cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/04/2015 09:17:49 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\sistray.exe (PID: 3744) [WD-HEUR]
* C:\Documents and Settings\All Users\Application Data\{bb02c705-f9c3-600f-bb02-2c705f9c1c17}\Multi Mount SD-Card v2.50.cafe4ndroid.com.exe (PID: 3812) [AU-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\mshtml.dll : 6,247,424 : 04/30/2014 10:12 AM : 33acbdcf811c81fc6c0b57924090a6d5 [NoSig]
+-> C:\WINDOWS\ie8updates\KB2964358-IE8\mshtml.dll : 5,945,856 : 01/23/2010 03:59 PM : 731d6bf7af18b4512be66436bcfeb2be [Pos Repl]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\mshtml.dll : 6,022,144 : 04/30/2014 10:12 AM : 2db24c085cf2e41a2f18ba6be8639d71 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mshtml.dll : 6,247,424 : 04/30/2014 10:12 AM : 33acbdcf811c81fc6c0b57924090a6d5 [Pos Repl]

* C:\WINDOWS\System32\ntkrnlpa.exe : 2,191,360 : 07/04/2013 09:33 AM : f2e8613a644f04a2b6cd40674dc2036c [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2393802$\ntkrnlpa.exe : 2,025,472 : 04/15/2008 02:00 PM : bb1e6679b7c5a25866803b035b0c6aec [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe : 2,028,544 : 12/09/2010 05:14 PM : 8a675d07e5fad9dca6d6c9388018892e [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2859537$\ntkrnlpa.exe : 2,028,032 : 04/11/2012 03:50 PM : 25f640620882a2439961ae45392483b5 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2,071,680 : 07/04/2013 09:33 AM : 195ba0bd1eb1f6193482fc858a6da2db [Pos Repl]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe : 2,030,080 : 07/04/2013 09:33 AM : 5c2b2149e06d0705006c992a642e770d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntkrnlpa.exe : 2,191,360 : 07/04/2013 09:33 AM : f2e8613a644f04a2b6cd40674dc2036c [Pos Repl]

* C:\WINDOWS\System32\ntoskrnl.exe : 2,312,704 : 07/04/2013 09:33 AM : e46eea515c3274f8017e7a02c406dc6b [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe : 2,146,816 : 01/22/2010 10:54 AM : 0a13fe17a834e4005234fbc7bd5cbd28 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe : 2,150,400 : 12/09/2010 05:14 PM : c7f8bed041595e3e5f3c5f6fb90652bb [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2859537$\ntoskrnl.exe : 2,149,888 : 04/11/2012 03:50 PM : de31842a51d985d04ee8723fe586763e [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2,195,072 : 07/04/2013 09:33 AM : 823e5ace237fc7b7b39b62cbcfc1d856 [Pos Repl]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\ntoskrnl.exe : 2,151,424 : 07/04/2013 09:33 AM : d9ac7e35e52df088f606e0af1d8de2dd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntoskrnl.exe : 2,312,704 : 07/04/2013 09:33 AM : e46eea515c3274f8017e7a02c406dc6b [Pos Repl]

* C:\WINDOWS\System32\setupapi.dll : 2,558,464 : 01/22/2010 10:54 AM : 0f68ac0d076e716502ba884246a5d80a [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\setupapi.dll : 984,064 : 01/22/2010 10:54 AM : 823a5b017bf1e6da60914267c221bbd4 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\setupapi.dll : 2,558,464 : 01/22/2010 10:54 AM : 0f68ac0d076e716502ba884246a5d80a [Pos Repl]

* C:\WINDOWS\System32\user32.dll : 577,536 : 04/09/2008 04:26 PM : e20811de5cfa42d869d07fe6e322c2e5 [NoSig]

* C:\WINDOWS\System32\UxTheme.dll : 218,624 : 12/02/2014 09:45 AM : a416d205aca87dd41a0268ba15e14477 [NoSig]
+-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218,624 : 12/02/2014 09:45 AM : a416d205aca87dd41a0268ba15e14477 [Pos Repl]

* C:\WINDOWS\System32\wininet.dll : 986,624 : 03/06/2014 07:58 PM : 6d8372d757e748727e806eeb4c4723ec [NoSig]
+-> C:\WINDOWS\ie8updates\KB2936068-IE8\wininet.dll : 916,480 : 01/23/2010 03:59 PM : 699a0aac208a08a579169e06e455c2c4 [Pos Repl]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\wininet.dll : 920,064 : 03/06/2014 07:58 PM : 02d1be083f6de11e2c0fe47f3c500bb7 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wininet.dll : 986,624 : 03/06/2014 07:58 PM : 6d8372d757e748727e806eeb4c4723ec [Pos Repl]

* C:\WINDOWS\explorer.exe : 1,559,552 : 01/22/2010 10:54 AM : 66e52bd14aa31826f98e4199c27191f5 [NoSig]
+-> C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe : 1,031,168 : 01/22/2010 10:54 AM : d9be536974b8b7b966869218918d0c79 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,559,552 : 01/22/2010 10:54 AM : 66e52bd14aa31826f98e4199c27191f5 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/04/2015 09:18:51 PM
Execution time: 0 hours(s), 1 minute(s), and 1 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité