cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/01/2016 04:41:16 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\igfxtray.exe (PID: 1852) [WD-HEUR]
* C:\WINDOWS\system32\hkcmd.exe (PID: 1860) [WD-HEUR]
* C:\WINDOWS\VistaDrive\VistaDrive.exe (PID: 1868) [WD-HEUR]
* C:\WINDOWS\system32\LGScsiCommandService.exe (PID: 588) [WD-HEUR]
* C:\WINDOWS\system32\taskmgr.exe (PID: 3508) [WD-HEUR]
* C:\DOCUME~1\ADMINI~1.TEC\LOCALS~1\Temp\Rar$EXa0.008\RKill 2 5 3.rar_10924_i112179851_il345.exe (PID: 1156) [T-HEUR]
* C:\DOCUME~1\ADMINI~1.TEC\LOCALS~1\Temp\zAqZXzdz\RKill+2+5+3.rar__10924_i1806025733_il2002257.exe (PID: 2968) [T-HEUR]

7 proccesses terminated!

Possibly Patched Files.

* C:\WINDOWS\system32\ctfmon.exe
* C:\WINDOWS\Explorer.EXE

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* Service de restauration système (srservice) is not Running.
Startup Type set to: Automatic

* Pilote de filtre de restauration système (sr) is not Running.
Startup Type set to: Disabled

* Alerter [Missing ImagePath]
* ERSvc [Missing ImagePath]
* helpsvc [Missing ImagePath]
* ImapiService [Missing ImagePath]
* Messenger [Missing ImagePath]
* mnmsrvc [Missing ImagePath]
* NtmsSvc [Missing ImagePath]
* VSS [Missing ImagePath]
* wscsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\clipsrv.exe : 58 880 : 01/12/2010 06:24 AM : 670abc65d0f0f5ccac0c344cec25ad0b [NoSig]

* C:\WINDOWS\System32\comctl32.dll : 647 680 : 01/12/2010 06:24 AM : d449df66b6335b443508a58b1e8db996 [NoSig]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921 088 : 01/12/2010 06:24 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1 054 208 : 01/12/2010 06:24 AM : f92e6bea9349d49341383f8403b4dfe5 [Pos Repl]

* C:\WINDOWS\System32\comres.dll : 2 004 480 : 01/12/2010 06:24 AM : 65c243bd71e319b59bcf24696c039b29 [NoSig]

* C:\WINDOWS\System32\ctfmon.exe : 40 960 : 01/12/2010 06:24 AM : 58db2ee838d5b7bad0f7f10a6c920390 [NoSig]

* C:\WINDOWS\System32\ntkrnlpa.exe : 2 207 872 : 01/12/2010 06:24 AM : a3ca2b158b645447964adc84fa7e6ee6 [NoSig]

* C:\WINDOWS\System32\ntoskrnl.exe : 2 331 008 : 01/12/2010 06:24 AM : 65a2d2bd594eb3e670cecffeed75fb69 [NoSig]

* C:\WINDOWS\System32\setupapi.dll : 2 930 176 : 01/12/2010 06:24 AM : aa7a6148599170f745897beeb8c999cb [NoSig]

* C:\WINDOWS\System32\sfcfiles.dll : 1 571 840 : 01/12/2010 06:24 AM : a5780186a76eaba3e656e63b41862997 [NoSig]

* C:\WINDOWS\System32\user32.dll : 724 480 : 01/12/2010 06:24 AM : db3ab42404d66860a4c4e9ed8530d0fd [NoSig]

* C:\WINDOWS\System32\UxTheme.dll : 219 648 : 01/12/2010 06:24 AM : 283ffcd879a4de3ae98f21de3d18eb5f [NoSig]

* C:\WINDOWS\System32\winlogon.exe : 568 320 : 01/12/2010 06:24 AM : ae0d48af37f5a48156d4a6bae07c9121 [NoSig]

* C:\WINDOWS\explorer.exe : 1 916 416 : 01/12/2010 06:24 AM : d84567752fb42d8dc55cfb85fe0edece [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/01/2016 04:42:44 PM
Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité