cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/17/2016 02:49:43 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hrl192.tmp (PID: 168) [SUP-HEUR]
* C:\windows\system32\iimaia.exe (PID: 460) [WD-HEUR]
* C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe (PID: 492) [AU-HEUR]
* C:\WINDOWS\system32\igfxtray.exe (PID: 364) [WD-HEUR]
* C:\WINDOWS\system32\hkcmd.exe (PID: 552) [WD-HEUR]
* C:\WINDOWS\system32\igfxpers.exe (PID: 560) [WD-HEUR]
* C:\WINDOWS\system32\igfxsrvc.exe (PID: 668) [WD-HEUR]
* C:\Documents and Settings\All Users\Application Data\MobiConnect\OnlineUpdate\ouc.exe (PID: 436) [AU-HEUR]

8 proccesses terminated!

Possibly Patched Files.

* C:\windows\system32\svchost.exe
* C:\windows\system32\svchost.exe
* C:\windows\System32\svchost.exe
* C:\windows\system32\spoolsv.exe
* C:\windows\system32\svchost.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Client DNS (Dnscache) is not Running.
Startup Type set to: Disabled

* Service de restauration système (srservice) is not Running.
Startup Type set to: Disabled

* Centre de sécurité (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* C:\windows\System32\clipsrv.exe : 82 432 : 09/27/2008 12:24 AM : 03ce7cab682cf16ab8c686fbf71c0ea9 [NoSig]

* C:\windows\System32\comctl32.dll : 693 248 : 09/27/2008 12:24 AM : aac42fd16a1976de9a0773e740597644 [NoSig]
+-> C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921 088 : 04/14/2008 02:00 PM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1 054 208 : 04/14/2008 02:00 PM : f92e6bea9349d49341383f8403b4dfe5 [Pos Repl]

* C:\windows\System32\comres.dll : 1 504 256 : 09/27/2008 12:24 AM : 0f350f1870e65c510ffff60d7ee14ba8 [NoSig]

* C:\windows\System32\ctfmon.exe : 64 512 : 09/27/2008 12:24 AM : ee1cd395170d9dd51b804b3b0405ccc3 [NoSig]

* C:\windows\System32\dllhost.exe : 32 256 : 04/14/2008 02:00 PM : 76140a1a9fff642f185a9bbfc9170ff8 [NoSig]

* C:\windows\System32\mshtml.dll : 3 774 464 : 09/27/2008 12:25 AM : b6bc3773b01bf85b880f56c198eea90b [NoSig]

* C:\windows\System32\ntkrnlpa.exe : 2 165 760 : 09/27/2008 12:31 AM : 36fa7dafa6c2658d9f48c69fb812943b [NoSig]

* C:\windows\System32\ntoskrnl.exe : 2 287 104 : 09/27/2008 12:26 AM : 928f1d57dd79b2edde517b2ffeb570c9 [NoSig]

* C:\windows\System32\setupapi.dll : 4 098 048 : 09/27/2008 12:26 AM : e8dd703637818af257e60f70d5de59c1 [NoSig]

* C:\windows\System32\spoolsv.exe : 84 992 : 04/14/2008 02:00 PM : a7027e64d9d5f2c0027849787111275c [NoSig]

* C:\windows\System32\svchost.exe : 41 472 : 04/14/2008 02:00 PM : c228a65194841882fc30fa5f9e09b077 [NoSig]

* C:\windows\System32\user32.dll : 517 632 : 09/27/2008 12:27 AM : ef31a8266af7996746392e4f45502536 [NoSig]

* C:\windows\System32\userinit.exe : 53 760 : 04/14/2008 02:00 PM : c47f182a2e2b7a32185b1c270e8c6fb9 [NoSig]

* C:\windows\System32\UxTheme.dll : 219 648 : 04/13/2008 07:33 PM : 68ad993dc682aff7a512fa017c36ecf2 [NoSig]

* C:\windows\System32\wbem\wmiprvse.exe : 245 248 : 04/14/2008 02:00 PM : 76002dd74a3061dc602be5ced1e04ec2 [NoSig]

* C:\windows\System32\wininet.dll : 879 616 : 09/27/2008 12:27 AM : 90b16ff3acec94b95ba95aa686442a47 [NoSig]

* C:\windows\System32\winlogon.exe : 593 408 : 09/27/2008 12:27 AM : 4bb6301d634c857a5089e8b24c5555e4 [NoSig]

* C:\windows\System32\wscntfy.exe : 40 960 : 04/14/2008 02:00 PM : 32259eccd9def1502e603b82cdda07a7 [NoSig]

* C:\windows\explorer.exe : 1 602 560 : 07/17/2016 12:08 AM : 4d061963a76e8fac8bc7f55dcab9e3a5 [NoSig]

* C:\windows\System32\drivers\dmboot.sys : 800 256 : 04/13/2008 07:05 PM : b13408a5d89dcc39992ca0ddce3c86ba [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.ijinshan.com
127.0.0.1 www.360.cn
127.0.0.1 www.rising.com.cn
127.0.0.1 www.ijinshan.com
127.0.0.1 kaba365.com

Program finished at: 07/17/2016 02:51:03 PM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité