Rkill 2.5.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/31/2013 08:14:39 AM in x86 mode. Windows Version: Microsoft Windows XP Dodatek Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\ZSSnp211.exe (PID: 1676) [WD-HEUR] * C:\WINDOWS\Domino.exe (PID: 1096) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir] Checking Windows Service Integrity: * wscsvc [Missing Service] Searching for Missing Digital Signatures: * C:\WINDOWS\System32\sfcfiles.dll : 1 571 840 : 06/28/2010 10:49 PM : 0c2cb7c545c59c9679c4f72fcff5ea5f [NoSig] * C:\WINDOWS\System32\UxTheme.dll : 219 648 : 05/17/2008 07:29 PM : b0c766b29677a90dd611042a18e50d6c [NoSig] Checking HOSTS File: * HOSTS file entries found: # Copyright (c) 1993-1999 Microsoft Corp. 127.0.0.1 localhost 127.0.0.1 www.google-analytics.com 127.0.0.1 google-analytics.com Program finished at: 07/31/2013 08:15:13 AM Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)