cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/30/2015 08:29:15 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\spider.exe (PID: 2296) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKLM\batfile\shell\print\command "@" was changed.
It was reset to "%1" %*!


Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* wscsvc [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\UxTheme.dll : 219 648 : 04/29/2011 10:36 AM : 68ad993dc682aff7a512fa017c36ecf2 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll : 218 624 : 11/01/2015 08:57 AM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]

* C:\WINDOWS\System32\wscntfy.exe : 13 824 : 11/01/2015 07:35 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe : 13 824 : 11/01/2015 07:34 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]

* C:\WINDOWS\System32\drivers\i8042prt.sys : 52 480 : 11/01/2015 10:19 AM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys : 52 480 : 11/01/2015 10:07 AM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\i8042prt.sys : 52 736 : 11/01/2015 10:21 AM : 5502b58eef7486ee6f93f3f164dcb808 [Pos Repl]

* C:\WINDOWS\System32\Drivers\tcpip.sys : 361 600 : 07/08/2010 02:26 PM : 954053bc42429995a1b07e8aa9389456 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361 344 : 11/01/2015 10:14 AM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/30/2015 08:29:47 AM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité