API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 5th, 2013
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.94 KB | None | 0 0
raw download clone embed print report
  1. Rkill 2.6.2 by Lawrence Abrams (Grinler)
  2. http://www.bleepingcomputer.com/
  3. Copyright 2008-2013 BleepingComputer.com
  4. More Information about Rkill can be found at this link:
  5. http://www.bleepingcomputer.com/forums/topic308364.html
  6.  
  7. Program started at: 11/05/2013 08:21:04 AM in x64 mode.
  8. Windows Version: Windows 7 Home Premium Service Pack 1
  9.  
  10. Checking for Windows services to stop:
  11.  
  12. * No malware services found to stop.
  13.  
  14. Checking for processes to terminate:
  15.  
  16. * No malware processes found to kill.
  17.  
  18. Checking Registry for malware related settings:
  19.  
  20. * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
  21.  
  22. Backup Registry file created at:
  23. C:\Users\crnllc\Desktop\rkill\rkill-11-05-2013-08-21-05.reg
  24.  
  25. Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  26.  
  27. Performing miscellaneous checks:
  28.  
  29. * Windows Defender Disabled
  30.  
  31. [HKLM\SOFTWARE\Microsoft\Windows Defender]
  32. "DisableAntiSpyware" = dword:00000001
  33.  
  34. * ALERT: ZEROACCESS rootkit symptoms found!
  35.  
  36. * C:\Users\crnllc\AppData\Local\Google\Desktop\Install\{92404683-3133-9d30-ed0f-a31c6cb544b2}\ [ZA Dir]
  37. * C:\Users\crnllc\AppData\Local\Google\Desktop\Install\{92404683-3133-9d30-ed0f-a31c6cb544b2}\❤≸⋙\ [ZA Dir]
  38. * C:\Users\crnllc\AppData\Local\Google\Desktop\Install\{92404683-3133-9d30-ed0f-a31c6cb544b2}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
  39. * C:\Users\crnllc\AppData\Local\Google\Desktop\Install\{92404683-3133-9d30-ed0f-a31c6cb544b2}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
  40. * C:\Users\crnllc\AppData\Local\Google\Desktop\Install\{92404683-3133-9d30-ed0f-a31c6cb544b2}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{92404683-3133-9d30-ed0f-a31c6cb544b2}\ [ZA Dir]
  41.  
  42. * Reparse Point/Junctions Found (These may be legitimate)!
  43.  
  44. * C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea\MpEvMsg.dll => <Unknown Target> [File]
  45. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll => <Unknown Target> [File]
  46. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe => <Unknown Target> [File]
  47. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll => <Unknown Target> [File]
  48. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll => <Unknown Target> [File]
  49. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe => <Unknown Target> [File]
  50. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll => <Unknown Target> [File]
  51. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll => <Unknown Target> [File]
  52. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpAsDesc.dll => <Unknown Target> [File]
  53. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpCmdRun.exe => <Unknown Target> [File]
  54. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpOAV.dll => <Unknown Target> [File]
  55. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpRTP.dll => <Unknown Target> [File]
  56. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MSASCui.exe => <Unknown Target> [File]
  57. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MsMpLics.dll => <Unknown Target> [File]
  58. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MsMpRes.dll => <Unknown Target> [File]
  59. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpAsDesc.dll => <Unknown Target> [File]
  60. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpCmdRun.exe => <Unknown Target> [File]
  61. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpOAV.dll => <Unknown Target> [File]
  62. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpRTP.dll => <Unknown Target> [File]
  63. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MSASCui.exe => <Unknown Target> [File]
  64. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MsMpLics.dll => <Unknown Target> [File]
  65. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MsMpRes.dll => <Unknown Target> [File]
  66. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll => <Unknown Target> [File]
  67. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe => <Unknown Target> [File]
  68. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll => <Unknown Target> [File]
  69. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll => <Unknown Target> [File]
  70. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe => <Unknown Target> [File]
  71. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpCom.dll => <Unknown Target> [File]
  72. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll => <Unknown Target> [File]
  73. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll => <Unknown Target> [File]
  74. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpAsDesc.dll => <Unknown Target> [File]
  75. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpClient.dll => <Unknown Target> [File]
  76. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCmdRun.exe => <Unknown Target> [File]
  77. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCommu.dll => <Unknown Target> [File]
  78. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpOAV.dll => <Unknown Target> [File]
  79. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpRTP.dll => <Unknown Target> [File]
  80. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll => <Unknown Target> [File]
  81. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MSASCui.exe => <Unknown Target> [File]
  82. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpCom.dll => <Unknown Target> [File]
  83. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpLics.dll => <Unknown Target> [File]
  84. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpRes.dll => <Unknown Target> [File]
  85. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpAsDesc.dll => <Unknown Target> [File]
  86. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpCmdRun.exe => <Unknown Target> [File]
  87. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpOAV.dll => <Unknown Target> [File]
  88. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpRTP.dll => <Unknown Target> [File]
  89. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe => <Unknown Target> [File]
  90. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpCom.dll => <Unknown Target> [File]
  91. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpLics.dll => <Unknown Target> [File]
  92. * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpRes.dll => <Unknown Target> [File]
  93.  
  94. Checking Windows Service Integrity:
  95.  
  96. * Windows Firewall Authorization Driver (mpsdrv) is not Running.
  97. Startup Type set to: Manual
  98.  
  99. * BFE [Missing Service]
  100. * iphlpsvc [Missing Service]
  101. * MpsSvc [Missing Service]
  102. * PcaSvc [Missing Service]
  103. * PolicyAgent [Missing Service]
  104. * RemoteAccess [Missing Service]
  105. * WinDefend [Missing Service]
  106. * wscsvc [Missing Service]
  107.  
  108. * SharedAccess [Missing ImagePath]
  109.  
  110. Searching for Missing Digital Signatures:
  111.  
  112. * No issues found.
  113.  
  114. Checking HOSTS File:
  115.  
  116. * No issues found.
  117.  
  118. Program finished at: 11/05/2013 08:21:18 AM
  119. Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!