############################## [ FindyKill V4.728 ]
# User : Nicolò Turci (Administrators) # NICOLÒ_TURCI
# Update on 13/05/09 by Chiquitine29
# Start at: 19.56.07 | 17/05/2009
# Website :
http://pagesperso-orange.fr/NosTools/findykill.html# Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090511-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Disco rigido locale # 64,71 Go (22 Go free) # FAT32
# D:\ # Disco rigido locale # 43,14 Go (27,83 Go free) [DATA] # FAT32
# F:\ # Disco CD-ROM # 3,28 Go (0 Mo free) [BF2142 DVD] # UDF
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
################## [ Infected Files \ Folders ]
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-0F8DCEDB.pf
Deleted ! "C:\Documents and Settings\Nicol• Turci\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Nicol• Turci\Dati applicazioni\drivers\downld"
Deleted ! "C:\Documents and Settings\Nicol• Turci\Dati applicazioni\drivers"
################## [ Infected Temp Files ]
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_USERS\S-1-5-21-2645385725-2444616574-1563793223-1005\Software\FFC
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
Deleted ! C:\InfoSat.txt
Deleted ! C:\Muestras
Deleted ! C:\Avenger
(!) Not deleted ! F:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Avenger\winupgro.exe
CRC32 .. : a5072f40
MD5 .... : 6d3ff212e7d316c8522a568d4dc62b03
# -> Nothing found.
################## [ Corrupted files # Re-Installation required ]
C:\WINDOWS\$hf_mig$\KB911164\update\update.exe
C:\WINDOWS\$hf_mig$\KB834707\update\update.exe
C:\WINDOWS\$hf_mig$\KB867282\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB890923\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893086\update\update.exe
C:\WINDOWS\$hf_mig$\KB883939\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899588\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB905915\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB935448\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB961373\update\update.exe
C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
C:\WINDOWS\$hf_mig$\KB961503\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\1684f71eec2031255b609f0577c85989\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\0f7ba42654f89ba0e01f4ac06a73b42d\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\sysinfo.exe
C:\WINDOWS\SoftwareDistribution\Download\05181df46cf33b138062dcbe50f4c5ac\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\26a1c20fc08790de3e6f9568479084a5\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\073953abc84db09739449d5e3cdeb8b8\update\update.exe
C:\Documents and Settings\Nicolò Turci\Desktop\avenger\avenger.exe
C:\Programmi\FarStone\VirtualDrive\LiveUpdate.exe
C:\Programmi\Alwil Software\Avast\ashAvast.exe
C:\Programmi\Alwil Software\Avast\ashServ.exe
C:\Programmi\Alwil Software\Avast\ashSimp2.exe
C:\Programmi\Alwil Software\Avast\ashSimpl.exe
C:\Programmi\Alwil Software\Avast\ashSkPcc.exe
C:\Programmi\Alwil Software\Avast\ashSkPck.exe
C:\Programmi\Alwil Software\Avast\ashUpd.exe
C:\Programmi\Alwil Software\Avast\ashWebSv.exe
C:\Programmi\Alwil Software\Avast\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast\aswRegSvr.exe
C:\Programmi\Alwil Software\Avast\copyx64.exe
C:\Programmi\Alwil Software\Avast\ashChest.exe
C:\Programmi\Alwil Software\Avast\ashDisp.exe
C:\Programmi\Alwil Software\Avast\ashLogV.exe
C:\Programmi\Alwil Software\Avast\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast\ashPopWz.exe
C:\Programmi\Alwil Software\Avast\ashQuick.exe
C:\Programmi\Alwil Software\Avast\sched.exe
C:\Programmi\Alwil Software\Avast\VisthLic.exe
C:\Programmi\Alwil Software\Avast\VisthUpd.exe
C:\Programmi\Alwil Software\Avast\ashEnhcd.exe
C:\Programmi\Mozilla Firefox\uninstall\helper.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\GRISOFT\AVG Anti-Rootkit Free\avgarkt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Sophos\Sophos Anti-Rootkit\helper.exe
C:\Programmi\Sophos\Sophos Anti-Rootkit\sarcli.exe
C:\Programmi\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Programmi\Enigma Software Group\SpyHunter\Download\update.exe
C:\Programmi\a-squared Free\a2cmd.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\a-squared Free\a2upd.exe
C:\Programmi\Spyware Terminator\update\SpywareTerminatorShield.Exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Avenger\Avenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Downloads\Software\SUPERAntiSpyware.exe
C:\Downloads\Software\HiJackThis\HijackThis.exe
C:\Downloads\avenger\avenger.exe
################################### [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! End of Report # FindyKill V4.728 ! ]