccesses terminated!

Possibly Patched Files.

* C:\WINDOWS\system32\ctfmon.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\clipsrv.exe : 58 368 : 04/13/2008 06:33 PM : 0566c597848d9dcb0cd473d75b537347 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\clipsrv.exe : 33 280 : 04/13/2008 06:33 PM : 8b30cbb0c07d49b2658fb190946b0e7e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\clipsrv.exe : 58 368 : 04/13/2008 06:33 PM : 0566c597848d9dcb0cd473d75b537347 [Pos Repl]

* C:\WINDOWS\System32\comctl32.dll : 643 072 : 04/13/2008 06:33 PM : bcc393f205c17911ed52870968336e8e [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\comctl32.dll : 617 472 : 04/13/2008 06:33 PM : b4aa331468315b6a174c3f0d5b3bc135 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\comctl32.dll : 643 072 : 04/13/2008 06:33 PM : bcc393f205c17911ed52870968336e8e [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921 088 : 08/28/2001 01:00 PM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1 054 208 : 04/13/2008 06:30 PM : f92e6bea9349d49341383f8403b4dfe5 [Pos Repl]

* C:\WINDOWS\System32\comres.dll : 1 553 920 : 04/13/2008 06:33 PM : 385c22f764b63e734ea33f2e819f4e1f [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\comres.dll : 851 968 : 04/13/2008 06:33 PM : f4b7146c7eed6c4e158dcd9b5266c25a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\comres.dll : 1 553 920 : 04/13/2008 06:33 PM : 385c22f764b63e734ea33f2e819f4e1f [Pos Repl]

* C:\WINDOWS\System32\ctfmon.exe : 40 448 : 04/13/2008 06:34 PM : e21578b40c046a3f0ff371a9755145e5 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\ctfmon.exe : 15 360 : 04/13/2008 06:34 PM : 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ctfmon.exe : 40 448 : 04/13/2008 06:34 PM : e21578b40c046a3f0ff371a9755145e5 [Pos Repl]

* C:\WINDOWS\System32\hnetcfg.dll : 371 712 : 04/13/2008 06:33 PM : 6fdcb07680a163837ce0e0abc3eb571e [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\hnetcfg.dll : 347 136 : 04/13/2008 06:33 PM : e62b0be3fc855066c872f5b50a6bcd1b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\hnetcfg.dll : 371 712 : 04/13/2008 06:33 PM : 6fdcb07680a163837ce0e0abc3eb571e [Pos Repl]

* C:\WINDOWS\System32\midimap.dll : 42 496 : 04/13/2008 06:33 PM : f513e42654d022ca667380545a95abad [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\midimap.dll : 18 944 : 04/13/2008 06:33 PM : 5d469fe7d63cf5215af80cfa37be6897 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\midimap.dll : 42 496 : 04/13/2008 06:33 PM : f513e42654d022ca667380545a95abad [Pos Repl]

* C:\WINDOWS\System32\ntkrnlpa.exe : 2 187 264 : 04/13/2008 07:07 PM : c56551655aa35a2ea0294f3a0321bbc2 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe : 2 025 984 : 04/13/2008 07:07 PM : 92e82482cdb39929cf7b541a9648afae [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e1866c3e2b84f5c2d39e8ed26ecb75d7\SP3GDR\ntkrnlpa.exe : 2 071 424 : 12/09/2010 04:14 PM : f2b0235923a03e0feb5e212b4e9475b6 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e1866c3e2b84f5c2d39e8ed26ecb75d7\SP3QFE\ntkrnlpa.exe : 2 071 424 : 12/09/2010 08:45 PM : d27a5053a37fb85e8525f998cdc4de19 [Pos Repl]

* C:\WINDOWS\System32\ntoskrnl.exe : 2 308 608 : 04/13/2008 07:07 PM : 212dd2d80a9aa0dda79fdae415c74364 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\ntoskrnl.exe : 2 147 328 : 04/13/2008 07:07 PM : b10c36956eb7a8b1586dbe3b43875280 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e1866c3e2b84f5c2d39e8ed26ecb75d7\SP3GDR\ntoskrnl.exe : 2 194 816 : 12/09/2010 04:14 PM : 33698c8fad37228407e62624c334dfe9 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e1866c3e2b84f5c2d39e8ed26ecb75d7\SP3QFE\ntoskrnl.exe : 2 194 816 : 12/09/2010 04:15 PM : 360612511aa332b8d3ab295aca0192cd [Pos Repl]

* C:\WINDOWS\System32\ole32.dll : 1 312 256 : 04/13/2008 06:33 PM : 577b8aa9bfb6180dc7ef3fcfbdee9e61 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\ole32.dll : 1 287 168 : 04/13/2008 06:33 PM : 9245faf86a8235d5290a23c010dabd43 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\1b944abbd569542943fef56396cae09e\SP3GDR\ole32.dll : 1 287 680 : 07/16/2010 01:06 PM : a867e538cfd78cb10b3eef2495c10f00 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\1b944abbd569542943fef56396cae09e\SP3QFE\ole32.dll : 1 288 704 : 07/16/2010 01:04 PM : 210e7adfefa2879115612e5c02d410d6 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ole32.dll : 1 312 256 : 04/13/2008 06:33 PM : 577b8aa9bfb6180dc7ef3fcfbdee9e61 [Pos Repl]

* C:\WINDOWS\System32\psbase.dll : 123 904 : 04/13/2008 06:33 PM : edf51dd32d58ab963db875cdf19bb3be [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\psbase.dll : 98 816 : 04/13/2008 06:33 PM : 6537e6d9a0e302ecd2f0b8095a99f7af [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\psbase.dll : 123 904 : 04/13/2008 06:33 PM : edf51dd32d58ab963db875cdf19bb3be [Pos Repl]

* C:\WINDOWS\System32\setupapi.dll : 2 579 456 : 04/13/2008 06:33 PM : cd48c69ac582f6222d97772c4f2b58d5 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\setupapi.dll : 1 005 056 : 04/13/2008 06:33 PM : f372dc84dfe63bf4115c0a6b1f4cf680 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\setupapi.dll : 2 579 456 : 04/13/2008 06:33 PM : cd48c69ac582f6222d97772c4f2b58d5 [Pos Repl]

* C:\WINDOWS\System32\user32.dll : 579 584 : 04/13/2008 06:33 PM : de4a4ac7328fc80156034e7eb283676d [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\user32.dll : 579 584 : 04/13/2008 06:33 PM : e853f84d3ce2faa2a802e33cf89ac023 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\user32.dll : 579 584 : 04/13/2008 06:33 PM : de4a4ac7328fc80156034e7eb283676d [Pos Repl]

* C:\WINDOWS\System32\UxTheme.dll : 219 648 : 07/22/2014 06:48 PM : 1b01a195883a09dd18e50af87f924dfc [NoSig]
+-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 219 648 : 07/22/2014 06:48 PM : 1b01a195883a09dd18e50af87f924dfc [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe : 551 424 : 04/13/2008 06:34 PM : 917c64008889003e6ea19cf0793cbd72 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe : 512 000 : 04/13/2008 06:34 PM : dd73d6b9f6b4cb630cf35b438b540174 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\winlogon.exe : 551 424 : 04/13/2008 06:34 PM : 917c64008889003e6ea19cf0793cbd72 [Pos Repl]

* C:\WINDOWS\explorer.exe : 1 544 704 : 04/13/2008 06:34 PM : b45da298e42c7a44ba96aed93b1d7359 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe : 1 037 824 : 04/13/2008 06:34 PM : f2317622d29f9ff0f88aeecd5f60f0dd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1 544 704 : 04/13/2008 06:34 PM : b45da298e42c7a44ba96aed93b1d7359 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost
66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es
127.0.0.1 mpa.one.microsoft.com

Program finished at: 10/02/2014 01:34:19 PM
Execution time: 0 hours(s), 2 minute(s), and 11 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité