Sei sulla pagina 1di 2

Rkill 2.8.

4 by Lawrence Abrams (Grinler)


http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/14/2016 06:39:31 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Active Proxy Server Detected
*
*
*
*
*

Proxy Disabled.
ProxyOverride value deleted.
ProxyServer value deleted.
AutoConfigURL value deleted.
Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:


* Advanced Explorer Setting Removed: HideIcons [HKCU]
Backup Registry file created at:
C:\Users\Sogeking\Desktop\rkill\rkill-11-14-2016-06-39-32.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic
y\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic
* Network Connections (Netman) is not Running.

Startup Type set to: Manual


* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* NetBT (NetBT) is not Running.
Startup Type set to: System
* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System
* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System
Searching for Missing Digital Signatures:
* C:\Windows\System32\user32.dll : 1,008,640 : 07/14/2009 08:41 AM : e573bd9ab5
5c8e333c202b9e255f972e [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833,024 : 10/06/2015 04:12 PM : 2c9cc9f492
ca596b1b9fc1ae5e916356 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.
16385_none_292d5de8870d85d9\user32.dll : 1,008,640 : 07/14/2009 08:41 AM : 72d7b
3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.
16385_none_3382083abb6e47d4\user32.dll : 833,024 : 07/14/2009 08:11 AM : e8b0ffc
209e504cb7e79fc24e6c085f0 [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
Program finished at: 11/14/2016 06:40:31 PM
Execution time: 0 hours(s), 0 minute(s), and 59 seconds(s)