cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/27/2015 01:01:52 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\igfxtray.exe (PID: 1080) [WD-HEUR]
* C:\WINDOWS\system32\hkcmd.exe (PID: 1076) [WD-HEUR]
* C:\WINDOWS\system32\igfxpers.exe (PID: 1196) [WD-HEUR]
* C:\WINDOWS\system32\wscript.exe (PID: 392) [WD-HEUR]

4 proccesses terminated!

Possibly Patched Files.

* C:\WINDOWS\system32\ctfmon.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* Système d'événements de COM+ (EventSystem) is not Running.
Startup Type set to: Disabled

* Centre de sécurité (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\clipsrv.exe : 58 880 : 02/03/2008 10:08 AM : 83348c3ea13419ad189fe5bbb7a1732a [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\clipsrv.exe : 33 280 : 04/14/2008 02:33 AM : 8b30cbb0c07d49b2658fb190946b0e7e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\clipsrv.exe : 33 280 : 07/02/2015 07:52 PM : c8dec22c4137d7a90f8bdf41ca4b82ae [Pos Repl]

* C:\WINDOWS\System32\comctl32.dll : 647 680 : 02/03/2008 10:08 AM : ce8615abc9dcf79517ca7d9975c6a6ca [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asms\60\msft\windows\common\controls\comctl32.dll : 1 054 208 : 04/14/2008 02:30 AM : f92e6bea9349d49341383f8403b4dfe5 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\comctl32.dll : 617 472 : 04/14/2008 02:33 AM : b4aa331468315b6a174c3f0d5b3bc135 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\comctl32.dll : 611 328 : 07/02/2015 04:56 PM : a77dfb85faee49d66c74da6024ebc69b [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921 088 : 01/14/2008 05:17 PM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll : 1 054 208 : 01/14/2008 05:19 PM : 47abf878b9aec81b23ba5f89de597b3a [Pos Repl]

* C:\WINDOWS\System32\comres.dll : 1 587 712 : 02/03/2008 10:08 AM : 2146c5d7758e3a725826524cd6a1fdb9 [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\comres.dll : 851 968 : 04/14/2008 02:33 AM : f4b7146c7eed6c4e158dcd9b5266c25a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\comres.dll : 792 064 : 07/02/2015 04:57 PM : 6728270cb7dbb776ed086f5ac4c82310 [Pos Repl]

* C:\WINDOWS\System32\ctfmon.exe : 40 960 : 02/03/2008 10:08 AM : d91ee13bffbbdc87e59fcc101247d1f5 [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe : 15 360 : 04/14/2008 02:33 AM : 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ctfmon.exe : 15 360 : 07/02/2015 07:52 PM : 24232996a38c0b0cf151c2140ae29fc8 [Pos Repl]

* C:\WINDOWS\System32\setupapi.dll : 2 577 920 : 02/03/2008 10:10 AM : 251014ec3471c33d7312960284530058 [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\setupapi.dll : 1 005 056 : 04/13/2008 07:33 PM : f372dc84dfe63bf4115c0a6b1f4cf680 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\update\setupapi.dll : 1 005 056 : 04/13/2008 07:33 PM : f372dc84dfe63bf4115c0a6b1f4cf680 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\setupapi.dll : 983 552 : 07/02/2015 06:03 PM : 7808313cbc634ee08346d5ddfef1cc5f [Pos Repl]

* C:\WINDOWS\System32\user32.dll : 579 072 : 02/03/2008 10:12 AM : d631fbc2a8b9af181a8612276fc56154 [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\user32.dll : 579 584 : 04/14/2008 02:33 AM : e853f84d3ce2faa2a802e33cf89ac023 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\user32.dll : 577 024 : 07/02/2015 06:17 PM : c72661f8552ace7c5c85e16a3cf505c4 [Pos Repl]

* C:\WINDOWS\System32\UxTheme.dll : 219 648 : 02/03/2008 09:54 AM : 38e7bfd55c6c159e63a7a5d17f98dc45 [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\uxtheme.dll : 219 648 : 04/14/2008 02:33 AM : 34bc64f7aa90e6f0ae22145d813778c0 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218 624 : 07/02/2015 06:18 PM : 2cde496666a975a2ce8f969f3042c8db [Pos Repl]

* C:\WINDOWS\System32\wininet.dll : 969 216 : 02/03/2008 10:12 AM : 1e012a926231b6955b7be21b156ca1fd [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wininet.dll : 670 208 : 04/14/2008 02:33 AM : 4a6e04ea20f48d750d9bfed8600d516b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wininet.dll : 656 384 : 07/02/2015 06:23 PM : c0823fc5469663ba63e7db88f9919d70 [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe : 555 520 : 02/03/2008 10:12 AM : df3ed75d36bb55fedf9f02ec863bdf3f [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe : 512 000 : 04/14/2008 02:34 AM : dd73d6b9f6b4cb630cf35b438b540174 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\winlogon.exe : 502 272 : 07/02/2015 04:36 PM : 01c3346c241652f43aed8e2149881bfe [Pos Repl]

* C:\WINDOWS\explorer.exe : 1 573 376 : 02/03/2008 10:08 AM : baa0e1b7da39d7bfcb2e0306b3e98ec1 [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe : 1 037 824 : 04/14/2008 02:34 AM : f2317622d29f9ff0f88aeecd5f60f0dd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1 032 192 : 07/02/2015 04:18 PM : a0732187050030ae399b241436565e64 [Pos Repl]

* C:\WINDOWS\System32\drivers\intelide.sys : 5 504 : 07/02/2015 07:59 PM : 2d722b2b54ab55b2fa475eb58d7b2aad [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\intelide.sys : 5 504 : 04/14/2008 02:03 AM : 4b6da2f0a4095857a9e3f3697399d575 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 11/27/2015 01:03:14 AM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité