me ne sono accorto
mi arrendo lo metto qui(ci provo
)
systemscan - ver. 2.0.20
Date: 28/03/2007
Time: 9.33.20,37
Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Include hijackthis.log
-------------Users folders -------------
Directory di C:\documents and settings
05/12/2006 19.22 <DIR> All Users
05/12/2006 13.22 <DIR> Default User
14/02/2007 21.39 <DIR> LocalService
14/02/2007 21.39 <DIR> NetworkService
25/03/2007 10.41 <DIR> utente
-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp
Directory di C:\
27/03/2007 14.04 <DIR> !KillBox
28/03/2007 04.29 <DIR> VEXPLITE
27/03/2007 12.38 <DIR> avenger
28/03/2007 09.33 <DIR> suspectfile
27/03/2007 12.38 <DIR> WINDOWS
23/03/2007 23.39 <DIR> Programmi
27/03/2007 12.36 102 ffeqgbls.txt
Directory di C:\WINDOWS
14/02/2007 21.38 <DIR> $NtUninstallKB904942$
14/02/2007 21.38 <DIR> $NtUninstallKB914440$
29/01/2007 06.57 <DIR> $NtUninstallKB915865$
14/02/2007 21.33 <DIR> $NtUninstallKB925454$(3)
28/03/2007 08.31 <DIR> Temp
22/03/2007 00.02 <DIR> ATK0100
27/03/2007 10.07 <DIR> BDOSCAN8
25/03/2007 18.09 <DIR> system32
14/02/2007 21.38 <DIR> BricoPacks
22/03/2007 00.25 <DIR> Debug
14/02/2007 21.38 <DIR> Registration
28/03/2007 09.33 <DIR> Prefetch
14/02/2007 21.38 <DIR> ie7
16/02/2007 03.17 <DIR> WinSxS
14/02/2007 21.38 <DIR> network diagnostic
22/03/2007 14.25 <DIR> Minidump
28/03/2007 04.29 40.374 ModemLog_SAMSUNG CDMA Modem #3.txt
04/02/2007 08.51 4.166 ModemLog_AC97 SoftV92 Data Fax Modem with SmartCP.txt
14/03/2007 07.01 116 NeroDigital.ini
26/03/2007 03.52 1.062 IE4 Error Log.txt
27/03/2007 08.08 250 gmer.ini
27/03/2007 07.36 528.446 gmer.dll
28/03/2007 07.45 32.276 SchedLgU.Txt
27/03/2007 09.03 9.740 setupapi.log
24/03/2007 04.32 0 Sti_Trace.log
28/03/2007 04.27 227 system.ini
28/03/2007 04.29 0 0.log
24/03/2007 12.01 216 wiadebug.log
24/03/2007 04.32 50 wiaservc.log
28/03/2007 04.27 637 win.ini
28/03/2007 04.29 1.732.351 WindowsUpdate.log
Directory di C:\WINDOWS\system32
14/02/2007 21.38 <DIR> wbem
28/03/2007 04.17 <DIR> drivers
28/03/2007 04.29 <DIR> config
27/03/2007 09.03 <DIR> CatRoot2
15/02/2007 17.53 <DIR> CatRoot
22/03/2007 00.02 <DIR> bak
22/03/2007 01.29 2.934 CONFIG.NT
27/03/2007 07.20 248.696 FNTCACHE.DAT
15/02/2007 19.01 1.476.992 LegitCheckControl.dll
07/03/2007 22.36 12.619.736 MRT.exe
25/03/2007 18.09 41.170 perfc009.dat
25/03/2007 18.09 48.988 perfc010.dat
25/03/2007 18.09 314.842 perfh009.dat
25/03/2007 18.09 348.476 perfh010.dat
25/03/2007 18.09 759.504 PerfStringBackup.INI
29/01/2007 10.58 60.416 tzchange.exe
16/02/2007 03.17 122.268 TZLog.log
15/02/2007 19.00 236.928 WgaLogon.dll
15/02/2007 19.01 337.280 WgaTray.exe
28/03/2007 04.29 2.278 wpa.dbl
Directory di C:\Programmi\File comuni
Directory di C:\WINDOWS\temp
28/03/2007 09.32 <DIR> _avast4_
28/03/2007 04.29 255 WGAErrLog.txt
28/03/2007 04.29 409 WGANotify.settings
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
[run]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
[run]
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------
[Windows]
"AppInit_DLLs"=""
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"Shell"="Explorer.exe"
"System"="kdhxf.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\!SASWinLogon]
"DllName"="C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
"Event"=dword:00000000
"EulaAccepted"=dword:00000001
[Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,44,09,ac,33,71,93,5a,42,ad,d9,ab,97,6e,57,3b,09,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d4,46,01,13,49,a2,14,e5,\
61,a9,00,ec,97,41,a5,6b,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,0e,\
c6,52,5e,73,85,e6,12,5f,ee,29,e2,5b,dc,63,1c,b0,01,00,00,d2,a4,2d,26,ec,46,\
96,72,b5,cb,18,8c,73,93,62,67,ea,fe,80,af,18,6b,06,5c,f7,fb,77,23,f8,cd,d2,\
ae,f5,e3,e9,e1,94,1f,13,45,2b,8f,56,62,1c,9e,27,fb,0a,63,b1,34,ba,68,7a,ac,\
b5,83,b5,7a,cd,84,27,ed,a2,a7,76,a7,20,3c,8c,e5,4d,ea,2a,3a,cc,0d,50,34,5e,\
22,a7,09,53,23,0a,6b,c6,3a,c9,32,ee,6d,35,02,ad,66,9d,38,5c,1d,23,1b,9b,c4,\
17,ee,92,2b,68,00,2f,49,7f,84,5c,ab,e3,f9,2b,b3,31,2d,f6,86,a3,24,72,4e,f3,\
5d,5e,9d,4c,0e,15,e4,93,29,bd,59,8e,a2,5f,8e,13,1c,e5,bd,f6,19,20,a3,61,cd,\
ee,54,2e,a6,45,fd,63,a4,4f,6d,72,66,c5,5d,4c,1b,f3,5d,58,9d,38,62,e9,09,9c,\
a1,4a,8c,93,b5,16,4a,51,80,ae,96,ea,95,20,4d,59,c9,3d,ed,b9,04,4d,cb,fa,de,\
13,68,31,93,6b,96,2f,6b,25,ca,b5,c4,9d,c7,f3,16,a5,f7,9d,a9,07,ca,40,d2,63,\
21,4e,c2,dd,47,a9,bb,d3,ec,67,fd,7a,72,8d,e4,97,e0,4a,7b,08,40,e5,3e,9f,af,\
74,a3,15,21,42,1f,eb,51,a5,54,60,31,4b,bb,fd,82,65,35,f0,70,ae,f2,9f,bf,eb,\
78,f7,34,39,9c,25,8a,bb,9e,b5,7a,61,53,47,2f,f0,57,d4,8a,c0,f1,3f,57,45,4b,\
99,7f,e7,14,60,39,fb,f5,88,fa,14,33,47,6b,3c,a1,d9,17,2b,85,2e,fa,10,a6,5b,\
c6,b9,7f,75,8b,1e,6d,a9,ac,37,41,69,0c,bc,f8,d5,b3,bc,c5,e6,38,8f,54,e9,91,\
7a,61,de,49,ba,56,f1,10,61,0a,f0,b4,c8,f2,c7,27,ae,d6,ce,6b,77,93,be,4d,99,\
b8,99,be,0a,81,21,cf,b3,54,ec,fc,82,91,57,07,9c,c0,a0,5e,aa,c3,de,ba,1b,b0,\
46,ea,c8,06,7c,32,91,8f,e7,5f,be,b5,87,24,83,84,84,54,69,87,36,2b,b8,cd,12,\
3f,14,00,00,00,87,ea,4d,1a,33,5e,f1,88,e8,e5,87,5a,2f,d7,e3,b1,2d,11,ea,d7
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp;Impostazioni locali\Dati applicazioni\Microsoft\Outlook"
"BuildNumber"=dword:00000a28