Rkill 2.8.

4 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/09/2017 07:57:59 AM in x64 mode.
Windows Version: Windows 10 Home Single Language
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\Sony Vaio\AppData\Local\AMD\amd.exe (PID: 2996) [UP-HEUR]
* C:\Users\Sony Vaio\AppData\Local\clean\Kyubey.exe (PID: 1380) [UP-HEUR]
* C:\Users\Sony Vaio\AppData\Roaming\Kyubey\Kyubey.exe (PID: 3224) [UP-HEUR]
* C:\Users\Sony Vaio\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe (PID:
3244) [UP-HEUR]
* C:\ProgramData\Windows Security\winsecurity.exe (PID: 3644) [AU-HEUR]
* C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 7816) [AU-HEU
R]
* C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe (PID: 6408) [AU-H
EUR]
7 proccesses terminated!
Active Proxy Server Detected
* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.
Checking Registry for malware related settings:
* No issues found in the Registry.
Backup Registry file created at:
C:\Users\Sony Vaio\Desktop\rkill\rkill-05-09-2017-07-58-17.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic
y\StandardProfile]
"EnableFirewall" = dword:00000000
* Reparse Point/Junctions Found (Most likely legitimate)!
 * C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows
\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Loca
l\Microsoft\Windows\INetCache\IE [Dir]
Checking Windows Service Integrity:
* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled
* agp440 [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]
* AppMgmt [Missing Service]
* CSC [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricte
d [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePa
th]
* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
104.131.26.227 469ba60d9681f961064c-3cca6631dac1b4997db921c060b712f6.r30.cf2.
rackcdn.com
104.131.26.227 a.bf-ad.net
104.131.26.227 a.visualrevenue.com
104.131.26.227 a1.vdna-assets.com
104.131.26.227 a248.e.akamai.net
104.131.26.227 aax.amazon-adsystem.com
104.131.26.227 ad.crwdcntrl.net
104.131.26.227 ad.mail.ru
 104.131.26.227 ade.clmbtech.com
104.131.26.227 ads.adfox.ru
20 out of 194 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 05/09/2017 08:09:52 AM
Execution time: 0 hours(s), 11 minute(s), and 53 seconds(s)