www.MegaLab.it

[nortek]

ciao ragazzi nel taskmanager trovo due voci che non so assolutamente cosa siano.

WUAUCLT.EXE
WOWEXEL.EXE
POI O FATTO UNA SCANSIONE PER PRECAUZIONE CON UN TOOLS PER RIMUOVERE COOLWEBSARCH,E,MI SONO RITROVATO UN FILE CHE NON RICORDO IL NOME IN MSCONFIG CHE SI E RIMOSSO AUTOMATICAMENTE SENZA CHE ABBIA IL TEMPO DI VEDERE CHE COSE E.
COMUNQUE HO FATTO UN RAPPORTO,QUALCUNO POTREBBE DIRMI DI COSA SI TRATTA.GRAZIE ANTICIPATAMENTE.

*** Run Keys ****

RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
RUN: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
RUN: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


**** Browser Helper Objects ****

BHO: [Yahoo! Toolbar Helper] C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: [Adobe PDF Reader Link Helper] C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [SSVHelper Class] C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll


**** IE Toolbars ****

TOOLBAR: [Yahoo! Toolbar] C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll


**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINDOWS\system32\msjava.dll
IEExt: [Ricerche] C:\WINDOWS\system32\msjava.dll
IEExt: [Organizzatore ricerche] C:\WINDOWS\system32\msjava.dll
IEExt: [Organizzatore ricerche] C:\WINDOWS\system32\msjava.dll
IEExt: [Messenger] C:\Programmi\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Local Page: C:\WINDOWS\system32\blank.htm


**** IE Context Menu (Right click) ****

IEContext: [E&sporta in Microsoft Excel] res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1056BF21-EE1A-4D61-A618-A08CCB604210}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1056BF21-EE1A-4D61-A618-A08CCB604210}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F61121A9-2F21-44AC-8630-B01F4513542A}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F61121A9-2F21-44AC-8630-B01F4513542A}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D64E43EC-1140-4EF0-937B-6C3EADBA2FEE}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D64E43EC-1140-4EF0-937B-6C3EADBA2FEE}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE2B2A82-FD36-4802-91DF-CB24232B7E72}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE2B2A82-FD36-4802-91DF-CB24232B7E72}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70603879-B9B9-4984-A3ED-82EFEA15E83F}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70603879-B9B9-4984-A3ED-82EFEA15E83F}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[Ati HotKey Poller] %SystemRoot%\System32\Ati2evxx.exe
[ATI Smart] C:\WINDOWS\system32\ati2sgag.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Crypkey License] crypserv.exe
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[kavsvc] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[MDM] "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[ose] "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SoundMAX Agent Service (default)] C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{DCF2B123-7FB9-4526-AFE1-364A00F55295}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.it/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] no
IEOPT: [AutoSearch]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [FormSuggest Passwords] no
IEOPT: [FormSuggest PW Ask] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NoWebJITSetup]
IEOPT: [UseThemes]
IEOPT: [Page_Transitions]
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Force Offscreen Composition]
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [AllowWindowReuse]
IEOPT: [SmoothScroll]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [First Home Page] http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] no

[crazy.cat]

Process File: wuauclt or wuauclt.exe
Process Name: Microsoft Windows Update
Description: Wuauclt.exe is a process managing automatic updates for Microsoft Windows. This process continuously checks for the latest updates anduses the Internet to do so. This program is important for the stable and secure running of your computer and should not be terminated.
***************
Sei sicuro del nome WOWEXEL.EXE, oppure è wowexec.exe?

Process File: wowexec or wowexec.exe
Process Name: Microsoft Windows on Windows 16bit Execution Process

Description: wowexec.exe is a part the operating system, and supports the use of 16-bit processes within Windows NT, 2000, XP and later version of Windows.This program is important for the stable and secure running of your computer and should not be terminated.

[nortek]

si hai ragione ho sbagliato io in nome è wowexec.exe .
comunque e tutto apposto o c'e qualcosa che non va?
mi devi scusare in inglese non capisco.
scusami ancora della mia ignoranza

[crazy.cat]

Per i due file è tutto a posto.

[nortek]

grazie di cuore sai dirmi niente del rapporto.

[crazy.cat]

grazie di cuore sai dirmi niente del rapporto.

Non si vede niente di pericoloso.
Quello che c'era prima e che hai eliminato non posso saperlo.

[nortek]

ok ancora grazie