cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/10/2017 04:38:21 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Defender Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* agp440 [Missing Service]
* DcpSvc [Missing Service]
* DiagTrack [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* tunnel [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]

* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\drmkaud.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [NoSig]
+-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_d971d3ff1aaf7bdb\drmkaud.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]
+-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_f164c3f2eb92e100\drmkaud.sys : 16 232 : 03/18/2017 10:56 PM : 3d934a1c02eb6979cf45c70a71f580ec [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.0_none_717b324c52f46229\drmkaud.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.447_none_f57fd9a980730e5c\drmkaud.sys : 16 232 : 03/18/2017 10:56 PM : 3d934a1c02eb6979cf45c70a71f580ec [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.502_none_f5a619cd80571d0c\drmkaud.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]

* C:\WINDOWS\System32\drivers\drmk.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [NoSig]
+-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_d971d3ff1aaf7bdb\drmk.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]
+-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_f164c3f2eb92e100\drmk.sys : 97 280 : 03/18/2017 10:56 PM : 08b2bbb2d2fc84433af6438242e8fcb8 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.0_none_717b324c52f46229\drmk.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.447_none_f57fd9a980730e5c\drmk.sys : 97 280 : 03/18/2017 10:56 PM : 08b2bbb2d2fc84433af6438242e8fcb8 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.502_none_f5a619cd80571d0c\drmk.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]

* C:\WINDOWS\System32\drivers\portcls.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [NoSig]
+-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_d971d3ff1aaf7bdb\portcls.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]
+-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_f164c3f2eb92e100\portcls.sys : 373 248 : 03/18/2017 10:56 PM : 57dd010d1d05ac368b0c9159e10f3d93 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.0_none_717b324c52f46229\portcls.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.447_none_f57fd9a980730e5c\portcls.sys : 373 248 : 03/18/2017 10:56 PM : 57dd010d1d05ac368b0c9159e10f3d93 [Pos Repl]
+-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_10.0.15063.502_none_f5a619cd80571d0c\portcls.sys : 12 : 07/12/2017 03:13 PM : b4fa310fddf07e2ce071e07a9fdbcf79 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 08/10/2017 04:38:38 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité