############################## [ FindyKill V4.729 ]
# User : utente (Administrators) # PC
# Update on 19/05/09 by Chiquitine29
# Start at: 20.31.56 | 19/05/2009
# Website :
http://pagesperso-orange.fr/NosTools/findykill.html# Intel(R) Celeron(R) CPU 2.20GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 57,26 Go (9,09 Go free) # NTFS
# D:\ # Disco CD-ROM
# E:\ # Disco CD-ROM
# F:\ # Disco rigido locale # 38,29 Go (2,5 Go free) # NTFS
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Infected Files \ Folders ]
Deleted ! C:\WINDOWS\Prefetch\1047109.EXE-32D3E0B0.pf
Deleted ! C:\WINDOWS\Prefetch\1081281.EXE-15E30F77.pf
Deleted ! C:\WINDOWS\Prefetch\312546.EXE-16C0D372.pf
Deleted ! C:\WINDOWS\Prefetch\329171.EXE-07FE4999.pf
Deleted ! C:\WINDOWS\Prefetch\375750.EXE-1788EED3.pf
Deleted ! C:\WINDOWS\Prefetch\5963921.EXE-001281CF.pf
Deleted ! C:\WINDOWS\Prefetch\6384343.EXE-1E483BA8.pf
Deleted ! C:\WINDOWS\Prefetch\6398390.EXE-04DC1E9A.pf
Deleted ! C:\WINDOWS\Prefetch\661718.EXE-1F8D56A0.pf
Deleted ! C:\WINDOWS\Prefetch\666593.EXE-06E06C7B.pf
Deleted ! C:\WINDOWS\Prefetch\6834421.EXE-285BC69B.pf
Deleted ! C:\WINDOWS\Prefetch\691734.EXE-32DC98C9.pf
Deleted ! C:\WINDOWS\Prefetch\708265.EXE-32BC4F53.pf
Deleted ! C:\WINDOWS\Prefetch\717234.EXE-14C45552.pf
Deleted ! C:\WINDOWS\Prefetch\731234.EXE-32513942.pf
Deleted ! C:\WINDOWS\Prefetch\759453.EXE-304F308D.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-2554840C.pf
Deleted ! C:\WINDOWS\Prefetch\KEYGEN.EXE-125127FA.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\SALON.IRIS.7.1.4-PATCH.EXE-39B13976.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-194E3FFA.pf
Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\drivers\down
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\m\data.oct"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\m\flec006.exe"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\m\list.oct"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\drivers\downld"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\drivers"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\m\shared"
Deleted ! "C:\Documents and Settings\utente\Dati applicazioni\m"
################## [ Infected Temp Files ]
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-583907252-562591055-682003330-1003\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-583907252-562591055-682003330-1003\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
Deleted ! C:\Avenger
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\utente\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : 45e8db58
MD5 .... : b33e5fc671d9c53698a4eeaca3460e1b
Deleted ! : C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
# Taille : 847872 # MD5 : B33E5FC671D9C53698A4EEACA3460E1B
################## [ Corrupted files # Re-Installation required ]
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
################################### [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! End of Report # FindyKill V4.729 ! ]