cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/09/2015 05:03:51 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\Administrateur\Bureau\adwcleaner_5.019.exe (PID: 3904) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* agentsvr.exe debugger. [IFEO Debugger Deleted]
* avp.exe debugger. [IFEO Debugger Deleted]
* ccSvcHst.exe debugger. [IFEO Debugger Deleted]
* hijackthis.exe debugger. [IFEO Debugger Deleted]
* scan32.exe debugger. [IFEO Debugger Deleted]
* symlcsvc.exe debugger. [IFEO Debugger Deleted]

Backup Registry file created at:
C:\Documents and Settings\Administrateur\Bureau\rkill\rkill-11-09-2015-05-03-55.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Service de restauration système (srservice) is not Running.
Startup Type set to: Disabled

* Centre de sécurité (wscsvc) is not Running.
Startup Type set to: Disabled

* mnmsrvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\sfcfiles.dll : 1 571 840 : 04/30/2008 10:00 AM : b7f7d59bfb0c96faa69e8af19bc84dea [NoSig]

* C:\WINDOWS\System32\UxTheme.dll : 218 624 : 04/30/2008 10:00 AM : e35fabbe7f63cb9ae2a06a449392e3f6 [NoSig]

* C:\WINDOWS\System32\Drivers\tcpip.sys : 361 344 : 04/30/2008 10:00 AM : accf5a9a1ffaa490f33dba1c632b95e1 [NoSig]

Publicité


Signaler le contenu de ce document

Publicité