############################## | FindyKill V5.024 |
# User : Proprietario (Administrators) # CASA
# Update on 09/01/2010 by El Desaparecido
# Start at: 14.21.26 | 19/01/2010
# Website :
http://pagesperso-orange.fr/NosTools/index.html# Contact :
FindyKill.Contact@gmail.com# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Sistema Antivirus NOD32 2.70 2.70 [ Enabled | Updated ]
# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 298,08 Go (255,68 Go free) [Win: Xpi ] # NTFS
# D:\ # Disco CD-ROM # 477,29 Mo (0 Mo free) [CAST2R] # CDFS
# E:\ # Disco CD-ROM
# F:\ # Disco rimovibile
# Z:\ # Disco CD-ROM
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Pro\DTProAgent.exe
C:\Documents and Settings\Proprietario\Dati applicazioni\drivers\winupgro.exe
C:\Programmi\SpyTheSpy\SpyTheSpy.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\PROGRA~1\bin\nSvcLog.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\bin\nSvcIp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
############################## | Infected processes stopped |
"C:\Documents and Settings\Proprietario\Dati applicazioni\drivers\winupgro.exe" (1228)
################## | C: |
Found ! C:\autorun.inf
################## | C:\WINDOWS |
################## | C:\WINDOWS\Prefetch |
Found ! C:\WINDOWS\Prefetch\INSTALL_PATCH.EXE-2F37B69D.pf
################## | C:\WINDOWS\system32 |
Found ! C:\WINDOWS\system32\srosa2.sys
Found ! C:\WINDOWS\system32\wfsintwq.sys
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\Proprietario\Dati applicazioni |
Found ! C:\Documents and Settings\Proprietario\Dati applicazioni\drivers
Found ! C:\Documents and Settings\Proprietario\Dati applicazioni\drivers\downld
Found ! C:\Documents and Settings\Proprietario\Dati applicazioni\drivers\winupgro.exe
################## | Temporary Internet Files |
################## | Registry |
Found ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\ControlSet002\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet003\Services\srosa]
Found ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Found ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Found ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Found ! [HKCU\Software\bisoft]
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKU\S-1-5-21-1482476501-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKU\S-1-5-21-1482476501-602162358-839522115-1003\Software\bisoft]
Found ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Found ! [HKU\S-1-5-21-1482476501-602162358-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro]
################## | State |
# Showing of hidden files : OK
Missing key : HKLM\...\SafeBoot | Safe boot mode disabled !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | Cracks > Keygens > Serials |
"C:\Documents and Settings\Proprietario\Desktop\ColdFear\Crack\ColdFear_Retail.exe"
29/03/2005 22.35 |Size 3952640 |Crc32 cf51f41d |Md5 e662b1cec2e07a86d14cb6cded46b586
"C:\Giochi\S.T.A.L.K.E.R\CracK By CaOs-AsTrA\XR_3DA.exe"
08/09/2009 11.49 |Size 1556480 |Crc32 7768dd73 |Md5 6237fd424477ff41f47010fdfdf08ee5
"C:\Giochi\S.T.A.L.K.E.R\CracK By CaOs-AsTrA\Patch\Stalker_chernobyl-Patch_1-1.exe"
08/09/2009 11.49 |Size 8852094 |Crc32 751ec234 |Md5 182749abf4183e5ad674ca5f882eef08
"C:\Giochi\S.T.A.L.K.E.R\CracK By CaOs-AsTrA\Patch\Stalker_Multi_Patch_1-3.exe"
08/09/2009 11.49 |Size 10103600 |Crc32 abc52940 |Md5 9aeb6764bae05c09d84d00bb8afa0f5a
################## | End of Report # FindyKill V5.024 ! |