cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/20/2015 07:41:01 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\FaDi-YaSiNe\AppData\Roaming\eRclient\eRclient.exe (PID: 2496) [UP-HEUR]
* C:\Users\FaDi-YaSiNe\ZHPDiag3.exe (PID: 6604) [UP-HEUR]

2 proccesses terminated!

Possibly Patched Files.

* C:\Windows\system32\Dwm.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\dwm.exe : 92,672 : 07/14/2009 02:14 AM : a13f28ac30edceef74e7f0fe06724fbb [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_8faafe001b741442\dwm.exe : 92,672 : 07/14/2009 02:14 AM : 505bf4d1cadeb8d4f8bcd08d944de25d [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 thislineskipsanyemptylines
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 thislineskipsanyemptylines

Program finished at: 07/20/2015 07:42:13 PM
Execution time: 0 hours(s), 1 minute(s), and 12 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité