cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/27/2015 09:28:46 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\WINDOWS\system32\ctfmon.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* Service de restauration système (srservice) is not Running.
Startup Type set to: Automatic

* Pilote de filtre de restauration système (sr) is not Running.
Startup Type set to: Disabled

* Alerter [Missing ImagePath]
* ERSvc [Missing ImagePath]
* helpsvc [Missing ImagePath]
* ImapiService [Missing ImagePath]
* Messenger [Missing ImagePath]
* mnmsrvc [Missing ImagePath]
* NtmsSvc [Missing ImagePath]
* VSS [Missing ImagePath]
* wscsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\clipsrv.exe : 58 880 : 01/12/2010 07:24 AM : 670abc65d0f0f5ccac0c344cec25ad0b [NoSig]

* C:\WINDOWS\System32\comctl32.dll : 647 680 : 01/12/2010 07:24 AM : d449df66b6335b443508a58b1e8db996 [NoSig]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921 088 : 01/12/2010 07:24 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1 054 208 : 01/12/2010 07:24 AM : f92e6bea9349d49341383f8403b4dfe5 [Pos Repl]

* C:\WINDOWS\System32\comres.dll : 2 004 480 : 01/12/2010 07:24 AM : 65c243bd71e319b59bcf24696c039b29 [NoSig]

* C:\WINDOWS\System32\ctfmon.exe : 40 960 : 01/12/2010 07:24 AM : 58db2ee838d5b7bad0f7f10a6c920390 [NoSig]

* C:\WINDOWS\System32\ntkrnlpa.exe : 2 165 760 : 01/12/2010 07:24 AM : 36fa7dafa6c2658d9f48c69fb812943b [NoSig]

* C:\WINDOWS\System32\ntoskrnl.exe : 2 287 104 : 01/12/2010 07:24 AM : 928f1d57dd79b2edde517b2ffeb570c9 [NoSig]

* C:\WINDOWS\System32\setupapi.dll : 2 930 176 : 01/12/2010 07:24 AM : aa7a6148599170f745897beeb8c999cb [NoSig]

* C:\WINDOWS\System32\sfcfiles.dll : 1 571 840 : 01/12/2010 07:24 AM : a5780186a76eaba3e656e63b41862997 [NoSig]

* C:\WINDOWS\System32\user32.dll : 724 480 : 01/12/2010 07:24 AM : db3ab42404d66860a4c4e9ed8530d0fd [NoSig]

* C:\WINDOWS\System32\UxTheme.dll : 219 648 : 01/12/2010 07:24 AM : 283ffcd879a4de3ae98f21de3d18eb5f [NoSig]

* C:\WINDOWS\System32\winlogon.exe : 568 320 : 01/12/2010 07:24 AM : ae0d48af37f5a48156d4a6bae07c9121 [NoSig]

* C:\WINDOWS\explorer.exe : 1 916 416 : 01/12/2010 07:24 AM : d84567752fb42d8dc55cfb85fe0edece [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 internetdownloadmanager.com
46.4.158.131 login0.camfrog.com
46.4.158.131 login1.camfrog.com
46.4.158.131 login2.camfrog.com
46.4.158.131 login3.camfrog.com
46.4.158.131 login4.camfrog.com
46.4.158.131 login5.camfrog.com
46.4.158.131 login6.camfrog.com
46.4.158.131 login7.camfrog.com
46.4.158.131 login8.camfrog.com
46.4.158.131 login9.camfrog.com
46.4.158.131 login.camfrog.com

Program finished at: 06/27/2015 09:29:15 AM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité