############################## | FindyKill V5.006 |
# User : Claudio (Administrators) # AC4B-F6AB6A2114
# Update on 14/08/09 by Chiquitine29
# Start at: 14.57.38 | 28/08/2009
# Website :
http://pagesperso-orange.fr/NosTools/index.html# Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1351 [VPS 090826-0] 4.8.1351 [ (!) Disabled | Updated ]
# C:\ # Disco rigido locale # 34,18 Go (258,48 Mo free) # NTFS
# D:\ # Disco rigido locale # 114,86 Go (25,91 Go free) # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
d:\Programmi\Sandboxie\SbieSvc.exe
C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
################## | C:\WINDOWS\system32 |
Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
################## | C:\WINDOWS\system32\drivers |
Deleted ! C:\WINDOWS\system32\drivers\down
################## | C:\Documents and Settings\Claudio\Dati applicazioni |
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\drivers\111wfs1intwq.sys
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\drivers\11s11ro1s1a2.sys
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\drivers\winupgro.exe
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\m\data.oct
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\m\flec006.exe
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\m\list.oct
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\m\srvlist.oct
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\downloads.bak
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\downloads.txt
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\file.exe
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\flec003.exe
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\names.txt
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\server.txt
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\drivers\downld
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\drivers
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\config
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires\WDIR
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\hidires
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\m\shared
Deleted ! C:\Documents and Settings\Claudio\Dati applicazioni\m
################## | Other ... |
# Reference of comparaison Bagle MD5 :
File : C:\Documents and Settings\Claudio\Dati applicazioni\drivers\winupgro.exe
-> Crc32 : 5ff4d231 | Md5 : ad0fd710eb6a5e6724b588f9d6975325
Deleted ! "C:\DOCUME~1\Claudio\IMPOST~1\Temp\Rar$EX00.047\serial.exe"
-> Size : 856064 | Crc32 : 5ff4d231 | Md5 : ad0fd710eb6a5e6724b588f9d6975325
Deleted ! "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
-> Size : 856064 | Crc32 : 5ff4d231 | Md5 : ad0fd710eb6a5e6724b588f9d6975325
################## | Temporary Internet Files |
Deleted ! C:\DOCUME~1\Claudio\IMPOST~1\Temp\Patcher\Patcher3280\RTPatch\patch.exe
################## | Registry / Infected keys |
Deleted ! [HKCU\Software\bisoft]
Deleted ! [HKCU\Software\DateTime4]
Deleted ! [HKCU\Software\MuleAppData]
Deleted ! [HKCU\Software\Microsoft\Windows\UI] "KEY540534"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "flec003.exe"
Deleted ! [HKU\S-1-5-21-436374069-2139871995-725345543-1003\Software\FFC]
Deleted ! [HKCU\Software\Local AppWizard-Generated Applications\serial]
Deleted ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
################## | State / Service / Information |
# Safe boot mode restored restauré !
# Showing of hidden files : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
Corrupted : C:\Documents and Settings\Claudio\Desktop\98798678.exe
[Offset = 000000EC - Value = 0x0001]
Corrupted : C:\Programmi\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Value = 0x0001]
Corrupted : C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Value = 0x0001]
Corrupted : C:\Programmi\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Value = 0x0001]
Corrupted : C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Value = 0x0001]
Corrupted : C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Value = 0x0001]
Corrupted : C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
[Offset = 000000C4 - Value = 0x0001]
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Claudio\Desktop\emulatori\CCS64 V3.5 Offical\"KeyGenerator.exe""
07/07/2007 15.24 |Size 225280 |Crc32 ba0477d8 |Md5 6bf7e14db36da7a802fda748d0473ea2
################## | End of Report # FindyKill V5.006 ! |