Format du document : text/plain


ÿþRkill 2.6.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:

Program started at: 07/20/2015 02:07:32 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1444) [WD-HEUR]
* C:\WINDOWS\system32\Ati2evxx.exe (PID: 212) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\.bat "@" exists and is set to batfile!
* HKCU\SOFTWARE\Classes\.bat has been deleted!
* HKCU\SOFTWARE\Classes\.com "@" exists and is set to comfile!
* HKCU\SOFTWARE\Classes\.com has been deleted!

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* Alerter [Missing Service]
* Messenger [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]

* lanmanworkstation [Missing ImagePath]
* Netlogon [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found: localhost

Program finished at: 07/20/2015 02:08:21 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)


Signaler le contenu de ce document