cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/14/2018 10:50:29 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* Schedule Stopped. [PUP/GEN]

1 service stopped!

Checking for processes to terminate:

* C:\WINDOWS\system32\PowerMenu\PowerMenu.exe (PID: 740) [WD-HEUR]
* C:\WINDOWS\system32\DrvIcon.exe (PID: 756) [WD-HEUR]
* C:\WINDOWS\system32\taskbarshuffle.exe (PID: 916) [WD-HEUR]
* C:\WINDOWS\system32\TaskSwitchXP.exe (PID: 1076) [WD-HEUR]
* C:\WINDOWS\system32\Startup Monitor.exe (PID: 1096) [WD-HEUR]
* C:\WINDOWS\system32\NOTEPAD.EXE (PID: 3476) [WD-HEUR]

6 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: DisallowRun [HKCU]

Backup Registry file created at:
C:\Documents and Settings\Administrator\Desktop\rkill\rkill-08-14-2018-10-50-40.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\ntkrnlpa.exe : 2,034,688 : 03/06/2011 01:28 AM : 9af93af1af1aed5c7c667a8dda726c8b [NoSig]

* C:\WINDOWS\System32\ntoskrnl.exe : 2,156,544 : 03/01/2011 05:30 AM : 9997beb3d853bd1fe08c60f299df5345 [NoSig]

* C:\WINDOWS\System32\setupapi.dll : 1,749,504 : 03/01/2011 05:25 AM : 91cf44015ec4492ad1393fc8d3f4724b [NoSig]

* C:\WINDOWS\System32\user32.dll : 487,424 : 03/01/2011 05:27 AM : 313ee8f553ecd632cd07841f56eff405 [NoSig]

* C:\WINDOWS\System32\UxTheme.dll : 218,624 : 06/22/2011 09:54 AM : 88f5be9ae5b87b82e83718f3e425e82d [NoSig]

* C:\WINDOWS\explorer.exe : 1,499,136 : 03/01/2011 05:29 AM : 6da4fbd985476636dc44303108db7d05 [NoSig]

* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/22/2011 09:54 AM : 474d3dccb57defcd917311eec47204b9 [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 08/14/2018 10:51:47 PM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)

Publicité


Signaler le contenu de ce document

Publicité